lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190725165930.yvlvmavcgqocl3nn@pburton-laptop>
Date:   Thu, 25 Jul 2019 16:59:31 +0000
From:   Paul Burton <paul.burton@...s.com>
To:     Paul Cercueil <paul@...pouillou.net>
CC:     Ralf Baechle <ralf@...ux-mips.org>,
        James Hogan <jhogan@...nel.org>,
        "linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "od@...c.me" <od@...c.me>
Subject: Re: [PATCH] MIPS: Add support for partial kernel mode on Xburst CPUs

Hi Paul,

On Wed, Jul 24, 2019 at 07:46:54PM -0400, Paul Cercueil wrote:
> Support partial kernel mode of Xburst CPUs found in Ingenic SoCs.
> Partial kernel mode means the userspace applications have access to
> the TCSM0 banks of the VPU,

So far so (reasonably) good :)

> and can execute cache instructions.

Aaaah! Scary!

Does this allow *all* cache instructions? If so that's a big security &
stability hole - if userland can invalidate kernel data or data from
other programs then it can create all sorts of chaos.

Also do you know which Ingenic SoCs this is available on? I see it
documented in the JZ4780 Programming Manual, but Config7 bit 6 is shown
as reserved in my copy of the XBurst1 CPU Core Programming Manual.

I notice the JZ4780 documentation says it allows access "including TCSM,
CACHE instructions" which is scary too since it doesn't say that's *all*
it allows access to. Though just cache instructions by themselves are
enough to be game over for any notion of security as mentioned above.

What is it you want to do with this? I'm wondering if we could achieve
your goal is in a safer way.

Thanks,
    Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ