lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a2b345a4-30a0-3218-8c8d-e84ec2317dc9@arm.com>
Date:   Tue, 7 Apr 2020 11:47:26 +0100
From:   Suzuki K Poulose <suzuki.poulose@....com>
To:     catalin.marinas@....com, fredrik@...upe.net
Cc:     linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        will.deacon@....com
Subject: Re: [PATCH] arm64: armv8_deprecated: Fix undef_hook mask for thumb
 setend

On 04/07/2020 10:27 AM, Catalin Marinas wrote:
> On Mon, Apr 06, 2020 at 04:16:05PM +0200, Fredrik Strupe wrote:
>> Use a full 32-bit mask to prevent accidental matchings of thumb32
>> instructions where the second half-word is equal to the thumb16 setend
>> encoding.
>>
>> This fixes the same problem as the following patch:
>>
>>      https://lkml.org/lkml/2020/3/16/341
> 
> This link is not guaranteed to be stable and the commit should have the
> full description rather than referring to another email.
> 
>> but for setend emulation instead.
>>
>> Signed-off-by: Fredrik Strupe <fredrik@...upe.net>
> 
> It also needs Fixes: and Cc: stable tags.
> 
>> ---
>>   arch/arm64/kernel/armv8_deprecated.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c
>> index 9d3442d62..8c06dfee0 100644
>> --- a/arch/arm64/kernel/armv8_deprecated.c
>> +++ b/arch/arm64/kernel/armv8_deprecated.c
>> @@ -609,7 +609,7 @@ static struct undef_hook setend_hooks[] = {
>>   	},
>>   	{
>>   		/* Thumb mode */
>> -		.instr_mask	= 0x0000fff7,
>> +		.instr_mask	= 0xfffffff7,
>>   		.instr_val	= 0x0000b650,
> 
> I can see how this could happen but it would be useful to provide a
> concrete example in the commit log.
> 
> The instruction opcode built by call_undef_hook() first reads a u16 as a
> T16 instruction and the above should be fine. However, if this looks
> like a T32 opcode, it reads a subsequent u16 which becomes the lowest
> half-word and the above mask/val may inadvertently match it.
> 

We also do a check on the pstate_val, along with the instr_val to
confirm the mode. So this should be fine as it is ?

Suzuki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ