lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 18 Jun 2020 23:18:23 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Andy Lutomirski <luto@...capital.net>
Cc:     Andy Lutomirski <luto@...nel.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Marco Elver <elver@...gle.com>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        Mark Rutland <Mark.Rutland@....com>,
        Matthew Helsley <mhelsley@...are.com>,
        Steven Rostedt <rostedt@...dmis.org>, jthierry@...hat.com,
        Miroslav Benes <mbenes@...e.cz>
Subject: Re: [PATCH 1/7] x86/entry: Fix #UD vs WARN more

On Thu, Jun 18, 2020 at 12:29:50PM -0700, Andy Lutomirski wrote:
> 
> > On Jun 18, 2020, at 12:02 PM, Peter Zijlstra <peterz@...radead.org> wrote:
> > 
> > On Thu, Jun 18, 2020 at 11:36:53AM -0700, Andy Lutomirski wrote:
> > 
> >> I wasn't imagining going far down the rabbit hole at all -- I think
> >> that, at most, we should cover the path for when the fault wasn't a
> >> BUG/WARN in the first place.  I admit that, for #UD in particular,
> >> this isn't a big deal, but if it were a different vector, this could
> >> matter.
> > 
> > Right, so there's 3 cases for ud2:
> > 
> > - WARN;  ud2,  bug_entry, recovers
> > - BUG;   ud2,  bug_entry, dies
> > - UBSAN; ud2, !bug_entry, dies
> 
> 4. The #UD matches an extable entry. I don’t know whether this ever happens for real.

#UD yes, ud2 instruction, not so much.

> The failure is still a bit farfetched: we’d need an extable to hit in
> an inconsistent state where we blow up due to a lack of entry
> handling.

Right, by noinstr checking the instruction is actually ud2 I think we
mostly good. There really aren't that many places that emit ud2.

> But I think you might need some IRQ fiddling. With your patch, a WARN
> with IRQs on will execute the printk code with IRQs off without
> lockstep handling, and an appropriately configured debugging kernel
> may get a recursive splat.  Or if irq tracing somehow notices that
> IRQs got turned off, the warning recovery might return back to an IF=1
> context with IRQs traced as off.
> 
> So maybe also do an untraced cond_local_irq_enable()?  After all, if
> we’re trying to report a bug from IRQs on, it should be okay to have
> IRQs on while reporting it. It might even work better than having IRQs
> off.

Yes, very good point. Now I want to go look at the old code... I'll frob
something tomorrow, brain is pretty fried by now.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ