lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Jan 2021 16:39:39 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     "Luck, Tony" <tony.luck@...el.com>
Cc:     x86@...nel.org, Andrew Morton <akpm@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Darren Hart <dvhart@...radead.org>,
        Andy Lutomirski <luto@...nel.org>,
        linux-kernel@...r.kernel.org, linux-edac@...r.kernel.org,
        linux-mm@...ck.org
Subject: Re: [PATCH v3] x86/mce: Avoid infinite loop for copy from user
 recovery

On Fri, Jan 15, 2021 at 11:34:35AM -0800, Luck, Tony wrote:
> In the user mode case we should only bump mce_count to "1" and
> before task_work() gets called.

Ok, right, it should not be possible to trigger a second MCE while
queue_task_work() runs when it is a user MCE. The handler itself won't
touch the page with the hw error so our assumption is that it'll get
poisoned.

If it doesn't, I guess the memory failure code will kill the process
yadda yadda...

> It shouldn't hurt to do the same checks. Maybe it will catch something
> weird - like an NMI handler on return from the machine check doing a
> get_user() that hits another machine check during the return from this
> machine check.

Eww.

> AndyL has made me extra paranoid. :-)

Yeah, he comes up with the nuttiest scenarios. :-)

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ