lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 6 Aug 2015 10:27:46 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Peter Anvin <hpa@...or.com>, Denys Vlasenko <dvlasenk@...hat.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	linux-kernel@...r.kernel.org, Andy Lutomirski <luto@...nel.org>,
	bp@...en8.de, Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	fenghua.yu@...el.com, x86@...nel.org, dave.hansen@...ux.intel.com,
	Dave Hansen <dave@...1.net>
Subject: Re: [PATCH] x86, fpu: correct XSAVE xstate size calculation


* Linus Torvalds <torvalds@...ux-foundation.org> wrote:

> On Aug 6, 2015 10:15 AM, "Ingo Molnar" <mingo@...nel.org> wrote:
> >
> > What sense does it make to have a blob we don't know the exact layout of? How 
> > will debuggers or user-space in general be able to print (and change) the 
> > register values if they don't know the layout?
> 
> The usage model is that you only use this for saving and restoring state.
> 
> If you look at the state, you restore the state and then you look at the 
> registers. You never look at the blob itself.

So we are relying on the saved structure already in a couple of cases, such as MPX 
exception handling:

        /*
         * We need to look at BNDSTATUS to resolve this exception.
         * A NULL here might mean that it is in its 'init state',
         * which is all zeros which indicates MPX was not
         * responsible for the exception.
         */
        bndcsr = get_xsave_field_ptr(XSTATE_BNDCSR);
        if (!bndcsr)
                goto exit_trap;

        trace_bounds_exception_mpx(bndcsr);

get_xsave_field_ptr() very much knows about the structure.

Currently the hardware enumerates to us the following details (simplified, omitted 
legacies):

   offset0, size0
   offset1, size1
   offset2, size2
   ...
   offsetN, sizeN

but the alignment of the final boundary of the xsave area is not given.

So as long as the limitation is that the final pair: offsetN + sizeN might not 
extend to the true end of the save area due to the end of the XSAVE area being 
extended to natural cache line boundary (or more) - I'm fine with that, it's not 
important to being able to read it, and it's OK for the CPU to have padding areas 
it doesn't write to but might need to read from.

But if the claim is that we don't know and shouldn't know about the structure of 
these blobs, I think that's generally a bad idea, even if in the normal case we 
don't touch the blobs and just pass them through to user-space.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ