| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <382e966b-4cac-4e28-a230-53ac52f91bf9@zytor.com>
Date: Sun, 3 Mar 2024 19:42:30 -0800
From: Xin Li <xin@...or.com>
To: Brian Gerst <brgerst@...il.com>
Cc: linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
hpa@...or.com
Subject: Re: [PATCH v1 1/1] x86/fred: Fix init_task thread stack pointer
initialization
On 3/2/2024 5:20 AM, Brian Gerst wrote:
> On Fri, Mar 1, 2024 at 11:18 PM Xin Li <xin@...or.com> wrote:
>>
>> On 3/1/2024 5:15 AM, Brian Gerst wrote:
>>> On Fri, Mar 1, 2024 at 3:41 AM Xin Li (Intel) <xin@...or.com> wrote:
>>> There is another spot in head_64.S that also needs this offset:
>>
>> I checked all references to __end_init_task before sending out this
>> patch, and I doubt we need to make more similar changes.
>>
>> First of all, "movq TASK_threadsp(%rcx), %rsp" you added in
>> 3adee777ad0d ("x86/smpboot: Remove initial_stack on 64-bit") is exactly
>> what we need to set up %rsp for the init task.
>>
>>> /* Set up the stack for verify_cpu() */
>>> leaq (__end_init_task - PTREGS_SIZE)(%rip), %rsp
>>
>> As the comment says, it's a _temporary_ stack for calling verify_cpu()
>> (but only for BSP, as APs use a different bring up stack), at which
>> stage the concept of "task" has not formed. I'm thinking maybe it's
>> better to do:
>>
>> /* Set up the stack for verify_cpu() */
>> leaq __end_init_task(%rip), %rsp
>>
>> Previously it was "leaq (__end_init_task - FRAME_SIZE)(%rip), %rsp",
>> but the kernel unwinder goes up only to secondary_startup_64_no_verify()
>> after the new way you introduced to set up %rsp for the init task, and
>> it seems to me that there is no point to subtract FRAME_SIZE or
>> PTREGS_SIZE.
>>
>> On the other hand, TOP_OF_KERNEL_STACK_PADDING is required for x86_32,
>> but probably not for x86_64 (defined as 0 before FRED). The most
>> important usage of TOP_OF_KERNEL_STACK_PADDING is to get the pt_regs
>> pointer for a task, i.e., task_pt_regs(task), which assumes a fixed
>> offset from the top of a task stack, but also limits the space that
>> could be used by future hardware above the pt_regs structure. Thus I
>> prefer to limit the usage of TOP_OF_KERNEL_STACK_PADDING on x86_64.
>
> The point is to keep consistency with other kernel threads, which have
> the pt_regs area cleared (see copy_thread()). In particular, the CS
> field can't have junk in it or else user_mode(regs) could return the
> wrong result. So the stack needs to start below pt_regs, or we need
> to explicitly zero pt_regs later.
Okay, I will add TOP_OF_KERNEL_STACK_PADDING to the spot in
arch/x86/kernel/head_64.S, plus another spot in arch/x86/xen/xen-head.S.
However, I still think it would be better to not have
TOP_OF_KERNEL_STACK_PADDING in these spots, instead we should explicitly
zero pt_regs later; any *implicit* protocol is NOT welcome. I will find
a timer later to check with the x86 maintainers :)
> Ideally, the load from thread->sp should just shift RSP by phys_base,
> pointing to the same memory location in the virtual mapping.
I prefer to do this explicitly as what's done now; it may be easier to
understand for future kernel developers.
Thanks!
Xin
Powered by blists - more mailing lists