| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jan 2021 11:36:31 -0800
From: "Yu, Yu-cheng" <yu-cheng.yu@...el.com>
To: Borislav Petkov <bp@...en8.de>
Cc: x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org,
linux-arch@...r.kernel.org, linux-api@...r.kernel.org,
Arnd Bergmann <arnd@...db.de>,
Andy Lutomirski <luto@...nel.org>,
Balbir Singh <bsingharora@...il.com>,
Cyrill Gorcunov <gorcunov@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Florian Weimer <fweimer@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
Dave Martin <Dave.Martin@....com>,
Weijiang Yang <weijiang.yang@...el.com>,
Pengfei Xu <pengfei.xu@...el.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
Subject: Re: [PATCH v17 06/26] x86/cet: Add control-protection fault handler
On 1/19/2021 4:04 AM, Borislav Petkov wrote:
> On Tue, Dec 29, 2020 at 01:30:33PM -0800, Yu-cheng Yu wrote:
[...]
>> +DEFINE_IDTENTRY_ERRORCODE(exc_control_protection)
>> +{
>> + struct task_struct *tsk;
>> +
>> + if (!user_mode(regs)) {
>> + if (notify_die(DIE_TRAP, "control protection fault", regs,
>> + error_code, X86_TRAP_CP, SIGSEGV) == NOTIFY_STOP)
>> + return;
>> + die("Upexpected/unsupported kernel control protection fault", regs, error_code);
>
> Isn't the machine supposed to panic() here and do no further progress?
Ok, make it panic().
>> + }
>> +
>> + cond_local_irq_enable(regs);
>> +
>> + if (!boot_cpu_has(X86_FEATURE_CET))
>> + WARN_ONCE(1, "Control protection fault with CET support disabled\n");
>> +
>> + tsk = current;
>> + tsk->thread.error_code = error_code;
>> + tsk->thread.trap_nr = X86_TRAP_CP;
>> +
>> + if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) &&
>> + printk_ratelimit()) {
>
> WARNING: Prefer printk_ratelimited or pr_<level>_ratelimited to printk_ratelimit
> #136: FILE: arch/x86/kernel/traps.c:645:
> + printk_ratelimit()) {
>
> Still not using checkpatch?
Most places in arch/x86 still use printk_ratelimit(). I should have
trusted checkpatch. I will fix it.
>> + unsigned int max_err;
>> + unsigned long ssp;
>> +
>> + max_err = ARRAY_SIZE(control_protection_err) - 1;
>> + if ((error_code < 0) || (error_code > max_err))
>> + error_code = 0;
>> +
>> + rdmsrl(MSR_IA32_PL3_SSP, ssp);
>> + pr_info("%s[%d] control protection ip:%lx sp:%lx ssp:%lx error:%lx(%s)",
>
> If anything, all this stuff should be pr_emerg().
I will fix it.
--
Yu-cheng
Powered by blists - more mailing lists