lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 17 Apr 2024 08:07:16 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Nikolay Borisov <nik.borisov@...e.com>, "Xin Li (Intel)" <xin@...or.com>,
        linux-kernel@...r.kernel.org
Cc: luto@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        dave.hansen@...ux.intel.com, x86@...nel.org
Subject: Re: [PATCH v3 1/1] x86/fred: Fix INT80 emulation for FRED

On 4/17/24 04:02, Nikolay Borisov wrote:
> 
> On 17.04.24 г. 9:30 ч., Xin Li (Intel) wrote:
>> Add a FRED-specific INT80 handler fred_int80_emulation():
>>
>> 1) As INT instructions and hardware interrupts are separate event
>>     types, FRED does not preclude the use of vector 0x80 for external
>>     interrupts. As a result the FRED setup code does *NOT* reserve
>>     vector 0x80 and calling int80_is_external() is not merely
>>     suboptimal but actively incorrect: it could cause a system call
>>     to be incorrectly ignored.
>>
>> 2) fred_int80_emulation(), only called for handling vector 0x80 of
>>     event type EVENT_TYPE_SWINT, will NEVER be called to handle any
>>     external interrupt (event type EVENT_TYPE_EXTINT).
>>
>> 3) The FRED kernel entry handler does *NOT* dispatch INT instructions,
>>     which is of event type EVENT_TYPE_SWINT, so compared with
>>     do_int80_emulation(), there is no need to do any user mode check.
>>
>> 4) int80_emulation() does a CLEAR_BRANCH_HISTORY, which is likely 
>> >     overkill for new x86 CPU implementations that support FRED.
> 
> Well, that's a bit of an overstatement/speculation, because 
> clear_branch_history will only be effective if the machine is 
> susceptible to the given bug and there isn't a better options (i.e using 
> a hardware bit controlling the respective aspect of the CPU).
>>

It would seem like a huge stretch to expect that a FRED-capable CPU 
would not have such a facility. This is a matter of establishing a 
baseline for FRED-capable hardware.

It would make more sense to me to add it if we turn out to need it; note 
that FRED code is currently only enabled on demand, in order to defend 
against bit rot until we have physical hardware.

Now, if this is still desired, it *probably* belongs better in either 
fred_intx()/fred_other() or asm_fred_entrypoint_user, depending on if 
this ought to be done for all entries from userspace or only system calls.

	-hpa

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ