| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Apr 2015 14:37:33 +0930 From: Rusty Russell <rusty@...tcorp.com.au> To: Andy Lutomirski <luto@...nel.org>, Andrew Cooper <andrew.cooper3@...rix.com>, Xen-devel <xen-devel@...ts.xen.org> Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org, linux-kernel@...r.kernel.org, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, David Vrabel <david.vrabel@...rix.com>, lguest@...ts.ozlabs.org, X86 ML <x86@...nel.org>, Denys Vlasenko <vda.linux@...glemail.com> Subject: Re: [PATCH] [RFC] x86/cpu: Fix SMAP check in PVOPS environments Andy Lutomirski <luto@...nel.org> writes: > On 04/20/2015 10:09 AM, Andrew Cooper wrote: >> There appears to be no formal statement of what pv_irq_ops.save_fl() is >> supposed to return precisely. Native returns the full flags, while lguest and >> Xen only return the Interrupt Flag, and both have comments by the >> implementations stating that only the Interrupt Flag is looked at. This may >> have been true when initially implemented, but no longer is. >> >> To make matters worse, the Xen PVOP leaves the upper bits undefined, making >> the BUG_ON() undefined behaviour. Experimentally, this now trips for 32bit PV >> guests on Broadwell hardware. The BUG_ON() is consistent for an individual >> build, but not consistent for all builds. It has also been a sitting timebomb >> since SMAP support was introduced. >> >> Use native_save_fl() instead, which will obtain an accurate view of the AC >> flag. That should work for lguest. Indeed, it does (in practice those bits are 0). Tested-by: Rusty Russell <rusty@...tcorp.com.au> (lguest) Thanks, Rusty. >> Signed-off-by: Andrew Cooper <andrew.cooper3@...rix.com> >> CC: Thomas Gleixner <tglx@...utronix.de> >> CC: Ingo Molnar <mingo@...hat.com> >> CC: H. Peter Anvin <hpa@...or.com> >> CC: x86@...nel.org >> CC: linux-kernel@...r.kernel.org >> CC: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com> >> CC: Boris Ostrovsky <boris.ostrovsky@...cle.com> >> CC: David Vrabel <david.vrabel@...rix.com> >> CC: xen-devel <xen-devel@...ts.xen.org> >> CC: Rusty Russell <rusty@...tcorp.com.au> >> CC: lguest@...ts.ozlabs.org >> >> --- >> This patch is RFC because I am not certain that native_save_fl() is >> necessarily the correct solution on lguest, but it does seem that setup_smap() >> wants to check the actual AC bit, rather than an idealised value. >> >> A different approach, given the dual nature of the AC flag now is to gate >> setup_smap() on a kernel rpl of 0. SMAP necessarily can't be used in a >> paravirtual situation where the kernel runs in cpl > 0. >> >> Another different approach would be to formally state that >> pv_irq_ops.save_fl() needs to return all the flags, which would make >> local_irq_save() safe to use in this circumstance, but that makes a hotpath >> longer for the sake of a single boot time check. > > ...which reminds me: > > Why does native_restore_fl restore anything other than IF? A branch and > sti should be considerably faster than popf. > > Also, if we did this, could Xen use PVI and then use native_restore_fl > and avoid lots of pvops? > > --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists