lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20220401170126.GY8939@worktop.programming.kicks-ass.net>
Date:   Fri, 1 Apr 2022 19:01:26 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Youquan Song <youquan.song@...ux.intel.com>
Cc:     Tony Luck <tony.luck@...el.com>, Borislav Petkov <bp@...en8.de>,
        Josh Poimboeuf <jpoimboe@...hat.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org, Zhiquan Li <zhiquan1.li@...el.com>,
        Youquan Song <youquan.song@...el.com>
Subject: Re: [PATCH] x86/uaccess: restore get_user exception type to
 EX_TYPE_UACCESS

On Fri, Apr 01, 2022 at 08:45:19PM +0800, Youquan Song wrote:
> On Thu, Mar 31, 2022 at 07:51:13PM +0200, Peter Zijlstra wrote:
> > On Thu, Mar 31, 2022 at 07:31:25PM +0800, Youquan Song wrote:
> > > > Did you do your testing on RHEL or something daft like that?
> > > Tested on RHEL8.x
> > 
> > Right; the home of obsolete software.. :-)
> > 
> > > > Something like the below can also work, I suppose. But please, add
> > > > coherent comments to the extable code with useful references to the MCE
> > > > code that does this abuse.
> > > Here is the full fix patch depending on your suggestion. Thanks a lot!
> > 
> > Did you verify this was indeed the only UACCESS I lost?
> 
> The full fix patch has included a change in error_context to identify
> this case to be MCE_IN_KERNEL_COPYIN. I verfied it fix the issue.

That's not what I asked... :-(

What that means is that you go look at the commits that reworked all
this; starting here:

  https://lore.kernel.org/all/20211110100102.250793167@infradead.org/

and check how many UACCESS's got removed:

$ git diff 3411506550b1..82a8954acd93 | grep "^-.*UA" | wc -l
33

And then verify they're all good now and that we don't find another
missing instance in a few weeks or later...

Because when I look at that, stuff like:

--- a/arch/x86/include/asm/futex.h
+++ b/arch/x86/include/asm/futex.h
@@ -17,13 +17,9 @@ do {                                                         \
        int oldval = 0, ret;                                    \
        asm volatile("1:\t" insn "\n"                           \
                     "2:\n"                                     \
-                    "\t.section .fixup,\"ax\"\n"               \
-                    "3:\tmov\t%3, %1\n"                        \
-                    "\tjmp\t2b\n"                              \
-                    "\t.previous\n"                            \
-                    _ASM_EXTABLE_UA(1b, 3b)                    \
+                    _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG, %1) \
                     : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
-                    : "i" (-EFAULT), "0" (oparg), "1" (0));    \
+                    : "0" (oparg), "1" (0));   \
        if (ret)                                                \
                goto label;                                     \
        *oval = oldval;                                         \


makes me think this isn't the last of it... Hmmm?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ