| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 05 Feb 2014 22:30:52 +0200 From: Ivaylo Dimitrov <ivo.g.dimitrov.75@...il.com> To: Sebastian Reichel <sre@...ian.org>, Pali Rohár <pali.rohar@...il.com> CC: Tony Lindgren <tony@...mide.com>, Linux OMAP Mailing List <linux-omap@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, freemangordon@....bg Subject: Re: Re: [PATCH] ARM: OMAP2+: Add support for thumb mode on DT booted N900 Hi, On 5.02.2014 19:17, Sebastian Reichel wrote: > Hi, > > On Wed, Feb 05, 2014 at 05:38:54PM +0100, Pali Rohár wrote: >>> I assumed, that the workaround is not needed for this device type. >> >> That rx51 secure call must not be called on non secure devices (e.g. >> qemu), because it cause kernel crash. So I thought that kernel should >> write something like secure call is disabled on that device types. >> Kernel code for errata 430973 will update ibe bit for non secure >> devices. > > Do you see any advantage in having that message? > AIUI it will appear only when booting the kernel in "qemu -m rx51...", I am not aware of any other non-secure device manifesting itself as RX51. So there is little advantage of having that additional message IMO. >>> I just added the warning for missing CONFIG_ARM_ERRATA_430973, >>> because its very likely a misconfigured kernel. >> >> Yes, it can be misconfigured kernel, but if you do not have any thumb >> binary (like stock Maemo 5 system), then it is safe and OK. > > I think running this kernel may also be a potential security > problem. If I understand it right the ARM core is left in an > unstable state when you run Thumb code, so this may result in > funny effects in the kernel? > > -- Sebastian > In theory having that workaround disabled might be a security problem, but honestly, knowing its nature I don't think it is easily exploitable, if at all. The final result when bitten by it is a SIGILL, but in userspace, not in the kernel(assuming the kernel is ARM), and userspace runs in totally different mode (nonsecure, nonprivileged) compared to the kernel(nonsecure, privileged) and IIRC every mode has its own set of stack, registers etc. BTW I don't think the kernel itself can be thumb2-compiled for cores with that errata, but I might wrong. Also, as Pali noted, the problem appears if and only if there is an userspace binary containing thumb2 code. If all of the userspace is pure ARM, there is no problem. And as the errata workaround has its drawbacks (BTB is cleared on every context switch which affects performance), one might want to not have it enabled. Maybe that warning should be spit only if CONFIG_THUMB2_KERNEL (or whatever the option was) is enabled. Though if that option is enabled I'd rather #error during compile time if errata workaround is not enabled, instead of printing a warning while booting a system that will crash in a matter of seconds. Ivo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists