lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150328083533.GA1183@gmail.com>
Date:	Sat, 28 Mar 2015 09:35:33 +0100
From:	Ingo Molnar <mingo@...nel.org>
To:	Andy Lutomirski <luto@...nel.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Denys Vlasenko <dvlasenk@...hat.com>,
	Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
	X86 ML <x86@...nel.org>, hpa@...or.com, stable@...r.kernel.org
Subject: Re: [RFC] x86, ia32entry: Use sysretl to return from sysenter


* Andy Lutomirski <luto@...nel.org> wrote:

> Sysexit is scary on 64-bit kernels -- sysexit must be invoked with
> usergs and IRQs on.  That means that we rely on sti to correctly
> mask interrupts for one instruction.  This is okay by itself, but
> the semantics with respect to NMIs are unclear.

At least judging by profiling output I think NMIs observe the STI 
window of one instruction non-execution as well. (But I'm not 100% 
sure.)

> Avoid the whole issue by using sysretl instead.  For background,
> Intel CPUs don't allow syscall from compat mode, but they do allow
> sysret back to compat mode.  Go figure.
> 
> Oddly this seems to be 30 cycles or so faster.  Avoiding popfq and
> sti will account for under half of that, I think, so my best guess
> is that Intel just optimizes sysret much better than sysexit.
> 
> Cc: stable@...r.kernel.org

I like it, but no way is this automatic -stable material ... if proven 
upstream we can forward it as a fix for SYSEXIT fragility, but not 
automatically, IMHO.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ