lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrU2TZhxOZyCvBd1nLDiU4ceiSx_Sd2bsDUCX5arOFidBg@mail.gmail.com>
Date:	Thu, 5 Jun 2014 08:44:20 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Borislav Petkov <bp@...en8.de>
Cc:	Matt Fleming <matt.fleming@...el.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Ingo Molnar <mingo@...nel.org>,
	Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>,
	"tglx@...utronix.de" <tglx@...utronix.de>,
	"linux-tip-commits@...r.kernel.org" 
	<linux-tip-commits@...r.kernel.org>
Subject: Re: [tip:x86/efi] x86/efi: Check for unsafe dealing with FPU state in
 irq ctxt

On Thu, Jun 5, 2014 at 2:02 AM, Borislav Petkov <bp@...en8.de> wrote:
> On Thu, Jun 05, 2014 at 09:49:08AM +0100, Matt Fleming wrote:
>> On 5 June 2014 08:18, Borislav Petkov <bp@...en8.de> wrote:.
>> >
>> > How are you going to detect when to save/restore state? Do it
>> > unconditionally would probably be a no-no. Even with all that optimized
>> > XSAVE* fun.
>>
>> (I'm not talking about the crypto async code because I'm not familiar with it)
>>
>> For the EFI pstore case we'd only be using this newly allocated
>> context space if we can't do the usual FPU xsave dance. e.g. we'd be
>> adding a new feature specifically for the !irq_fpu_usable() case. Only
>> then would we do an unconditional save. It would be useful to get some
>> numbers for this but I don't think it would be too bad, especially
>> given that it's in a fatal crash handler state anyway.
>>
>> I don't think it's worth going to the trouble solely for the EFI
>> pstore code, but if it can also be used for the crypto code it might
>> be worth a look.
>
> Right, if we do this only for special, slowpath cases, then we're
> probably fine with unconditional. It would be simpler too.

Are there weird contexts from which EFI calls can happen?  It looks
like the current code isn't necessarily safe in things that aren't
normal process context but aren't interrupts either (e.g. debug traps,
#GP, etc).

I wonder if it would make sense at some point to maintain an explicit
stack of kernel entries.  There doesn't seem to be a reliable way to
answer the question of "what context am I in" from C code right now.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ