| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 May 2024 17:20:31 -0700 From: Dave Hansen <dave.hansen@...el.com> To: Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com> Cc: linux-kernel@...r.kernel.org, x86@...nel.org, Robert Gill <rtgill82@...il.com>, "Linux regression tracking (Thorsten Leemhuis)" <regressions@...mhuis.info>, antonio.gomez.iglesias@...ux.intel.com, daniel.sneddon@...ux.intel.com Subject: Re: [PATCH] x86/entry_32: Move CLEAR_CPU_BUFFERS before CR3 switch On 4/26/24 16:48, Pawan Gupta wrote: > Move the VERW before the CR3 switch for 32-bit kernels as a workaround. I look at the 32-bit code so rarely, I seem to forget have to re-learn this gunk every time I look at it. Take a look at RESTORE_INT_REGS. On 32-bit, we actually restore %ds: popl %ds So even doing this: > + CLEAR_CPU_BUFFERS > /* Restore user state */ > RESTORE_REGS pop=4 # skip orig_eax/error_code > - CLEAR_CPU_BUFFERS > .Lirq_return: fixes the issue. Moving it above the CR3 switch also works of course, but I don't think this has anything to do with CR3. It's just that userspace sets a funky %ds value and CLEAR_CPU_BUFFERS uses ds:. I don't think any of the segment registers can have secrets in them, can they? I mean, it's possible, but in practice I can't imagine. So why not just do the CLEAR_CPU_BUFFERS in RESTORE_REGS but after RESTORE_INT_REGS? You might be able to do it universally, or you could pass in a macro argument to do it conditionally. P.S. Can we remove 32-bit support yet? Please? :)
Powered by blists - more mailing lists