| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Jun 2020 14:25:56 -0600
From: Shuah Khan <skhan@...uxfoundation.org>
To: Andy Lutomirski <luto@...capital.net>
Cc: Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...en8.de>,
Shuah Khan <shuah@...nel.org>,
Petteri Aimonen <jpa@....mail.kapsi.fi>,
Dave Hansen <dave.hansen@...el.com>,
"H. Peter Anvin" <hpa@...or.com>, x86-ml <x86@...nel.org>,
lkml <linux-kernel@...r.kernel.org>, skhan@...uxfoundation.org
Subject: Re: [PATCH] arch/x86: reset MXCSR to default in kernel_fpu_begin()
On 6/2/20 1:50 PM, Andy Lutomirski wrote:
>
>
>> On Jun 2, 2020, at 10:27 AM, Shuah Khan <skhan@...uxfoundation.org> wrote:
>>
>> On 6/2/20 11:03 AM, Andy Lutomirski wrote:
>>>> On Tue, Jun 2, 2020 at 3:56 AM Borislav Petkov <bp@...en8.de> wrote:
>>>>
>>>> Hi,
>>>>
>>>> On Tue, Jun 02, 2020 at 01:29:51PM +0300, Petteri Aimonen wrote:
>>>>> The kernel module is not actually x86-specific, even though it is
>>>>> currently only enabled for x86. amdgpu driver already does kernel mode
>>>>> floating point operations on PPC64 also, and the same module could be
>>>>> used to test the same thing there.
>>>>
>>>> Then make it generic please and put the user portion in, say,
>>>> tools/testing/selftests/fpu/ and we can ask ppc people to test it too.
>>>> People might wanna add more stuff to it in the future, which would be
>>>> good.
>>>>
>>>>> To deterministically trigger the bug, the syscall has to come from the
>>>>> same thread that has modified MXCSR. Going through /usr/sbin/modprobe
>>>>> won't work, and manually doing the necessary syscalls for module loading
>>>>> seems too complicated.
>>>>
>>>> Ok, fair enough. But put that file in debugfs pls.
>>> I think I agree. While it would be delightful to have general
>>> selftest tooling for kernel modules, we don't have that right now, and
>>> having the test just work with an appropriately configured kernel
>>> would be nice.
>>
>> Let's extend it to do what we want it to do. I will happy to take
>> patches. If you have some concrete ideas on what we can add, please
>> do a short summary of what is missing. I will find a way to get this
>> done.
>>
>>> How about putting the file you frob in
>>> /sys/kernel/debug/selftest_helpers/something_or_other. The idea would
>>> be that /sys/kernel/debug/selftest_helpers would be a general place
>>> for kernel helpers needed to make selftests work.
>>
>> Is this a workaround for the lack of selftest tooling for kernel
>> modules? In which case, let's us focus on fix selftest tooling.
>
> The goal here is to have a selftest that runs kernel code as part of its operation. That is, the selftest is, logically, starting in userspace:
>
> setup_evil_state();
Is it correct to assume the stuff checked differs from test to test
and done in user-space.
> ret = call_kernel_helper();
> check_some_other_stuff();
Is it correct to assume the stuff checked differs from test to test
and done in user-space.
> undo_evil_state();
Is it correct to assume undoing evil differs from test to test
and done in user-space, provide it can be done from userspace.
>
> And the call_kernel_helper() could be moderately specific to the test.
>
The overall plan sounds good to me. I am all for adding support to
selftests so we can keep extending it.
thanks,
-- Shuah
Powered by blists - more mailing lists