| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150307103240.GA9378@gmail.com>
Date: Sat, 7 Mar 2015 11:32:40 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Oleg Nesterov <oleg@...hat.com>,
Dave Hansen <dave.hansen@...el.com>,
Borislav Petkov <bp@...e.de>,
Andy Lutomirski <luto@...capital.net>,
Pekka Riikonen <priikone@....fi>,
Rik van Riel <riel@...hat.com>,
Suresh Siddha <sbsiddha@...il.com>,
LKML <linux-kernel@...r.kernel.org>,
"Yu, Fenghua" <fenghua.yu@...el.com>,
Quentin Casasnovas <quentin.casasnovas@...cle.com>
Subject: Re: [PATCH 1/1] x86/fpu: math_state_restore() should not blindly
disable irqs
* Linus Torvalds <torvalds@...ux-foundation.org> wrote:
> On Thu, Mar 5, 2015 at 11:58 PM, Ingo Molnar <mingo@...nel.org> wrote:
> >
> > math_state_restore() was historically called with irqs disabled,
> > because that's how the hardware generates the trap, and also because
> > back in the days it was possible for it to be an asynchronous
> > interrupt and interrupt handlers run with irqs off.
> >
> > These days it's always an instruction trap, and furthermore it does
> > inevitably complex things such as memory allocation and signal
> > processing, which is not done with irqs disabled.
> >
> > So keep irqs enabled.
>
> I agree with the "keep irqs enabled".
>
> However, I do *not* agree with the actual patch, which doesn't do that at all.
> > @@ -844,8 +844,9 @@ void math_state_restore(void)
> > {
> > struct task_struct *tsk = current;
> >
> > + local_irq_enable();
> > +
>
> There's a big difference between "keep interrupts enabled" (ok) and
> "explicitly enable interrupts in random contexts" (*NOT* ok).
Agreed, so I thought that we already kind of did that:
if (!tsk_used_math(tsk)) {
local_irq_enable();
But yeah, my patch brought that to a whole new level by always doing
it, without starting with adding a warning first.
>
> So get rid of the "local_irq_enable()" entirely, and replace it with a
>
> WARN_ON_ONCE(irqs_disabled());
Yeah, agreed absolutely - sorry about scaring (or annoying) you with a
Signed-off-by patch, that was silly from me.
> and let's just fix the cases where this actually gets called with
> interrupts off. [...]
Yes. I was a bit blinded by the 'easy to backport' aspect, so I
concentrated on that, but it's more important to not break stuff.
> @@ -959,7 +949,7 @@ void __init trap_init(void)
> set_system_intr_gate(X86_TRAP_OF, &overflow);
> set_intr_gate(X86_TRAP_BR, bounds);
> set_intr_gate(X86_TRAP_UD, invalid_op);
> - set_intr_gate(X86_TRAP_NM, device_not_available);
> + set_trap_gate(X86_TRAP_NM, device_not_available);
So I wasn't this brave.
Historically modern x86 entry code ran with irqs off, because that's
what the hardware gave us on most entry types. I'm not 100% sure we
are ready to allow preemption of sensitive entry code on
CONFIG_PREEMPT=y kernels. But we could try.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists