lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <A7390A91-7A02-4F5C-AFCE-375F49039361@zytor.com>
Date:	Tue, 01 Mar 2016 16:53:53 -0800
From:	"H. Peter Anvin" <hpa@...or.com>
To:	Dave Hansen <dave.hansen@...ux.intel.com>,
	Yu-cheng Yu <yu-cheng.yu@...el.com>
CC:	x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
	Andy Lutomirski <luto@...nel.org>,
	Borislav Petkov <bp@...e.de>,
	Sai Praneeth Prakhya <sai.praneeth.prakhya@...el.com>,
	"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
	Fenghua Yu <fenghua.yu@...el.com>
Subject: Re: [PATCH v3 9/9] x86/xsaves: Re-enable XSAVES

On March 1, 2016 4:45:41 PM PST, Dave Hansen <dave.hansen@...ux.intel.com> wrote:
>On 03/01/2016 04:34 PM, Yu-cheng Yu wrote:
>> On Tue, Mar 01, 2016 at 03:56:12PM -0800, Dave Hansen wrote:
>>> On 02/29/2016 09:42 AM, Yu-cheng Yu wrote:
>>>> -	setup_clear_cpu_cap(X86_FEATURE_XSAVES);
>>>> +	if (!config_enabled(CONFIG_X86_64))
>>>> +		setup_clear_cpu_cap(X86_FEATURE_XSAVES);
>>>>  }
>>>
>>> I think we need a much better explanation of this for posterity. 
>Why
>>> are we not supporting this now, and what would someone have to do in
>the
>>> future in order to enable it?
>>>
>> If anyone is using this newer feature, then that user is most likely
>using
>> a 64-bit capable processor and a 64-bit kernel. The intention here is
>to
>> take out the complexity and any potential of error. If the user
>removes 
>> the restriction and builds a private kernel, it should work but we
>have
>> not checked all possible combinations. I will put these in the
>comments.
>
>A user can go download a 32-bit version of Ubuntu or Debian and install
>it on a 64-bit processor today.  It's a very easy mistake to make when
>downloading the install CD.
>
>In any case, I don't have a _problem_ with leaving i386 in the dust
>here.  I just want us to be very explicit about what we are doing.
>
>>>> +	/*
>>>> +	 * Make it clear that XSAVES supervisor states are not yet
>>>> +	 * implemented should anyone expect it to work by changing
>>>> +	 * bits in XFEATURE_MASK_* macros and XCR0.
>>>> +	 */
>>>> +	WARN_ONCE((xfeatures_mask & XFEATURE_MASK_SUPERVISOR),
>>>> +		"x86/fpu: XSAVES supervisor states are not yet implemented.\n");
>>>> +
>>>>  	cr4_set_bits(X86_CR4_OSXSAVE);
>>>>  	xsetbv(XCR_XFEATURE_ENABLED_MASK, xfeatures_mask);
>>>>  }
>>>
>>> Let's also do a:
>>>
>>> 	xfeatures_mask &= ~XFEATURE_MASK_SUPERVISOR;
>>>
>>> Otherwise, we have a broken system at the moment.
>>>
>> Currently, if anyone sets any supervisor state in xfeatures_mask, the
>> kernel prints out the warning then goes into a protection fault.
>> That is a very strong indication to the user. Do we want to mute it? 
>
>By "goes into a protection fault", do you mean that it doesn't boot?
>
>I'd just rather we put the kernel in a known-safe configuration
>(masking
>supervisor state out of xfeatures_mask) rather than rely on the general
>protection fault continuing to be generated by whatever is generating
>it.

Differences between i386 and x86-64 generally add problems, so unless this requires significant 32-bit-specific code we should not exclude i386 just because.
-- 
Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ