lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 17 Sep 2020 19:28:40 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Arvind Sankar <nivedita@...m.mit.edu>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/cmdline: Disable instrumentation of cmdline
 unconditionally

On Thu, Sep 17, 2020 at 12:05:48PM -0400, Arvind Sankar wrote:
> I did have a crash and this patch fixed it, but it seems it was on a
> branch where I was making changes to cmdline.c, which triggered clang to
> use a jump table for cmdline_find_option_bool(). That was the cause of
> the crash, and the reason this patch fixed it was because it enabled
> -fno-jump-tables, rather than because it disabled instrumentation.

I see.

> The instrumentation code does write data to random addresses, but
> apparently that doesn't necessarily crash the system. This patch would
> also be insufficient to fix it, since load_ucode_bsp() itself can have
> instrumentation code in it.

Yeah, it better not have any.

> Eg with GCOV_PROFILE_ALL enabled, the start of the function is:
> 
> 	c2a7706a <load_ucode_bsp>:
> 	c2a7706a:       55                      push   %ebp
> 	c2a7706b:       83 05 c0 4d ba c2 01    addl   $0x1,0xc2ba4dc0
> 	c2a77072:       83 15 c4 4d ba c2 00    adcl   $0x0,0xc2ba4dc4
> 	c2a77079:       89 e5                   mov    %esp,%ebp
> 
> but when it's called from arch/x86/kernel/head_32.S, paging is disabled
> and the code is executing out of physical addresses, so it's going to
> read/write data from garbage addresses.

Right, so I'm sceptical to all this instrumentation nonsense - it is
fine and good if you have it but not everywhere. And certainly not when
the thing is loading microcode.

microcode/core.c contains all the code, early and late so it might make
some little sense to have instrumentation there for whatever reasons,
say KASANing (yah, I made a verb :)) the thing for leaks or whatnot,
but meh, I can't find it in me to care. So at some point, if it starts
getting in the way, we might remove all instrumentation from that thing
altogether.

> Anyway, please ignore this patch and sorry for the noise.

No worries.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ