| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Jan 2023 14:42:40 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Aaron Lu <aaron.lu@...el.com>
Cc: Dave Hansen <dave.hansen@...el.com>,
Pavel Boldin <pboldin@...udlinux.com>,
Pavel Boldin <boldin.pavel@...il.com>,
"Raphael S. Carvalho" <raphaelsc@...lladb.com>,
Moritz Lipp <github@....me>,
Daniel Gruss <daniel.gruss@...k.tugraz.at>,
Michael Schwarz <michael.schwarz91@...il.com>,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] selftest/x86/meltdown: Add a selftest for meltdown
On Thu, Jan 05, 2023 at 08:35:05PM +0800, Aaron Lu wrote:
> To capture potential programming errors like mistakenly setting Global
> bit on kernel page table entries, a selftest for meltdown is added.
>
> This selftest is based on Pavel Boldin's work at:
> https://github.com/linux-test-project/ltp/blob/master/testcases/cve/meltdown.c
>
> In addition to the existing test of reading kernel variable
> saved_command_line from user space, one more test of reading user local
> variable through kernel direct map address is added. For the existing
> test(reading saved_command_line) to report a failure, both the high kernel
> mapping and low kernel mapping have to be in leaked state; For the added
> test(read local var), only low kernel mapping leak is enough to trigger
> a test fail, so both tests are useful.
>
> Test results of 10 runs:
>
> On v6.1-rc8 with nopti kernel cmdline option:
>
> host test_out_rate_1 test_out_rate_2
> lkp-bdw-de1 50% 100%
> lkp-hsw-d01 70% 100%
> lkp-hsw-d02 0% 80%
> lkp-hsw-d03 60% 100%
> lkp-hsw-d04 20% 100%
> lkp-hsw-d05 60% 100%
> lkp-ivb-d01 0% 70%
> lkp-kbl-d01 100% 100%
> lkp-skl-d02 100% 90%
> lkp-skl-d03 90% 100%
> lkp-skl-d05 60% 100%
> kbl-vm 100% 80%
> 2 other machines have 0% rate for both tests.
>
> bdw=broadwell, hsw=haswell, ivb=ivybridge, etc.
>
> test_out_rate_1: test reports fail rate for the test of reading
> saved_command_line from user space;
> test_out_rate_2: test reports fail rate for the test of reading user
> local variable through kernel direct map address in user space.
>
> On v5.19 without nopti cmdline option:
> host test_out_rate_2
> lkp-bdw-de1 80%
> lkp-hsw-4ex1 50%
> lkp-hsw-d01 30%
> lkp-hsw-d03 10%
> lkp-hsw-d04 10%
> lkp-kbl-d01 10%
> kbl-vm 80%
> 7 other machines have 0% rate for test2.
>
> Also tested on an i386 VM with 512M memory and the test out rate is 100%
> when adding nopti to kernel cmdline with v6.1-rc8.
>
> Main changes I made from Pavel Boldin's meltdown test are:
> - Replace rdtscll() and clflush() with kernel's implementation;
> - Reimplement find_symbol_in_file() to avoid bringing in LTP's library
> functions;
> - Coding style changes: placing the function return type in the same
> line of the function.
>
> Signed-off-by: Aaron Lu <aaron.lu@...el.com>
> ---
> Notable changes from RFC v3:
> - Drop RFC tag;
> - Change the base code from zlib licensed one to GPL licensed one.
Sorry, but this still gets my NAK for the issues raised in previous
reviews that are not addressed here for some reason :(
greg k-h
Powered by blists - more mailing lists