lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+55aFwyOq4-uXrSNOrFoxfCPJZAdMGdXnUDUHi=gTy+CcYmvQ@mail.gmail.com>
Date:   Tue, 26 Dec 2017 18:54:55 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Peter Anvin <hpa@...or.com>
Cc:     Alexandru Chirvasitu <achirvasub@...il.com>,
        Andy Lutomirski <luto@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        kernel list <linux-kernel@...r.kernel.org>,
        Borislav Petkov <bp@...en8.de>,
        Brian Gerst <brgerst@...il.com>,
        Denys Vlasenko <dvlasenk@...hat.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...nel.org>
Subject: Re: PROBLEM: consolidated IDT invalidation causes kexec to reboot

On Tue, Dec 26, 2017 at 6:25 PM,  <hpa@...or.com> wrote:
>
> This is why I personally prefer to see these kinds of terminal stubs written in assembly explicitly: the C compiler simply doesn't have all the information needed to do the right thing.
>
> I'm personally very sceptical to nuking the GDT unless we're in real mode.  There seems to be no point, and just opens up failure modes.

Agreed, but I think it was originally probably done for that exact
reason: to explicitly trigger issues if somebody did something odd.

That said, this time it's actually the "load_segments()" that causes
the real problem, and the GDT and IDT invalidation shouldn't have
actually done anything at all, since we shouldn't actually be taking
faults or loading segments.

And historically that segment reset didn't matter either, because
apparently we don't do any percpu stuff either. And the stack canary
use for %gs is actually fairly recent (well, "recent" is relative: the
stack protector code goes back to 2006, but the load_segments() use
predates that.

So I think we should actually fix "load_segments()" to not load fs/gs
with __KERNEL_DS, but with __KERNEL_PERCPU and __KERNEL_STACK_CANARY
respectively.

... and yes, we should also look at the idt/gdt invalidation, but I
wonder if the paravirt code might want to trigger there for people. Do
people do kexec under paravirt?

                 Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ