lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1907260005190.1791@nanos.tec.linutronix.de>
Date:   Fri, 26 Jul 2019 00:11:22 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Peter Zijlstra <peterz@...radead.org>
cc:     Andy Lutomirski <luto@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
        Borislav Petkov <bp@...en8.de>
Subject: Re: [PATCH] x86/hw_breakpoint: Prevent data breakpoints on
 cpu_entry_area

On Thu, 25 Jul 2019, Peter Zijlstra wrote:

> On Thu, Jul 25, 2019 at 09:37:15AM -0700, Andy Lutomirski wrote:
> > A data breakpoint near the top of an IST stack will cause unresoverable

unresoverable?

> > recursion.  A data breakpoint on the GDT, IDT, or TSS is terrifying.
> > Prevent either of these from happening.
> > 
> > Co-developed-by: Peter Zijlstra <peterz@...radead.org>

Co-developed-by want's a Signed-off-by of the co-developer

> > Signed-off-by: Andy Lutomirski <luto@...nel.org>
> > diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
> > index 218c8917118e..dc4581fe4b4e 100644
> > --- a/arch/x86/kernel/hw_breakpoint.c
> > +++ b/arch/x86/kernel/hw_breakpoint.c
> > @@ -231,6 +231,23 @@ static int arch_build_bp_info(struct perf_event *bp,
> >  			      const struct perf_event_attr *attr,
> >  			      struct arch_hw_breakpoint *hw)
> >  {
> > +	unsigned long bp_end;
> > +
> > +	/* Ensure that bp_end does not oveflow. */

oveflow?

> > +	if (attr->bp_len >= ULONG_MAX - attr->bp_addr)
> > +		return -EINVAL;
> > +
> > +	bp_end = attr->bp_addr + attr->bp_len - 1;
> 
> The alternative (and possibly more conventional) overflow test would be:
> 
> 	if (bp_end < attr->bp_addr)
> 		return -EINVAL;

Yes please.

> > +
> > +	/*
> > +	 * Prevent any breakpoint of any type that overlaps the
> > +	 * cpu_entry_area.  This protects the IST stacks and also
> > +	 * reduces the chance that we ever find out what happens if

I surely hope that the chance is reduced to 0 ...

I know this is all an annoyance brought to us by hardware and I surely
enjoy the hidden sarcasm but please make this information as technically
accurate as possible. Put the rant into an extra line of the comment :)

> > +	 * there's a data breakpoint on the GDT, IDT, or TSS.
> > +	 */
> > +	if (within_cpu_entry_area(attr->bp_addr, bp_end))
> > +		return -EINVAL;

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ