| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <6bc401e7-6e34-4fbc-8ce3-a99be7966528@www.fastmail.com>
Date: Wed, 26 May 2021 14:17:13 -0700
From: "Andy Lutomirski" <luto@...nel.org>
To: "Babu Moger" <babu.moger@....com>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
linux-kselftest@...r.kernel.org
Cc: "Thomas Gleixner" <tglx@...utronix.de>,
"Ingo Molnar" <mingo@...hat.com>, "Borislav Petkov" <bp@...en8.de>,
"the arch/x86 maintainers" <x86@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>, dave.hansen@...ux.intel.com,
"Peter Zijlstra (Intel)" <peterz@...radead.org>, shuah@...nel.org,
jroedel@...e.de, "Uros Bizjak" <ubizjak@...il.com>,
viro@...iv.linux.org.uk, "Petteri Aimonen" <jpa@....mail.kapsi.fi>,
"Fenghua Yu" <fenghua.yu@...el.com>,
"Kan Liang" <kan.liang@...ux.intel.com>,
"Andrew Morton" <akpm@...ux-foundation.org>,
"Mike Rapoport" <rppt@...nel.org>,
"Fan Yang" <Fan_Yang@...u.edu.cn>, anshuman.khandual@....com,
"Benjamin Thiel" <b.thiel@...teo.de>,
"Juergen Gross" <jgross@...e.com>, keescook@...omium.org,
"Sean Christopherson" <seanjc@...gle.com>, mh@...ndium.org,
sashal@...nel.org, krisman@...labora.com,
"Bae, Chang Seok" <chang.seok.bae@...el.com>, 0x7f454c46@...il.com,
jhubbard@...dia.com, sandipan@...ux.ibm.com, ziy@...dia.com,
kirill.shutemov@...ux.intel.com, suxingxing@...ngson.cn,
harish@...ux.ibm.com, rong.a.chen@...el.com, linuxram@...ibm.com,
bauerman@...ux.ibm.com, dave.kleikamp@...cle.com
Subject: Re: x86/fpu/xsave: protection key test failures
On Wed, May 26, 2021, at 2:14 PM, Babu Moger wrote:
>
>
> On 5/25/21 7:36 PM, Andy Lutomirski wrote:
> > On 5/25/21 2:37 PM, Babu Moger wrote:
> >
> >> Investigation so far.
> >> 1. The test fails on AMD(Milan) systems. Test appears to pass on Intel
> >> systems. Tested on old Intel system available here.
> >
> > Ten cents says that you have discovered that AMD returns a synthesized
> > value for XINUSE[PKRU] and that write_pkru() is buggy.
> >
> > Any volunteers to fix the if (!pk) case in write_pkru() and see if the
> > problem goes away? (Or at least to print something for the if (!pk)
> > case and seee if it gets printed?)
>
> I inserted this patch to test this path.
>
>
> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
> index b1099f2d9800..a0bca917f864 100644
> --- a/arch/x86/include/asm/pgtable.h
> +++ b/arch/x86/include/asm/pgtable.h
> @@ -151,6 +160,8 @@ static inline void write_pkru(u32 pkru)
> fpregs_lock();
> if (pk)
> pk->pkru = pkru;
> + else
> + printk_once("%s read_pkru 0x%x\n",__FUNCTION__, read_pkru());
> __write_pkru(pkru);
> fpregs_unlock();
> }
>
>
> Yes. The pk value is sometimes NULL and the value in the pkru register is
> 0 at that time. Here is the dmesg output.
>
> [ 1.700889] write_pkru read_pkru 0x0
>
Sweet, maybe I get my hypothetical dime back! Both bugs are real.
Dave and I (mostly Dave — I’m supplying the snark) are working on an omnibus patch to fix this whole mess.
Thanks,
Andy
Powered by blists - more mailing lists