| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Apr 2020 00:08:50 -0400
From: Sasha Levin <sashal@...nel.org>
To: Andy Lutomirski <luto@...capital.net>
Cc: Andi Kleen <ak@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Andy Lutomirski <luto@...nel.org>,
"Bae, Chang Seok" <chang.seok.bae@...el.com>,
"Metzger, Markus T" <markus.t.metzger@...el.com>,
"hpa@...or.com" <hpa@...or.com>, "bp@...en8.de" <bp@...en8.de>,
"Hansen, Dave" <dave.hansen@...el.com>,
"Luck, Tony" <tony.luck@...el.com>,
Pedro Alves <palves@...hat.com>,
Simon Marchi <simark@...ark.ca>,
"Shankar, Ravi V" <ravi.v.shankar@...el.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v9 00/17] Enable FSGSBASE instructions
On Wed, Apr 22, 2020 at 04:00:16PM -0700, Andy Lutomirski wrote:
>On Tue, Apr 21, 2020 at 1:51 PM Sasha Levin <sashal@...nel.org> wrote:
>>
>> On Tue, Apr 21, 2020 at 01:21:39PM -0700, Andy Lutomirski wrote:
>> >
>> >
>> >> On Apr 21, 2020, at 12:56 PM, Andi Kleen <ak@...ux.intel.com> wrote:
>> >>
>> >>
>> >>>
>> >>> Andi's point is that there is no known user it breaks, and the Intel
>> >>> folks did some digging into potential users who might be affected by
>> >>> this, including 'rr' brought up by Andy, and concluded that there won't
>> >>> be breakage as a result of this patchset:
>> >>>
>> >>> https://mail.mozilla.org/pipermail/rr-dev/2018-March/000616.html
>> >>>
>> >>> Sure, if you poke at it you could see a behavior change, but is there
>> >>> an actual user that will be affected by it? I suspect not.
>> >>
>> >> Actually we don't know of any behavior changes caused by the kernel
>> >> with selectors.
>> >>
>> >> The application can change itself of course, but only if it uses the
>> >> new instructions, which no current application does.
>> >
>> >If you use ptrace to change the gs selector, the behavior is different on a patched kernel.
>> >
>> >Again, I’m not saying that the change is problematic. But I will say that the fact that anyone involved in this series keeps ignoring this fact makes me quite uncomfortable with the patch set.
>>
>> That's what I referred to with "poke at it". While the behavior may be
>> different, I fail to find anyone who cares.
>>
>> >>
>> >> [This was different in the original patch kit long ago which could
>> >> change behavior on context switch for programs with out of sync selectors,
>> >> but this has been long fixed]
>> >
>> >That’s the issue I was referring to.
>> >
>> >>
>> >> A debugger can also change behavior, but we're not aware of any case
>> >> that it would break.
>> >
>> >How hard did you look?
>>
>> Come on, how does one respond to this?
>>
>> Is there a real use case affected by this? If so, point it out and I'll
>> be happy to go test it. This was already done (per your previous
>> request) for gdb and rr.
>>
>
>gdb and rr are certainly a good start. If patches show up, I'll take a look.
I'm sorry, but what patches are we talking about?
I just went to gdb to check again that I'm not crazy, and the scenario
you were worried about seems to work just fine:
134 asm volatile ("mov %%gs:(%%rcx), %%rax" : : "c" (offset) : "rax");
(gdb) p printme()
Hi!
$1 = void
(gdb)
Again, please point me to a specific user we break.
--
Thanks,
Sasha
Powered by blists - more mailing lists