| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Aug 2015 21:18:54 +0200
From: Willy Tarreau <w@....eu>
To: Andy Lutomirski <luto@...capital.net>
Cc: Andy Lutomirski <luto@...nel.org>,
Kees Cook <keescook@...omium.org>,
Steven Rostedt <rostedt@...dmis.org>,
"security@...nel.org" <security@...nel.org>,
X86 ML <x86@...nel.org>, Borislav Petkov <bp@...en8.de>,
Sasha Levin <sasha.levin@...cle.com>,
LKML <linux-kernel@...r.kernel.org>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
Jan Beulich <jbeulich@...e.com>,
xen-devel <xen-devel@...ts.xen.org>
Subject: Re: [PATCH 2/2] x86/ldt: allow to disable modify_ldt at runtime
On Mon, Aug 03, 2015 at 12:06:12PM -0700, Andy Lutomirski wrote:
> On Mon, Aug 3, 2015 at 12:01 PM, Willy Tarreau <w@....eu> wrote:
(...)
> > I feel like it's probably part of a larger project then. Do you think
> > we should step back and only support 0/1 for now ? I also have the
> > patch available.
>
> Sounds good to me.
OK I'll send the other one instead once I unpack my PC.
> > Well the good thing is that SYSRET reused the LOADALL opcode so at
> > least this one cannot be screwed on 64-bit :-) It would have helped us
> > to emulate IRET though.
>
> You sure? I'm reasonably confident that Athlon 64 and newer support
> SYSRET in legacy and long mode. Of course, I think that SYSCALL is
> totally worthless in legacy mode (SYSCALL_MASK isn't available, so I
> suspect that the lack of sensible TF handling would be a
> show-stopper).
I meant loadall cannot be screwed since it was replaced.
> >> P.P.S. You know what would be *way* better than allowing IRET to
> >> fault? Just allow IRET to continue executing the next instruction on
> >> failure (I'm talking about #GP, #NP, and #SS here, not page faults).
> >>
> >> P.P.P.S. Who thought that IRET faults unmasking NMIs made any sense
> >> whatsoever when NMIs run on an IST stack? Seriously, people?
> >
> > A dedicated flag "don't clear NMI yet" would have been nice in EFLAGS
> > so that the software stack could set it in fault handlers. It would be
> > one-shot and always cleared by IRET. That would have been very handy.
> >
>
> How about a dedicated "NMI masked" flag in EFLAGS? That would be
> straightforward and dead simple to handle.
Sounds like an oxymoron. But such a flag should be atomically manipulated
so that you don't re-arm queued NMIs before calling iret. With two flags,
a read-only one for "NMI masked" and a modifiable one "keep NMI masked",
you can provide an atomic behaviour where you have this latch executed
on iret :
NMI_MASKED &= KEEP_NMI_MASKED;
KEEP_NMI_MASKED = 0;
But anyway we're discussing in the void, this CPU doesn't exist so unless
intel/AMD designers want to improve their design (and start by talking
together to reach the exact same behavior), we'll never see anything like
this :-/
Willy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists