| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Feb 2021 17:23:13 +0100
From: Borislav Petkov <bp@...en8.de>
To: Andy Lutomirski <luto@...nel.org>
Cc: x86@...nel.org, LKML <linux-kernel@...r.kernel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Yonghong Song <yhs@...com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH 06/11] x86/fault: Improve kernel-executing-user-memory
handling
On Sun, Jan 31, 2021 at 09:24:37AM -0800, Andy Lutomirski wrote:
> Right now we treat the case of the kernel trying to execute from user
> memory more or less just like the kernel getting a page fault on a user
> access. In the failure path, we check for erratum #93, try to otherwise
> fix up the error, and then oops.
>
> If we manage to jump to the user address space, with or without SMEP, we
> should not try to resolve the page fault. This is an error, pure and
> simple. Rearrange the code so that we catch this case early, check for
> erratum #93, and bail out.
And I'm scratching my head why are you talking about kernel trying
to execute from user memory but doh, that erratum truncates the high
32-bits of rIP and the #PF address looks like a user address but
X86_PF_USER is clear.
Aha.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists