| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Feb 2019 14:51:00 +0100 (CET)
From: Thomas Gleixner <tglx@...utronix.de>
To: Peter Zijlstra <peterz@...radead.org>
cc: Fenghua Yu <fenghua.yu@...el.com>,
Dave Hansen <dave.hansen@...el.com>,
Borislav Petkov <bp@...en8.de>, Ingo Molnar <mingo@...hat.com>,
H Peter Anvin <hpa@...or.com>,
Ashok Raj <ashok.raj@...el.com>,
Michael Chan <michael.chan@...adcom.com>,
Ravi V Shankar <ravi.v.shankar@...el.com>,
Ricardo Neri <ricardo.neri@...el.com>,
linux-kernel <linux-kernel@...r.kernel.org>, x86 <x86@...nel.org>
Subject: Re: [PATCH v3 08/10] x86/setcpuid: Add kernel option setcpuid
On Tue, 12 Feb 2019, Peter Zijlstra wrote:
> On Mon, Feb 11, 2019 at 11:16:43AM -0800, Fenghua Yu wrote:
> > 4. The feature can be disabled by kernel option
> > "clearcpuid=split_lock_detection" during early boot time.
>
> IFF clearcpuid lives, it should also employ CPUID faulting and clear it
> for userspace too.
We have it already, and aside of clearcpuid there are enough things which
the kernel disables in the kernel view of CPUID, but user space still can
see them. That's inconsistent, so we really should use CPUID faulting when
its available.
That won't solve the problem of user space ignoring CPUID alltogether and
just probing crap, but you can't prevent that at all.
For that we'd need a CPUID mask facility in the hardware, which would
default to 0xFFFFFFFFFF and the kernel could clear bits in the mask to turn
of both the CPUID bit _AND_ the connected functionality. IOW, if you mask a
bit and user space probes the functionality brute force, it'll #GP and we
can just kill it.
Thanks,
tglx
Powered by blists - more mailing lists