lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrVqK9MxwN4+EPtmbSnWbsxe--7AA2GGaVgN2R0d21nEJQ@mail.gmail.com>
Date:	Fri, 10 Apr 2015 13:52:57 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Andi Kleen <ak@...ux.intel.com>
Cc:	Andi Kleen <andi@...stfloor.org>, X86 ML <x86@...nel.org>,
	Andrew Lutomirski <luto@...nel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Borislav Petkov <bp@...en8.de>
Subject: Re: [PATCH 7/8] x86: Add documentation for rd/wr fs/gs base

On Fri, Apr 10, 2015 at 1:46 PM, Andi Kleen <ak@...ux.intel.com> wrote:
>> If user code programs fs != 0 and fsbase != whatever is implied by fs
>> and the GDT/LDT, what happens?
>
> We load the value from the LDT/GDT.
>
>> There's already a minor buglet in that
>> area without wrfsbase, but fixing it would be a big performance hit
>> because we don't have rdfsbase and rdgsbase to read the state
>> efficiently.  (Specifically, if we have gs == 0, gsbase == 0, but
>> *saved* gsbase != 0, then we corrupt gsbase on context switch.)
>>
>> But, with the new instructions, we can do it simply, efficiently, and
>> correctly in all cases.  Let's do so.
>
> We would need an instruction to write the index without changing the base.
> That's not what the new instructions do.

I think it's as simple as:

if (has fancy new feature) {
  prev->fsindex = [read fs];
  prev->fsbase = rdfsbase();
  prev->gsindex = [read gs];
  prev->gsbase = [read gsbase];

  load_fs(next->fsindex);
  wrfsbase(next->fsbase);
  write_gs_base_and_index(next->gsindex, next->gsbase);
} else {
  do the old mess;
}

Hmm.  This may need a bit of thought wrt ptrace.  We also need to
consider what happens in the event that the selector load fails.
Presumably we fall back to base == 0.

(Note: no matter what we do here, we at least need to think about
ptrace.  I would argue that poking a nonzero value into fs or gs from
ptrace should zero the saved base register, even on old hardware.
Presumably changing from nonzero to zero should also zero it.)

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ