lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d592b997-54f6-4119-bcf1-ff180713d6be@citrix.com>
Date: Thu, 23 May 2024 16:34:10 +0100
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: Alexandre Chartre <alexandre.chartre@...cle.com>,
 Dave Hansen <dave.hansen@...el.com>, x86@...nel.org, kvm@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, daniel.sneddon@...ux.intel.com,
 pawan.kumar.gupta@...ux.intel.com, tglx@...utronix.de,
 konrad.wilk@...cle.com, peterz@...radead.org, gregkh@...uxfoundation.org,
 seanjc@...gle.com, dave.hansen@...ux.intel.com, nik.borisov@...e.com,
 kpsingh@...nel.org, longman@...hat.com, bp@...en8.de, pbonzini@...hat.com
Subject: Re: [PATCH] x86/bhi: BHI mitigation can trigger warning in #DB
 handler

On 23/05/2024 3:52 pm, Alexandre Chartre wrote:
>
> On 5/23/24 16:28, Dave Hansen wrote:
>> On 5/23/24 05:33, Alexandre Chartre wrote:
>>> The problem can be reproduced with the following sequence:
>>>
>>>   $ cat sysenter_step.c
>>>   int main()
>>>   { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); }
>>>
>>>   $ gcc -o sysenter_step sysenter_step.c
>>>
>>>   $ ./sysenter_step
>>>   Segmentation fault (core dumped)
>>>
>>> The program is expected to crash, and the #DB handler will issue a
>>> warning.
>>
>> Should we wrap up this gem and put it with the other entry selftests?
>
> It looks like tools/testing/selftests/x86/single_step_syscall.c tests
> sysenter with TF set but it doesn't check if the kernel issues any
> warning.

But shouldn't the SIGSEGV still cause the selftest to notice?

Also, there should be a selftest for NT.  (mis)handling of that will
take the entire kernel down.

AC for good measure too, as that's the other flag handled specially.

~Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ