lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b4629042-21c7-2b38-4c3f-44f9be469cca@linuxfoundation.org>
Date:   Tue, 2 Jun 2020 14:25:56 -0600
From:   Shuah Khan <skhan@...uxfoundation.org>
To:     Andy Lutomirski <luto@...capital.net>
Cc:     Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...en8.de>,
        Shuah Khan <shuah@...nel.org>,
        Petteri Aimonen <jpa@....mail.kapsi.fi>,
        Dave Hansen <dave.hansen@...el.com>,
        "H. Peter Anvin" <hpa@...or.com>, x86-ml <x86@...nel.org>,
        lkml <linux-kernel@...r.kernel.org>, skhan@...uxfoundation.org
Subject: Re: [PATCH] arch/x86: reset MXCSR to default in kernel_fpu_begin()

On 6/2/20 1:50 PM, Andy Lutomirski wrote:
> 
> 
>> On Jun 2, 2020, at 10:27 AM, Shuah Khan <skhan@...uxfoundation.org> wrote:
>>
>> On 6/2/20 11:03 AM, Andy Lutomirski wrote:
>>>> On Tue, Jun 2, 2020 at 3:56 AM Borislav Petkov <bp@...en8.de> wrote:
>>>>
>>>> Hi,
>>>>
>>>> On Tue, Jun 02, 2020 at 01:29:51PM +0300, Petteri Aimonen wrote:
>>>>> The kernel module is not actually x86-specific, even though it is
>>>>> currently only enabled for x86. amdgpu driver already does kernel mode
>>>>> floating point operations on PPC64 also, and the same module could be
>>>>> used to test the same thing there.
>>>>
>>>> Then make it generic please and put the user portion in, say,
>>>> tools/testing/selftests/fpu/ and we can ask ppc people to test it too.
>>>> People might wanna add more stuff to it in the future, which would be
>>>> good.
>>>>
>>>>> To deterministically trigger the bug, the syscall has to come from the
>>>>> same thread that has modified MXCSR. Going through /usr/sbin/modprobe
>>>>> won't work, and manually doing the necessary syscalls for module loading
>>>>> seems too complicated.
>>>>
>>>> Ok, fair enough. But put that file in debugfs pls.
>>> I think I agree.  While it would be delightful to have general
>>> selftest tooling for kernel modules, we don't have that right now, and
>>> having the test just work with an appropriately configured kernel
>>> would be nice.
>>
>> Let's extend it to do what we want it to do. I will happy to take
>> patches. If you have some concrete ideas on what we can add, please
>> do a short summary of what is missing. I will find a way to get this
>> done.
>>
>>> How about putting the file you frob in
>>> /sys/kernel/debug/selftest_helpers/something_or_other.  The idea would
>>> be that /sys/kernel/debug/selftest_helpers would be a general place
>>> for kernel helpers needed to make selftests work.
>>
>> Is this a workaround for the lack of selftest tooling for kernel
>> modules? In which case, let's us focus on fix selftest tooling.
> 
> The goal here is to have a selftest that runs kernel code as part of its operation. That is, the selftest is, logically, starting in userspace:
> 
> setup_evil_state();

Is it correct to assume the stuff checked differs from test to test
and done in user-space.

> ret = call_kernel_helper();

> check_some_other_stuff();

Is it correct to assume the stuff checked differs from test to test
and done in user-space.

> undo_evil_state();

Is it correct to assume undoing evil differs from test to test
and done in user-space, provide it can be done from userspace.

> 
> And the call_kernel_helper() could be moderately specific to the test.
> 
The overall plan sounds good to me. I am all for adding support to
selftests so we can keep extending it.

thanks,
-- Shuah

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ