lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200311172556.GJ5411@sirena.org.uk>
Date:   Wed, 11 Mar 2020 17:25:56 +0000
From:   Mark Brown <broonie@...nel.org>
To:     Catalin Marinas <catalin.marinas@....com>
Cc:     Will Deacon <will@...nel.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Paul Elliott <paul.elliott@....com>,
        Peter Zijlstra <peterz@...radead.org>,
        Yu-cheng Yu <yu-cheng.yu@...el.com>,
        Amit Kachhap <amit.kachhap@....com>,
        Vincenzo Frascino <vincenzo.frascino@....com>,
        Marc Zyngier <maz@...nel.org>,
        Eugene Syromiatnikov <esyr@...hat.com>,
        Szabolcs Nagy <szabolcs.nagy@....com>,
        "H . J . Lu " <hjl.tools@...il.com>,
        Andrew Jones <drjones@...hat.com>,
        Kees Cook <keescook@...omium.org>,
        Arnd Bergmann <arnd@...db.de>, Jann Horn <jannh@...gle.com>,
        Richard Henderson <richard.henderson@...aro.org>,
        Kristina Martšenko <kristina.martsenko@....com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Florian Weimer <fweimer@...hat.com>,
        Sudakshina Das <sudi.das@....com>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-arch@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v8 00/11] arm64: Branch Target Identification support

On Wed, Mar 11, 2020 at 04:28:58PM +0000, Catalin Marinas wrote:
> On Tue, Mar 10, 2020 at 12:42:26PM +0000, Mark Brown wrote:

> > Sorry, I realized thanks to Amit's off-list prompting that I was testing
> > that I was verifying with the wrong kernel binary here (user error since
> > it took me a while to sort out uprobes) so this isn't quite right - you
> > can probe the landing pads with or without this series.

> Can we not change aarch64_insn_is_nop() to actually return true only for
> NOP and ignore everything else in the hint space? We tend to re-use the
> hint instructions for new things in the architecture, so I'd rather
> white-list what we know we can safely probe than black-listing only some
> of the hint instructions.

That's literally the patch I am sitting on which made the difference
with the testing on the wrong binary.

> I haven't assessed the effort of doing the above (probably not a lot)
> but as a short-term workaround we could add the BTI and PAC hint
> instructions to the aarch64_insn_is_nop() (though my preferred option is
> the white-list one).

The only thing I've seen in testing with just NOPs whitelisted is an
inability to probe the PAC instructions which isn't the best user
experience, especially since the effect is that the probes get silently
ignored.  This isn't extensive userspace testing though.  Adding
whitelisting of the BTI and PAC hints would definitely be a safer as a
first step though.  I can post either version?

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ