| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5310B60F.30806@zytor.com> Date: Fri, 28 Feb 2014 08:15:11 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Peter Zijlstra <peterz@...radead.org> CC: Vince Weaver <vincent.weaver@...ne.edu>, Steven Rostedt <rostedt@...dmis.org>, Linux Kernel <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...hat.com> Subject: Re: perf_fuzzer compiled for x32 causes reboot On 02/28/2014 07:40 AM, Peter Zijlstra wrote: > On Fri, Feb 28, 2014 at 07:13:06AM -0800, H. Peter Anvin wrote: >> If I'm reading this right we end up going from the page fault >> tracepoint to copy_from_user_nmi() without going through NMI, and the >> cr2 corruption is obvious. I guess the assumption that only the NMI >> path needed to save cr2 is flawed? > > It was never assumed it would only go through NMI, but that it would be > NMI safe -- and as it turns out, it is that. > > What I did assume was that any other callsites would be safe, seeing how > they'd already be running in 'normal' contexts. > > I had not considered people putting tracepoints _that_ early in the > exception paths. > > Note that there's more tracepoints there than the one mentioned. > Well, I was talking about the assumption spelled out in the comment above copy_from_user_nmi() which pretty much states "cr2 is safe because cr2 is saved/restored in the NMI wrappers." -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists