| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2023 06:08:01 +0800
From: kernel test robot <lkp@...el.com>
To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Andy Lutomirski <luto@...nel.org>,
Jonathan Corbet <corbet@....net>,
Sean Christopherson <seanjc@...gle.com>,
Paolo Bonzini <pbonzini@...hat.com>, tony.luck@...el.com,
ak@...ux.intel.com, tim.c.chen@...ux.intel.com
Cc: oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, kvm@...r.kernel.org,
Alyssa Milburn <alyssa.milburn@...ux.intel.com>,
Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
antonio.gomez.iglesias@...ux.intel.com,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
Subject: Re: [PATCH v2 4/6] x86/bugs: Use ALTERNATIVE() instead of
mds_user_clear static key
Hi Pawan,
kernel test robot noticed the following build warnings:
[auto build test WARNING on 05d3ef8bba77c1b5f98d941d8b2d4aeab8118ef1]
url: https://github.com/intel-lab-lkp/linux/commits/Pawan-Gupta/x86-bugs-Add-asm-helpers-for-executing-VERW/20231024-161029
base: 05d3ef8bba77c1b5f98d941d8b2d4aeab8118ef1
patch link: https://lore.kernel.org/r/20231024-delay-verw-v2-4-f1881340c807%40linux.intel.com
patch subject: [PATCH v2 4/6] x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
reproduce: (https://download.01.org/0day-ci/archive/20231026/202310260517.TrEGc1ZW-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310260517.TrEGc1ZW-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> Documentation/arch/x86/mds.rst:153: WARNING: Unexpected section title.
vim +153 Documentation/arch/x86/mds.rst
141
142 When transitioning from kernel to user space the CPU buffers are flushed
143 on affected CPUs when the mitigation is not disabled on the kernel
144 command line. The mitigation is enabled through the feature flag
145 X86_FEATURE_CLEAR_CPU_BUF.
146
147 The mitigation is invoked just before transitioning to userspace after
148 user registers are restored. This is done to minimize the window in
149 which kernel data could be accessed after VERW e.g. via an NMI after
150 VERW.
151
152 Corner case not handled
> 153 ^^^^^^^^^^^^^^^^^^^^^^^
154 Interrupts returning to kernel don't clear CPUs buffers since the
155 exit-to-user path is expected to do that anyways. But, there could be
156 a case when an NMI is generated in kernel after the exit-to-user path
157 has cleared the buffers. This case is not handled and NMI returning to
158 kernel don't clear CPU buffers because:
159
160 1. It is rare to get an NMI after VERW, but before returning to userspace.
161 2. For an unprivileged user, there is no known way to make that NMI
162 less rare or target it.
163 3. It would take a large number of these precisely-timed NMIs to mount
164 an actual attack. There's presumably not enough bandwidth.
165 4. The NMI in question occurs after a VERW, i.e. when user state is
166 restored and most interesting data is already scrubbed. Whats left
167 is only the data that NMI touches, and that may or may not be of
168 any interest.
169
170
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists