lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <8678ABA7-1195-468D-8252-94D7ED0794B6@zytor.com> Date: Tue, 26 Dec 2017 19:00:43 -0800 From: hpa@...or.com To: Linus Torvalds <torvalds@...ux-foundation.org> CC: Alexandru Chirvasitu <achirvasub@...il.com>, Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, kernel list <linux-kernel@...r.kernel.org>, Borislav Petkov <bp@...en8.de>, Brian Gerst <brgerst@...il.com>, Denys Vlasenko <dvlasenk@...hat.com>, Josh Poimboeuf <jpoimboe@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Steven Rostedt <rostedt@...dmis.org>, Ingo Molnar <mingo@...nel.org> Subject: Re: PROBLEM: consolidated IDT invalidation causes kexec to reboot On December 26, 2017 6:54:55 PM PST, Linus Torvalds <torvalds@...ux-foundation.org> wrote: >On Tue, Dec 26, 2017 at 6:25 PM, <hpa@...or.com> wrote: >> >> This is why I personally prefer to see these kinds of terminal stubs >written in assembly explicitly: the C compiler simply doesn't have all >the information needed to do the right thing. >> >> I'm personally very sceptical to nuking the GDT unless we're in real >mode. There seems to be no point, and just opens up failure modes. > >Agreed, but I think it was originally probably done for that exact >reason: to explicitly trigger issues if somebody did something odd. > >That said, this time it's actually the "load_segments()" that causes >the real problem, and the GDT and IDT invalidation shouldn't have >actually done anything at all, since we shouldn't actually be taking >faults or loading segments. > >And historically that segment reset didn't matter either, because >apparently we don't do any percpu stuff either. And the stack canary >use for %gs is actually fairly recent (well, "recent" is relative: the >stack protector code goes back to 2006, but the load_segments() use >predates that. > >So I think we should actually fix "load_segments()" to not load fs/gs >with __KERNEL_DS, but with __KERNEL_PERCPU and __KERNEL_STACK_CANARY >respectively. > >... and yes, we should also look at the idt/gdt invalidation, but I >wonder if the paravirt code might want to trigger there for people. Do >people do kexec under paravirt? > > Linus It's not paravirt, but also broken HVM hypervisors, sadly. Some versions of Xen HVM would shite itself if the memory that the GDT or IDT pointers were in was overwritten, and these functions seem to put them on the stack. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Powered by blists - more mailing lists