lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jun 2022 12:21:16 +0100 From: "Russell King (Oracle)" <linux@...linux.org.uk> To: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> Cc: Tony Lindgren <tony@...mide.com>, LKML <linux-kernel@...r.kernel.org>, Linux ARM <linux-arm-kernel@...ts.infradead.org> Subject: Re: [PATCH] ARM: spectre-v2: fix smp_processor_id() warning On Wed, Jun 22, 2022 at 03:49:21PM +0900, Tetsuo Handa wrote: > syzbot complains smp_processor_id() from harden_branch_predictor() > from page fault path [1]. Explicitly disable preemption and use > raw_smp_processor_id(). > > Link: https://syzkaller.appspot.com/bug?extid=a7ee43e564223f195c84 [1] > Reported-by: syzbot <syzbot+a7ee43e564223f195c84@...kaller.appspotmail.com> > Fixes: f5fe12b1eaee220c ("ARM: spectre-v2: harden user aborts in kernel space") > Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> This may "fix" the warning, but... > --- > This patch is completely untested. > > arch/arm/include/asm/system_misc.h | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/include/asm/system_misc.h b/arch/arm/include/asm/system_misc.h > index 98b37340376b..a92446769acd 100644 > --- a/arch/arm/include/asm/system_misc.h > +++ b/arch/arm/include/asm/system_misc.h > @@ -20,8 +20,11 @@ typedef void (*harden_branch_predictor_fn_t)(void); > DECLARE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn); > static inline void harden_branch_predictor(void) > { > - harden_branch_predictor_fn_t fn = per_cpu(harden_branch_predictor_fn, > - smp_processor_id()); > + harden_branch_predictor_fn_t fn; > + > + preempt_disable_notrace(); > + fn = per_cpu(harden_branch_predictor_fn, raw_smp_processor_id()); > + preempt_enable_no_resched_notrace(); > if (fn) > fn(); The idea is to get the function for the specific CPU, and then to run it _on_ that CPU, and in theory the CPU that took the fault. However, I seem to remember there are issues trying to achieve that, and I don't have a solution for it. -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
Powered by blists - more mailing lists