lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <34ab84c5fbb849209c9d3877e89cab23@AcuMS.aculab.com>
Date:   Fri, 8 Dec 2017 16:46:51 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Andy Lutomirski' <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>
CC:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...en8.de>,
        X86 ML <x86@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Brian Gerst <brgerst@...il.com>,
        Kees Cook <keescook@...omium.org>
Subject: RE: [PATCH] LDT improvements

From: Andy Lutomirski
> Sent: 08 December 2017 16:34

> #GP on IRET is a failure, and we have disgusting code to handle it.

Is that the trap in kernel space when the on-stack segment registers
are invalid?
Definitely needs horrid code...

> #PF on IRET would not be a failure -- it's a case where IRET should be
> retried.  Our crap that fixes up #GP would get that wrong and leave us
> with the wrong GSBASE.

If the user code page isn't present then the fault happens after the
return to user mode, not on the IRET instruction in kernel mode.
So it is not really any different to returning to a NOP at the end
of a resident page when the page following is absent.
(Or any other invalid %ip value.)

SWAPGS is a PITA, should have been SAVEGS, LOAD_KERNEL_GS, and READ_SAVED_GS.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ