| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191011142157.GC33537@lakrids.cambridge.arm.com>
Date: Fri, 11 Oct 2019 15:21:58 +0100
From: Mark Rutland <mark.rutland@....com>
To: Dave Martin <Dave.Martin@....com>
Cc: linux-kernel@...r.kernel.org, Andrew Jones <drjones@...hat.com>,
Arnd Bergmann <arnd@...db.de>,
Catalin Marinas <catalin.marinas@....com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Florian Weimer <fweimer@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
Kees Cook <keescook@...omium.org>,
Kristina Martšenko <kristina.martsenko@....com>,
Mark Brown <broonie@...nel.org>,
Paul Elliott <paul.elliott@....com>,
Peter Zijlstra <peterz@...radead.org>,
Richard Henderson <richard.henderson@...aro.org>,
Sudakshina Das <sudi.das@....com>,
Szabolcs Nagy <szabolcs.nagy@....com>,
Thomas Gleixner <tglx@...utronix.de>,
Will Deacon <will.deacon@....com>,
Yu-cheng Yu <yu-cheng.yu@...el.com>,
Amit Kachhap <amit.kachhap@....com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
linux-arch@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2 11/12] arm64: BTI: Reset BTYPE when skipping emulated
instructions
On Thu, Oct 10, 2019 at 07:44:39PM +0100, Dave Martin wrote:
> Since normal execution of any non-branch instruction resets the
> PSTATE BTYPE field to 0, so do the same thing when emulating a
> trapped instruction.
>
> Branches don't trap directly, so we should never need to assign a
> non-zero value to BTYPE here.
>
> Signed-off-by: Dave Martin <Dave.Martin@....com>
> ---
> arch/arm64/kernel/traps.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
> index 3af2768..4d8ce50 100644
> --- a/arch/arm64/kernel/traps.c
> +++ b/arch/arm64/kernel/traps.c
> @@ -331,6 +331,8 @@ void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size)
>
> if (regs->pstate & PSR_MODE32_BIT)
> advance_itstate(regs);
> + else
> + regs->pstate &= ~(u64)PSR_BTYPE_MASK;
This looks good to me, with one nit below.
We don't (currently) need the u64 cast here, and it's inconsistent with
what we do elsewhere. If the upper 32-bit of pstate get allocated, we'll
need to fix up all the other masking we do:
[mark@...rids:~/src/linux]% git grep 'pstate &= ~'
arch/arm64/kernel/armv8_deprecated.c: regs->pstate &= ~PSR_AA32_E_BIT;
arch/arm64/kernel/cpufeature.c: regs->pstate &= ~PSR_SSBS_BIT;
arch/arm64/kernel/debug-monitors.c: regs->pstate &= ~DBG_SPSR_SS;
arch/arm64/kernel/insn.c: pstate &= ~(pstate >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
arch/arm64/kernel/insn.c: pstate &= ~(pstate >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
arch/arm64/kernel/probes/kprobes.c: regs->pstate &= ~PSR_D_BIT;
arch/arm64/kernel/probes/kprobes.c: regs->pstate &= ~DAIF_MASK;
arch/arm64/kernel/ptrace.c: regs->pstate &= ~SPSR_EL1_AARCH32_RES0_BITS;
arch/arm64/kernel/ptrace.c: regs->pstate &= ~PSR_AA32_E_BIT;
arch/arm64/kernel/ptrace.c: regs->pstate &= ~SPSR_EL1_AARCH64_RES0_BITS;
arch/arm64/kernel/ptrace.c: regs->pstate &= ~DBG_SPSR_SS;
arch/arm64/kernel/ssbd.c: task_pt_regs(task)->pstate &= ~val;
arch/arm64/kernel/traps.c: regs->pstate &= ~PSR_AA32_IT_MASK;
... and at that point I'd suggest we should just ensure the bit
definitions are all defined as unsigned long in the first place since
adding casts to each use is error-prone.
Thanks,
Mark.
Powered by blists - more mailing lists