| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f8352c29-6b9f-2711-ddf4-223a6806f42f@intel.com>
Date: Thu, 12 Jan 2023 10:48:33 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: "Chen, Yian" <yian.chen@...el.com>,
Sohil Mehta <sohil.mehta@...el.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Ravi Shankar <ravi.v.shankar@...el.com>,
Tony Luck <tony.luck@...el.com>,
Paul Lai <paul.c.lai@...el.com>
Subject: Re: [PATCH 3/7] x86/cpu: Disable kernel LASS when patching kernel
alternatives
On 1/12/23 10:36, Chen, Yian wrote:
> On 1/11/2023 4:37 PM, Dave Hansen wrote:
>> On 1/11/23 16:27, Chen, Yian wrote:
>>>> It seems we are implicitly relying on the on stac() and clac()
>>>> calls that are added for SMAP. Have you tried running with SMAP
>>>> disabled i.e "clearcpuid=smap"?
>>>>
>>> Yes, I tested with clearcpuid=smap.
>> It works by accident, then.
>>
>> clearcpuid=smap means that the kernel should be running as if
>> CPUID.(EAX=07H,ECX=0H):EBX.SMAP[bit 20]==0. STAC/CLAC should #UD in
>> that case.
>>
> It could be something wrong in my Simics simulation environment.
Also, Andy Cooper made a very good point: when the kernel enables
paging, it's running with a low address so that the instruction pointer
stays valid as paging becomes enabled.
But, if LASS were enabled and enforced at that point, you'd get a LASS
fault and go kablooey. Can you see what simics does in that case, and
also make sure we're clearing CR4.LASS when enabling paging? That would
obviate the need to do it later in C code too.
Powered by blists - more mailing lists