| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jun 2021 14:28:00 -0700
From: "Yu, Yu-cheng" <yu-cheng.yu@...el.com>
To: Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>
Cc: x86@...nel.org, Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Fenghua Yu <fenghua.yu@...el.com>,
Tony Luck <tony.luck@...el.com>
Subject: Re: [patch 0/8] x86/fpu: Mop up XSAVES and related damage
On 6/2/2021 2:55 AM, Thomas Gleixner wrote:
> syszbot reported a warnon for XRSTOR raising #GP:
>
> https://lore.kernel.org/r/0000000000004c453905c30f8334@google.com
>
> with a syzcaller reproducer and a conclusive bisect result.
>
> It took a while to destill a simple C reproducer out of it which allowed to
> pin point the root cause: The recent addition of supervisor XSTATEs broke
> the signal restore path for the case where the signal handler wreckaged the
> XSTATE on stack because it does not sanitize the XSTATE header which causes
> a subsequent XRSTOR to fail and #GP.
>
> The following series addresses the problem and fixes related issues which
> were found while inspecting the related changes.
>
> Thanks to Andy and Dave for working on this with me!
>
> Thanks,
>
> tglx
> ---
> arch/x86/include/asm/fpu/xstate.h | 4
> arch/x86/kernel/fpu/core.c | 62 ++++++---
> arch/x86/kernel/fpu/regset.c | 43 ++----
> arch/x86/kernel/fpu/signal.c | 30 +++-
> arch/x86/kernel/fpu/xstate.c | 95 +++++----------
> b/tools/testing/selftests/x86/corrupt_xstate_header.c | 114 ++++++++++++++++++
> tools/testing/selftests/x86/Makefile | 3
> 7 files changed, 234 insertions(+), 117 deletions(-)
>
With the series applied, glibc pkey test fails sometimes. I will try to
find out the cause.
The test:
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/tst-pkey.c
The output:
error: ../sysdeps/unix/sysv/linux/tst-pkey.c:161: not true:
!check_page_access (i, false)
error: ../sysdeps/unix/sysv/linux/tst-pkey.c:162: not true:
!check_page_access (i, true)
error: ../sysdeps/unix/sysv/linux/tst-pkey.c:161: not true:
!check_page_access (i, false)
error: ../sysdeps/unix/sysv/linux/tst-pkey.c:162: not true:
!check_page_access (i, true)
error: ../sysdeps/unix/sysv/linux/tst-pkey.c:161: not true:
!check_page_access (i, false)
error: ../sysdeps/unix/sysv/linux/tst-pkey.c:162: not true:
!check_page_access (i, true)
../sysdeps/unix/sysv/linux/tst-pkey.c:238: numeric comparison failure
left: 0 (0x0); from: result->access_rights[i]
right: 1 (0x1); from: PKEY_DISABLE_ACCESS
../sysdeps/unix/sysv/linux/tst-pkey.c:238: numeric comparison failure
left: 0 (0x0); from: result->access_rights[i]
right: 1 (0x1); from: PKEY_DISABLE_ACCESS
../sysdeps/unix/sysv/linux/tst-pkey.c:238: numeric comparison failure
left: 0 (0x0); from: result->access_rights[i]
right: 1 (0x1); from: PKEY_DISABLE_ACCESS
../sysdeps/unix/sysv/linux/tst-pkey.c:242: numeric comparison failure
left: 0 (0x0); from: result->access_rights[i]
right: 1 (0x1); from: PKEY_DISABLE_ACCESS
../sysdeps/unix/sysv/linux/tst-pkey.c:242: numeric comparison failure
left: 0 (0x0); from: result->access_rights[i]
right: 1 (0x1); from: PKEY_DISABLE_ACCESS
../sysdeps/unix/sysv/linux/tst-pkey.c:242: numeric comparison failure
left: 0 (0x0); from: result->access_rights[i]
right: 1 (0x1); from: PKEY_DISABLE_ACCESS
error: 12 test failures
Powered by blists - more mailing lists