lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202210271155.33956B1@keescook>
Date:   Thu, 27 Oct 2022 11:58:35 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Alexander Potapenko <glider@...gle.com>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Marco Elver <elver@...gle.com>, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org
Subject: Re: [PATCH] x86/uaccess: instrument copy_from_user_nmi()

On Thu, Oct 27, 2022 at 11:26:50AM -0700, Alexander Potapenko wrote:
> On Thu, Oct 27, 2022 at 1:05 AM Peter Zijlstra <peterz@...radead.org> wrote:
> >
> > On Wed, Oct 26, 2022 at 11:38:53AM -0700, Alexander Potapenko wrote:
> > > A bigger issue from the NMI perspective is probably
> > > having __msan_poison_alloca() inserted in every non-noinstr kernel
> > > function, because that hook may acquire the stackdepot lock.
> >
> > *urgghhh* that's broken, that must not be. There is a *TON* of NMI
> > functions that are non-noinstr.
> 
> __msan_poison_alloca() is guarded by kmsan_in_runtime(), which is
> currently implemented as:
> 
>   static __always_inline bool kmsan_in_runtime(void)
>   {
>           if ((hardirq_count() >> HARDIRQ_SHIFT) > 1)
>                   return true;
>           return kmsan_get_context()->kmsan_in_runtime;
>   }
> 
> I think the easiest way to fix the NMI situation would be adding "if
> in_nmi() return true"?

It might help to look through these threads:

https://lore.kernel.org/lkml/20220916135953.1320601-1-keescook@chromium.org/
https://lore.kernel.org/all/20220919201648.2250764-1-keescook@chromium.org/

I wandered around attempting to deal with in_nmi(), etc. And in
the end just drop the attempt to cover it. It's worth noting that
copy_from_user_nmi() exists on 1 architecture and has exactly 1
call-site...

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ