lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171011201630.q4jmp7roupqz32hy@pd.tnic>
Date:   Wed, 11 Oct 2017 22:16:30 +0200
From:   Borislav Petkov <bp@...e.de>
To:     Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>
Cc:     Ingo Molnar <mingo@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Brian Gerst <brgerst@...il.com>,
        Chris Metcalf <cmetcalf@...lanox.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Huang Rui <ray.huang@....com>, Jiri Slaby <jslaby@...e.cz>,
        Jonathan Corbet <corbet@....net>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        Paul Gortmaker <paul.gortmaker@...driver.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Chen Yucong <slaoub@...il.com>,
        "Ravi V. Shankar" <ravi.v.shankar@...el.com>,
        Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org,
        x86@...nel.org, Adam Buchbinder <adam.buchbinder@...il.com>,
        Colin Ian King <colin.king@...onical.com>,
        Lorenzo Stoakes <lstoakes@...il.com>,
        Qiaowei Ren <qiaowei.ren@...el.com>,
        Arnaldo Carvalho de Melo <acme@...hat.com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        Kees Cook <keescook@...omium.org>,
        Thomas Garnier <thgarnie@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>
Subject: Re: [PATCH v9 15/29] x86/insn-eval: Add utility functions to get
 segment descriptor base address and limit

On Wed, Oct 11, 2017 at 12:57:01PM -0700, Ricardo Neri wrote:
> This is meant to be an error case. In long mode, only INAT_SEG_REG_IGNORE/FS/GS
> are valid. All other indices are invalid.
> 
> Perhaps we could return -EINVAL instead?

So, my question is, when are you ever going to have that case? What
constellation of events would ever hit this else branch for long mode?
Because it looks impossible to me. What I can imagine only is something
like this:

                else if (seg_reg != INAT_SEG_REG_IGNORE)
			WARN_ONCE(1, "This should never happen!\n");

assertion.

But you don't really need that - you can simply ignore seg_reg in that
case:

        if (user_64bit_mode(regs)) {
                /*
                 * Only FS or GS will have a base address, the rest of
                 * the segments' bases are forced to 0.
                 */
                unsigned long base;

                if (seg_reg == INAT_SEG_REG_FS)
                        rdmsrl(MSR_FS_BASE, base);
                else if (seg_reg == INAT_SEG_REG_GS)
                        /*
                         * swapgs was called at the kernel entry point. Thus,
                         * MSR_KERNEL_GS_BASE will have the user-space GS base.
                         */
                        rdmsrl(MSR_KERNEL_GS_BASE, base);
                else
                        base = 0;

                return base;
        }

Or am I missing something?

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ