lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Dec 2017 22:29:33 +0100 From: Borislav Petkov <bp@...e.de> To: Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, ricardo.neri-calderon@...ux.intel.com Cc: luto@...nel.org, adam.buchbinder@...il.com, mst@...hat.com, mhiramat@...nel.org, dave.hansen@...ux.intel.com, mingo@...nel.org, linux-kernel@...r.kernel.org, colin.king@...onical.com, jslaby@...e.cz, pbonzini@...hat.com, cmetcalf@...lanox.com, akpm@...ux-foundation.org, vbabka@...e.cz, acme@...hat.com, brgerst@...il.com, shuah@...nel.org, paul.gortmaker@...driver.com, lstoakes@...il.com, hpa@...or.com, thgarnie@...gle.com, keescook@...omium.org, adrian.hunter@...el.com, ray.huang@....com, dvyukov@...gle.com, ravi.v.shankar@...el.com, slaoub@...il.com, corbet@....net, linux-tip-commits@...r.kernel.org Subject: Re: [tip:x86/mpx] x86/insn-eval: Add utility function to get segment descriptor On Tue, Dec 05, 2017 at 07:38:45PM +0100, Peter Zijlstra wrote: > Sorry what? So either this code is broken because it has IRQs enabled, > or its broken because its trying to acquire a mutex with IRQs disabled. > Which is it? Well, lemme try to sum up what Peter, Thomas and I discussed on IRC: The problem is that there's no guarantee userspace won't change the LDT from under us while the UMIP code runs in the insn decoder. So, we need a way to be able to query the desc fields the insn decoder needs *and* when the LDT changes through the syscall, to detect that case and handle it gracefully in the decoder. So Thomas' idea is to keep a mm->context.ldt_seq sequence number which gets incremented (and wraps around) everytime a LDT changes. That sequence number, i.e., cookie, gets handed down into the decoder and it uses it during desc lookup. If the sequence number changes, the decoder and the UMIP code must abort the emulation. The lookup code needs to do that with IRQs disabled, of course, to protect itself from IPIs which could change the LDT. I *think* this is the gist of what we talked about, tglx, please correct me if I missed something. So, Ricardo, please take a look at fixing that as otherwise the UMIP code would choke and possibly rely on wrong data. If there are any questions, don't hesitate to ask. Thanks. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Powered by blists - more mailing lists