lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Sep 2013 22:21:26 +0200 From: Bart Kuivenhoven <bemk@...hat.com> To: Matt Fleming <matt@...sole-pimps.org> Cc: matt.fleming@...el.com, hpa@...or.com, tglx@...utronix.de, mingo@...hat.com, x86@...nel.org, linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org, jcm@...hat.com, msalter@...hat.com Subject: Re: [PATCH] x86 efi: bugfix interrupt disabling sequence On Fri, 2013-09-20 at 16:28 +0100, Matt Fleming wrote: > On Wed, 18 Sep, at 07:28:53PM, Bart Kuivenhoven wrote: > > The problem in efi_main was that the idt was cleared before the > > interrupts were disabled. > > > > The UEFI spec states that interrupts aren't used so this shouldn't be > > too much of a problem. Peripherals however don't necessarily know about > > this and thus might cause interrupts to happen anyway. Even if > > ExitBootServices() has been called. > > > > This means there is a risk of an interrupt being triggered while the IDT > > register is nullified and the interrupt bit hasn't been cleared, > > allowing for a triple fault. > > Just to be clear, you haven't witnessed a triple fault, correct? > > > This patch fixes this by clearing the interrupt bit before the lidt > > instruction. > > I think we can go even further than this and get rid of all of the IDT > code in the EFI boot stub. The kernel maintains its own IDT anyway. > Well, isn't it so, that the kernel expects a setup in which interrupts are disabled before the decompressed image is loaded? What we can do is remove the lidt instruction and IDT pointer, but that still doesn't change anything with regards to the kernels expectations. And no, I haven't witnessed a triple fault, this is purely theoretical, with a very slim chance of it actually happening. That does not mean that it can't happen though. -- Kind regards/Met vriendelijke groet, Bart Kuivenhoven. Intern Fedora ARM, Red Hat. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists