lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 24 Nov 2017 19:29:05 -0800
From:   Nadav Amit <namit@...are.com>
To:     <linux-kernel@...r.kernel.org>, <linux-edac@...r.kernel.org>
CC:     <nadav.amit@...il.com>, Nadav Amit <namit@...are.com>,
        Andy Lutomirski <luto@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, <x86@...nel.org>,
        Tony Luck <tony.luck@...el.com>,
        Borislav Petkov <bp@...en8.de>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>
Subject: [PATCH v2 0/2] x86: disable IRQs during CR4 changes

CR4 needs to be updated atomically with its shadow value, as CR4 updates are
performed in read-modify-write fashion which are based on the shadow value. If
CR4 is changed between the read and the write, CR4 might not be updated
correctly.

For this to happen, CR4 needs to be rewritten by an interrupt handler.
[Presumably, writes to CR4 take place while preemption is disabled, although
due to the experience with CR3 - who knows.] CR4.PGD can be updated by an
interrupt handler, but it is restored to its previous value, so it should not
introduce a race. However, it seems that allowing CR4 updates without disabling
IRQs may present a potential future bug.

Cc: Andy Lutomirski <luto@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: "H. Peter Anvin" <hpa@...or.com>
Cc: x86@...nel.org
Cc: Tony Luck <tony.luck@...el.com>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: "Radim Krčmář" <rkrcmar@...hat.com>

v1 -> v2:
  - Break into two patches (Andy)
  - Rename refactored function to __cr4_set() (Andy) 

Nadav Amit (2):
  x86: refactor CR4 setting and shadow write
  x86: disable IRQs before changing CR4

 arch/x86/include/asm/mmu_context.h   |  4 ++--
 arch/x86/include/asm/tlbflush.h      | 40 +++++++++++++++++++++---------------
 arch/x86/include/asm/virtext.h       |  2 +-
 arch/x86/kernel/cpu/common.c         | 38 +++++++++++++++++++++++++---------
 arch/x86/kernel/cpu/mcheck/mce.c     |  5 ++++-
 arch/x86/kernel/cpu/mcheck/p5.c      |  6 +++++-
 arch/x86/kernel/cpu/mcheck/winchip.c |  5 ++++-
 arch/x86/kernel/fpu/init.c           |  2 +-
 arch/x86/kernel/fpu/xstate.c         |  4 ++--
 arch/x86/kernel/process.c            | 20 +++++++++++++-----
 arch/x86/kernel/reboot.c             |  2 +-
 arch/x86/kvm/vmx.c                   | 13 ++++++++++--
 arch/x86/mm/init.c                   |  6 +++++-
 13 files changed, 102 insertions(+), 45 deletions(-)

-- 
2.14.1

Powered by blists - more mailing lists