lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 15 Nov 2021 18:03:39 +0100
From:   Greg KH <greg@...ah.com>
To:     Jane Malalane <jane.malalane@...rix.com>
Cc:     LKML <linux-kernel@...r.kernel.org>, Borislav Petkov <bp@...e.de>,
        stable@...r.kernel.org
Subject: Re: [PATCH for 4.19] x86/cpu: Fix migration safety with
 X86_BUG_NULL_SEL

On Mon, Nov 15, 2021 at 04:30:20PM +0000, Jane Malalane wrote:
> commit 415de44076640483648d6c0f6d645a9ee61328ad upstream.
> 
> Currently, Linux probes for X86_BUG_NULL_SEL unconditionally which
> makes it unsafe to migrate in a virtualised environment as the
> properties across the migration pool might differ.
> 
> To be specific, the case which goes wrong is:
> 
> 1. Zen1 (or earlier) and Zen2 (or later) in a migration pool
> 2. Linux boots on Zen2, probes and finds the absence of X86_BUG_NULL_SEL
> 3. Linux is then migrated to Zen1
> 
> Linux is now running on a X86_BUG_NULL_SEL-impacted CPU while believing
> that the bug is fixed.
> 
> The only way to address the problem is to fully trust the "no longer
> affected" CPUID bit when virtualised, because in the above case it would
> be clear deliberately to indicate the fact "you might migrate to
> somewhere which has this behaviour".
> 
> Zen3 adds the NullSelectorClearsBase CPUID bit to indicate that loading
> a NULL segment selector zeroes the base and limit fields, as well as
> just attributes. Zen2 also has this behaviour but doesn't have the NSCB
> bit.
> 
>  [ bp: Minor touchups. ]
> 
> Signed-off-by: Jane Malalane <jane.malalane@...rix.com>
> Signed-off-by: Borislav Petkov <bp@...e.de>
> CC: <stable@...r.kernel.org>
> Link: https://lkml.kernel.org/r/20211021104744.24126-1-jane.malalane@citrix.com
> ---
> Backport to 4.19.  Drop Hygon modifications.

Now queued up, thanks.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ