lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 May 2020 13:48:20 +0800 From: Lai Jiangshan <jiangshanlai+lkml@...il.com> To: Andy Lutomirski <luto@...nel.org> Cc: Lai Jiangshan <laijs@...ux.alibaba.com>, LKML <linux-kernel@...r.kernel.org>, Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, X86 ML <x86@...nel.org>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, Alexandre Chartre <alexandre.chartre@...cle.com>, Steven Rostedt <rostedt@...dmis.org>, Masami Hiramatsu <mhiramat@...nel.org> Subject: Re: [RFC PATCH V2 4/7] x86/hw_breakpoint: Prevent data breakpoints on user_pcid_flush_mask On Tue, May 26, 2020 at 12:39 PM Andy Lutomirski <luto@...nel.org> wrote: > > On Mon, May 25, 2020 at 9:31 PM Lai Jiangshan > <jiangshanlai+lkml@...il.com> wrote: > > > > On Tue, May 26, 2020 at 12:21 PM Andy Lutomirski <luto@...nel.org> wrote: > > > > > > On Mon, May 25, 2020 at 6:42 PM Lai Jiangshan <laijs@...ux.alibaba.com> wrote: > > > > > > > > The percpu user_pcid_flush_mask is used for CPU entry > > > > If a data breakpoint on it, it will cause an unwanted #DB. > > > > Protect the full cpu_tlbstate structure to be sure. > > > > > > > > There are some other percpu data used in CPU entry, but they are > > > > either in already-protected cpu_tss_rw or are safe to trigger #DB > > > > (espfix_waddr, espfix_stack). > > > > > > How hard would it be to rework this to have DECLARE_PERCPU_NODEBUG() > > > and DEFINE_PERCPU_NODEBUG() or similar? > > > > > > I don't know, but it is an excellent idea. Although the patchset > > protects only 2 or 3 portions of percpu data, but there is many > > percpu data used in tracing or kprobe code. They are needed to be > > protected too. > > > > Adds CC: > > Steven Rostedt <rostedt@...dmis.org> > > Masami Hiramatsu <mhiramat@...nel.org> > > PeterZ is moving things in the direction of more aggressively > disabling hardware breakpoints in the nasty paths where we won't > survive a hardware breakpoint. Does the tracing code have portions > that won't survive a limited amount of recursion? Agree, after "aggressively disabling hardware breakpoints in the nasty paths", only percpu data used by entry code needs to be protected, even non-instrumentable percpu data used by nmi_enter() doesn't need to be marked protected, because #DB is disabled. Only percpu data used by entry code in ranges that #DB is not disabled needs to be protected, there are only a small number of portions, I don't think we need DECLARE_PERCPU_NODEBUG() or so for merely 2 or 3 portions of data. This patchset is sufficient. (espfix_waddr, espfix_stack are not counted into, which needs more review besides me) > > I'm hoping that we can keep the number of no-breakpoint-here percpu > variables low. Maybe we could recruit objtool to help make sure we > got all of them, but that would be a much larger project. > > Would we currently survive a breakpoint on the thread stack? I don't > see any extremely obvious reason that we wouldn't. Blocking such a > breakpoint would be annoying.
Powered by blists - more mailing lists