lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 Sep 2021 04:34:10 -0700
From:   Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
        Marcus Rückert <mrueckert@...e.com>
Subject: Re: [PATCH] x86/umip: Add a umip= cmdline switch

On Tue, Sep 14, 2021 at 06:51:22PM +0200, Borislav Petkov wrote:
> On Mon, Sep 13, 2021 at 02:38:36PM -0700, Ricardo Neri wrote:
> > That is right. Although, I am not sure programs you can have in
> > the same machine that also want to use UMIP-protected instructions.
> 
> Sure, another game. :-P
> 
> But srsly, looking at those two:
> 
>         umip_pr_warn(regs, "%s instruction cannot be used by applications.\n",
>                         umip_insns[umip_inst]);
> 
>         umip_pr_warn(regs, "For now, expensive software emulation returns the result.\n");
> 
> Why are they there at all?
> 
> I mean, I can hardly imagine userspace doing anything about them.

The goal at the time was encourage users to report bugs on the
applications and eventually have them fixed. It also meant to warn users
about degraded performance due to emulation. To my knowledge, no one has
reported the latter thus far.

> 
> They're all likely old, arcane applications or games run in wine which
> people have no access to the source code anyway so come to think of it,
> the once thing is starting to make more sense to me now.

Indeed, no one has reported "modern" application using these
instructions.

> 
> Sure, that:
> 
>         umip_pr_err(regs, "segfault in emulation. error%x\n",
>                     X86_PF_USER | X86_PF_WRITE);
> 
> should be issued unconditionally but I'm wondering if those warning
> messages are needed at all. And if not, I should probably simply rip
> them all out.
> 
> Or at least silence them by default and flip the cmdline switch logic to
> enable them for users who are interested in those things but they should
> be silent by defauilt.

Since after almost 4 years, performance degradation does not seem to be a
concern, I think it is sensible to remove the warnings.

> 
> I.e., you'd need to supply
> 
> 	umip=warnings_on
> 
> on the cmdline to actually see them.

They could also be salvaged by converting them to umiip_pr_debug(), just
to err on the cautious side without having to add a new command line
argument.

Thanks and BR,
Ricardo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ