lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 25 Apr 2022 21:25:18 +0800
From:   Lai Jiangshan <jiangshanlai@...il.com>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Borislav Petkov <bp@...en8.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andy Lutomirski <luto@...nel.org>, X86 ML <x86@...nel.org>,
        Lai Jiangshan <jiangshan.ljs@...group.com>,
        Ingo Molnar <mingo@...hat.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>, Joerg Roedel <jroedel@...e.de>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        "Chang S. Bae" <chang.seok.bae@...el.com>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH V5 7/7] x86/entry: Use idtentry macro for entry_INT80_compat

On Mon, Apr 25, 2022 at 6:24 PM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> On Tue, Apr 12 2022 at 20:15, Lai Jiangshan wrote:
> > From: Lai Jiangshan <jiangshan.ljs@...group.com>
> >
> > entry_INT80_compat is identical to idtentry macro except a special
> > handling for %rax in the prolog.
>
> Seriously?
>
> > -     pushq   %rsi                    /* pt_regs->si */
> > -     xorl    %esi, %esi              /* nospec   si */
>
> esi is not cleared in CLEAR_REGS. So much for identical.
>
>

Hello, Thomas

Thank you for the review.

They (the old entry_INT80_compat() and the new using the macro
idtentry) are not identical in ASM code.

The macro idtentry pushes %rsi to the entry stack and then copies
it from the entry stack to the kernel stack and then switches
the stack.

The original entry_INT80_compat() is much more straightforward
and efficient.  It switches the stack as soon as possible and
then pushes %rsi directly onto the kernel stack.

So they are different in this aspect.

I compared the macro idtentry and the original entry_INT80_compat(),
to check if the macro idtentry has all the behaviors that the INT80
thing has and check if what the macro idtentry has but the INT80
thing doesn't is a No-op (like the handling of bad IRET).

In my view, the checks don't fail my expectations except for
regs->ax and regs->orig_ax.

As for CLEAR_REGS, I also have reviewed it many times.  To me, it
equals clearing all registers although it doesn't clear ax, sp,
di, si.  In the comments, it says

   The lower registers are likely clobbered well before they could
   be put to use in a speculative execution gadget.

When using CLEAR_REGS for the INT80 thing, the %rsi will be cleared
explicitly when syscall_enter_from_user_mode() which has 2 arguments
is called.

"identical" is overstated. I will change the changelog to say their
behaviors are almost similar and the final result are the same when
the macro idtentry has the prolog.

Thanks
Lai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ