| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d9515c72-d8c5-eba4-56d1-1779fb751908@intel.com>
Date: Fri, 1 Oct 2021 11:04:22 -0700
From: Sohil Mehta <sohil.mehta@...el.com>
To: Andy Lutomirski <luto@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
the arch/x86 maintainers <x86@...nel.org>
CC: Tony Luck <tony.luck@...el.com>,
Dave Hansen <dave.hansen@...el.com>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>, Jens Axboe <axboe@...nel.dk>,
Christian Brauner <christian@...uner.io>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Shuah Khan <shuah@...nel.org>, Arnd Bergmann <arnd@...db.de>,
Jonathan Corbet <corbet@....net>,
Raj Ashok <ashok.raj@...el.com>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Gayatri Kammela <gayatri.kammela@...el.com>,
Zeng Guang <guang.zeng@...el.com>,
"Williams, Dan J" <dan.j.williams@...el.com>,
Randy E Witt <randy.e.witt@...el.com>,
"Shankar, Ravi V" <ravi.v.shankar@...el.com>,
Ramesh Thomas <ramesh.thomas@...el.com>,
Linux API <linux-api@...r.kernel.org>,
<linux-arch@...r.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
<linux-kselftest@...r.kernel.org>
Subject: Re: [RFC PATCH 11/13] x86/uintr: Introduce uintr_wait() syscall
On 10/1/2021 8:13 AM, Andy Lutomirski wrote:
>
> I'm just reading TFM, which is some kind of dystopian fantasy.
>
> 11.8.2.4 XRSTORS
>
> Before restoring the user-interrupt state component, XRSTORS verifies that UINV is 0. If it is not, XRSTORS
> causes a general-protection fault (#GP) before loading any part of the user-interrupt state component. (UINV
> is IA32_UINTR_MISC[39:32]; XRSTORS does not check the contents of the remainder of that MSR.)
>
> So if UINV is set in the memory image and you XRSTORS five times in a row, the first one will work assuming UINV was zero. The second one will #GP. And:
>
> 11.8.2.3 XSAVES
> After saving the user-interrupt state component, XSAVES clears UINV. (UINV is IA32_UINTR_MISC[39:32];
> XSAVES does not modify the remainder of that MSR.)
>
> So if we're running a UPID-enabled user task and we switch to a kernel thread, we do XSAVES and UINV is cleared. Then we switch back to the same task and don't do XRSTORS (or otherwise write IA32_UINTR_MISC) and UINV is still clear.
Andy,
I am still catching up with the rest of the discussion but I wanted to
provide some input here.
Have you had a chance to look at the discussion on this topic in patch 5?
https://lore.kernel.org/lkml/87bl4fcxz8.ffs@tglx/
The pseudo code Thomas provided and my comments on the same cover the
above situation.
The UINV bits in the IA32_UINTR_MISC act as an on/off switch for
detecting user interrupts (i.e. moving them from UPID.PIR to UIRR). When
XSAVES saves UIRR into memory we want the switch to atomically turn off
to stop detecting additional interrupts. When we restore the state back
the hardware wants to be sure the switch is off before writing to UIRR.
If not, the UIRR state could potentially be overwritten.
That's how I understand the XSAVES/XRSTORS behavior. I can confirm with
the hardware architects if you want more details here.
Regarding the #GP trick proposal, I am planning to get some feedback
from the hardware folks to see if any potential issues could arise.
I am on a pre-planned break next week. I apologize (in advance) for the
delay in responding.
Thanks,
Sohil
Powered by blists - more mailing lists