| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <24b7ab61-69e6-192e-5bb7-2ef5cdaa28c3@suse.com>
Date: Wed, 26 Apr 2017 06:45:42 +0200
From: Juergen Gross <jgross@...e.com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, xen-devel@...ts.xenproject.org,
x86@...nel.org, boris.ostrovsky@...cle.com, hpa@...or.com,
tglx@...utronix.de, mingo@...hat.com
Subject: Re: [PATCH] x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS if forced to
zero
On 25/04/17 21:18, Borislav Petkov wrote:
> On Tue, Apr 25, 2017 at 08:34:34PM +0200, Juergen Gross wrote:
>> And what happens when there is a scheduling event right here?
>> __switch_to() will see X86_BUG_SYSRET_SS_ATTRS set and take a wrong
>> path.
>
> So the whole thing we're doing right now is wrong: set bit and then
> clear bit.
Right. And this is handled by my patch.
The really clean solution would be to add this test to set_cpu_bug()
et al. Don't set/clear the bit if anyone selected to force a value.
The force variants would be capable to overwrite, the normal variants
wouldn't. This would require a lot of research to avoid pitfalls with
today's handling, though. OTOH one could remove all the calls to
apply_forced_caps().
>
> We should not set the bit at all and there won't be any window to get it
> wrong.
>
> So can we do something like this instead:
>
> if (!cpu_has(c, X86_FEATURE_XENPV))
> set_cpu_bug(c, X86_BUG_SYSRET_SS_ATTRS);
>
> or is XENPV the wrong thing to test?
This would work. OTOH I'd prefer to test whether the bit should be
forced to remain zero than use the knowledge _who_ is trying to force
it.
Juergen
Powered by blists - more mailing lists