| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 May 2024 16:34:10 +0100
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: Alexandre Chartre <alexandre.chartre@...cle.com>,
Dave Hansen <dave.hansen@...el.com>, x86@...nel.org, kvm@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, daniel.sneddon@...ux.intel.com,
pawan.kumar.gupta@...ux.intel.com, tglx@...utronix.de,
konrad.wilk@...cle.com, peterz@...radead.org, gregkh@...uxfoundation.org,
seanjc@...gle.com, dave.hansen@...ux.intel.com, nik.borisov@...e.com,
kpsingh@...nel.org, longman@...hat.com, bp@...en8.de, pbonzini@...hat.com
Subject: Re: [PATCH] x86/bhi: BHI mitigation can trigger warning in #DB
handler
On 23/05/2024 3:52 pm, Alexandre Chartre wrote:
>
> On 5/23/24 16:28, Dave Hansen wrote:
>> On 5/23/24 05:33, Alexandre Chartre wrote:
>>> The problem can be reproduced with the following sequence:
>>>
>>> $ cat sysenter_step.c
>>> int main()
>>> { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); }
>>>
>>> $ gcc -o sysenter_step sysenter_step.c
>>>
>>> $ ./sysenter_step
>>> Segmentation fault (core dumped)
>>>
>>> The program is expected to crash, and the #DB handler will issue a
>>> warning.
>>
>> Should we wrap up this gem and put it with the other entry selftests?
>
> It looks like tools/testing/selftests/x86/single_step_syscall.c tests
> sysenter with TF set but it doesn't check if the kernel issues any
> warning.
But shouldn't the SIGSEGV still cause the selftest to notice?
Also, there should be a selftest for NT. (mis)handling of that will
take the entire kernel down.
AC for good measure too, as that's the other flag handled specially.
~Andrew
Powered by blists - more mailing lists