| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Aug 2018 20:46:35 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Rik van Riel <riel@...riel.com>
Cc: Andy Lutomirski <luto@...nel.org>, X86 ML <x86@...nel.org>,
Borislav Petkov <bp@...en8.de>, Jann Horn <jannh@...gle.com>,
LKML <linux-kernel@...r.kernel.org>,
stable <stable@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Nadav Amit <nadav.amit@...il.com>
Subject: Re: [PATCH v2] x86/nmi: Fix some races in NMI uaccess
On Tue, Aug 28, 2018 at 10:56 AM, Rik van Riel <riel@...riel.com> wrote:
> On Mon, 27 Aug 2018 16:04:16 -0700
> Andy Lutomirski <luto@...nel.org> wrote:
>
>> The 0day bot is still chewing on this, but I've tested it a bit locally
>> and it seems to do the right thing.
>
> Hi Andy,
>
> the version of the patch below should fix the bug we talked about
> in email yesterday. It should automatically cover kernel threads
> in lazy TLB mode, because current->mm will be NULL, while the
> cpu_tlbstate.loaded_mm should never be NULL.
>
That's better than mine. I tweaked it a bit and added some debugging,
and I got this:
https://git.kernel.org/pub/scm/linux/kernel/git/luto/linux.git/commit/?h=x86/fixes&id=dd956eba16646fd0b15c3c0741269dfd84452dac
I made the loaded_mm handling a little more conservative to make it
more obvious that switch_mm_irqs_off() is safe regardless of exactly
when it gets called relative to switching current.
Powered by blists - more mailing lists