| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180117204154.GA2935@Asurada-Nvidia>
Date: Wed, 17 Jan 2018 12:41:56 -0800
From: Nicolin Chen <nicoleotsuka@...il.com>
To: Marc Zyngier <marc.zyngier@....com>
Cc: mark.rutland@....com, catalin.marinas@....com, will.deacon@....com,
oleg@...hat.com, cdall@...aro.org, tbaicar@...eaurora.org,
julien.thierry@....com, Dave.Martin@....com, robin.murphy@....com,
james.morse@....com, ard.biesheuvel@...aro.org,
xiexiuqi@...wei.com, mingo@...nel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC v1] arm64: Handle traps from accessing CNTVCT/CNTFRQ
for CONFIG_COMPAT
On Wed, Jan 17, 2018 at 09:03:48AM +0000, Marc Zyngier wrote:
> > So ignoring a condition for a Thumb instruction may cause its IT
> > scope shifting. For ARM mode, the only penalty could be two Rts
> > getting written -- which shouldn't corrupt userspace execution.
> >
> > Please correct me if I am wrong or not thorough.
>
> Consider the following:
>
> mov r0, #0
> mov r1, #0
> cmp r1, #3
> mrrceq r0, r1, cntvct // simplified version
>
> Oh look, you've corrupted r0 and r1, which should never have be changed.
> Whatever uses the content r0 and r1 after the mrrc will misbehave. How
> is that an acceptable behaviour? How do you expect userspace to cope
> with such a brain damage?
>
> If you intend to emulate the CPU, you must emulate it fully, to the
> letter of the architecture. No ifs, no buts.
Thanks for the explain. I see the point here.
I saw your version for arm64 compat doesn't check if (rt != 31)
as MRS handler does. Is there any reason for that?
Thank you
Nicolin
Powered by blists - more mailing lists