lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 29 Nov 2017 13:57:30 -0800
From:   Andy Lutomirski <luto@...nel.org>
To:     Andy Lutomirski <luto@...nel.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Jarkko Nikula <jarkko.nikula@...ux.intel.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <a.p.zijlstra@...llo.nl>,
        Borislav Petkov <bp@...en8.de>
Subject: Re: [PATCH] x86/entry/64: Fix native_load_gs_index() SWAPGS handling
 with IRQ state tracing enabled

On Wed, Nov 29, 2017 at 1:41 PM, Andy Lutomirski <luto@...nel.org> wrote:
> On Wed, Nov 29, 2017 at 1:25 PM, Andy Lutomirski <luto@...capital.net> wrote:
>>
>>
>>> On Nov 29, 2017, at 12:58 PM, Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>>>
>>>> On Wed, Nov 29, 2017 at 10:12 AM, Andy Lutomirski <luto@...nel.org> wrote:
>>>>
>>>> Jarkko, can you try the attached patch?  If it survives resume, can
>>>> you see if the log contains anything interesting?
>>>
>>> I'm not Jarkko, but I'm not a huge fan of that patch.
>>>
>>> If this was the cause of the problem (and it looks likely), wouldn't
>>> it be nicer to instead make sure that __restore_processor_state() is
>>> made to use only low-level code and easy to verify?
>>>
>>> That function is already marked "notrace" because it is so fragile,
>>> and it does the segment register reloads manually with inline asms.
>>
>> I completely agree, and I think it might be better to move more of that crap to asm.  Also, it looks quite buggy -- it restores segment registers before it loads the LDT, so they had better not be user registers.
>
> It does indeed restore user state.  And it very well may need to work
> on Xen PV, too.  Blech.

I took another look.  This function is severely busted.  Bugs include:

- 32-bit fails to save and restore %ds.  I have no idea why.

 - 64-bit has inlined restores of segment regs.  This is busted
because it's missing exception handling.  Admittedly, there shouldn't
be exceptions these days since we try pretty hard to keep segments in
sync.

 - GSBASE is restored way too late.

 - Segments are restored before the LDT is restored.  *Boom* if we
write to /sys/power/state from a program compiled with a sufficiently
ancient libc.

 - Because we aren't sensible enough to do all this from a kernel
thread, we probably fail to correctly handle nasty things like
blockstep.

I'll make a patch to fix a few of these bugs.

Powered by blists - more mailing lists