lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 31 Oct 2017 23:48:53 +0000
From:   James Hogan <james.hogan@...s.com>
To:     Corey Minyard <cminyard@...sta.com>
CC:     Matt Redfearn <matt.redfearn@...s.com>,
        Ralf Baechle <ralf@...ux-mips.org>,
        Matthew Fortune <matthew.fortune@...s.com>,
        <linux-mips@...ux-mips.org>, <linux-kernel@...r.kernel.org>,
        "Jason A. Donenfeld" <jason@...c4.com>,
        Paul Burton <paul.burton@...tec.com>
Subject: Re: [PATCH] MIPS: Fix exception entry when CONFIG_EVA enabled

On Wed, Oct 11, 2017 at 08:12:31AM -0500, Corey Minyard wrote:
> On 10/11/2017 03:59 AM, Matt Redfearn wrote:
> > Commit 9fef68686317b ("MIPS: Make SAVE_SOME more standard") made several
> > changes to the order in which registers are saved in the SAVE_SOME
> > macro, used by exception handlers to save the processor state. In
> > particular, it removed the
> > move   k1, sp
> > in the delay slot of the branch testing if the processor is already in
> > kernel mode. This is replaced later in the macro by a
> > move   k0, sp
> > When CONFIG_EVA is disabled, this instruction actually appears in the
> > delay slot of the branch. However, when CONFIG_EVA is enabled, instead
> > the RPS workaround of
> > MFC0	k0, CP0_ENTRYHI
> > appears in the delay slot. This results in k0 not containing the stack
> > pointer, but some unrelated value, which is then saved to the kernel
> > stack. On exit from the exception, this bogus value is restored to the
> > stack pointer, resulting in an OOPS.
> >
> > Fix this by moving the save of SP in k0 explicitly in the delay slot of
> > the branch, outside of the CONFIG_EVA section, restoring the expected
> > instruction ordering when CONFIG_EVA is active.
> >
> > Fixes: 9fef68686317b ("MIPS: Make SAVE_SOME more standard")
> > Signed-off-by: Matt Redfearn <matt.redfearn@...s.com>
> > Reported-by: Vladimir Kondratiev <vladimir.kondratiev@...el.com>
> 
> I looked this over pretty carefully and it looks correct to me.  It 
> makes no difference
> in the instructions generated by the non-EVA case.  I shouldn't have 
> missed this :(.
> 
> Reviewed-by: Corey Minyard <cminyard@...sta.com>

Yeh, having stared at it for a little while it looks correct to me too.

Reviewed-by: James Hogan <jhogan@...nel.org>

Cheers
James

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ