lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 12 Jun 2021 02:24:17 +0200
From:   Thomas Gleixner <tglx@...utronix.de>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Fenghua Yu <fenghua.yu@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Yu-cheng Yu <yu-cheng.yu@...el.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Borislav Petkov <bp@...e.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Kan Liang <kan.liang@...ux.intel.com>
Subject: Re: [patch 00/41] x86/fpu: Spring cleaning and PKRU sanitizing

On Fri, Jun 11 2021 at 18:15, Thomas Gleixner wrote:
>   - Removal of PKRU from being XSTATE managed in the kernel because PKRU
>     has to be eagerly restored on context switch and keeping it in sync
>     in the xstate buffer is just pointless overhead and fragile.

Just before anyone comes up with any complaints about the resulting
inconsistency vs. xgetbv(1) in the case that the PKRU value is 0.

That inconsistency is simply a INTEL only hardware bug and there is no
way to get this consistent ever no matter what kind of mechanism the
kernel uses. This inconsistency can be demonstrated in user space w/o
any kernel interaction.

The Intel SDM states in volume 1, chapter 13.6

 PROCESSOR TRACKING OF XSAVE-MANAGED STATE

  * PKRU state. PKRU state is in its initial configuration if the value
    of the PKRU is 0.

But that's just not true.

        wrpkru(0)
        assert(!(xgetbv(1) & XFEATURE_PKRU);

fails on Intel but not on AMD AFAIK. xgetbv(1) returns the 'INUSE'
bitmap of xstate managed features.

But the Intel SDM is blury about this:

  XINUSE denotes the state-component bitmap corresponding to the init
  optimization. If XINUSE[i] = 0, state component i is known to be in
  its initial configuration; otherwise XINUSE[i] = 1. It is possible for
  XINUSE[i] to be 1 even when state component i is in its initial
  configuration. On a processor that does not support the init
  optimization, XINUSE[i] is always 1 for every value of i.

IOW there is no consistency vs. XINUSE and initial state guaranteed at
all. So why should the kernel worry about this?

We just use the most optimized way to deal with this and that's what
this patch series is doing by removing PKRU from xstate management in
the kernel.

If anyone cares about consistency of XINUSE vs. the actual component
state then please redirect the complaints to INTEL.

Either the hardware folks get their act together or software which
relies on consistency (cough, cough) like rr has to cope with it.

Making the kernel to pretend that all of this is consistent under all
circumstances is a futile attempt to ignore reality.

This inconsistency can only be fixed in hardware/ucode. End of story.

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ