lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200828121226.GC13881@8bytes.org>
Date:   Fri, 28 Aug 2020 14:12:26 +0200
From:   Joerg Roedel <joro@...tes.org>
To:     Arvind Sankar <nivedita@...m.mit.edu>
Cc:     x86@...nel.org, Joerg Roedel <jroedel@...e.de>, hpa@...or.com,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Jiri Slaby <jslaby@...e.cz>,
        Dan Williams <dan.j.williams@...el.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Juergen Gross <jgross@...e.com>,
        Kees Cook <keescook@...omium.org>,
        David Rientjes <rientjes@...gle.com>,
        Cfir Cohen <cfir@...gle.com>,
        Erdem Aktas <erdemaktas@...gle.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Mike Stunes <mstunes@...are.com>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Martin Radev <martin.b.radev@...il.com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH v6 13/76] x86/boot/compressed/64: Add IDT Infrastructure

Hi Arvind,

On Thu, Aug 27, 2020 at 11:26:57AM -0400, Arvind Sankar wrote:
> On Mon, Aug 24, 2020 at 10:54:08AM +0200, Joerg Roedel wrote:
> > +	pushq	%rsi
> > +	call	load_stage1_idt
> > +	popq	%rsi
> > +
> 
> Do we need the functions later in the series or could this just use lidt
> directly?

The function also sets up the actual IDT entries in the table before
doing the lidt, so this needs to be a call to a C function. Setting up
IDT entries in assembly does not result in readable code.

> Is there any risk of exceptions getting triggered during the move of the
> compressed kernel, before the stage2 reload?

No, that would be a bug in either the UEFI BIOS or in the boot code.
When the kernel image is moved to the end of the decompression buffer it
still runs on the EFI page-table.

With the changes in this patch-set there will be page-faults when the
kernel is actually decompressed. But that happens after the stage2-idt
is loaded.

> > +SYM_DATA_START(boot_idt_desc)
> > +	.word	boot_idt_end - boot_idt
> 
> I think this should be boot_idt_end - boot_idt - 1, right?
>   The limit value is expressed in bytes and is added to the base address
>   to get the address of the last valid byte. A limit value of 0 results
>   in exactly 1 valid byte. Because IDT entries are always eight bytes
>   long, the limit should always be one less than an integral multiple of
>   eight (that is, 8N – 1).

You are right, I will fix that, thanks.

Regards,

	Joerg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ