lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240730192237.GR33588@noisy.programming.kicks-ass.net>
Date: Tue, 30 Jul 2024 21:22:37 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Guenter Roeck <linux@...ck-us.net>, Andy Lutomirski <luto@...nel.org>,
	Ingo Molnar <mingo@...hat.com>, Peter Anvin <hpa@...or.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Jens Axboe <axboe@...nel.dk>,
	the arch/x86 maintainers <x86@...nel.org>
Subject: Re: Linux 6.11-rc1

On Tue, Jul 30, 2024 at 11:53:31AM -0700, Linus Torvalds wrote:

> Which makes me think it's asm_exc_int3 just recursively failing.

Sounds like text_poke() going sideways, there's a jump_label fail out
there:

 https://lkml.kernel.org/r/20240730132626.GV26599@noisy.programming.kicks-ass.net

> Let's see it x86 people have some idea, but that
> 
>    restore_all_switch_stack+0x65/0xe6
> 
> and doing an objdump to see the code generation, it is literally here:
> 
>         0f 20 d8                mov    %cr3,%eax
>         0d 00 10 00 00          or     $0x1000,%eax
>         0f 22 d8                mov    %eax,%cr3

That looks like SWITCH_TO_USER_CR3

>         eb 16                   jmp    <restore_all_switch_stack+0x7d>
> 
> with that "jmp" instruction being the restore_all_switch_stack+0x65 address.

Thish would make this BUG_IF_WRONG_CR3, which starts with an ALTERNATIVE
jmp. I think we landed a pile of ALTERNATIVE patches this merge window.

That said, Boris did spend an awful lot of time testing them... but this
is 32bit so who knows how much time that got.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ