| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240730192237.GR33588@noisy.programming.kicks-ass.net> Date: Tue, 30 Jul 2024 21:22:37 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Guenter Roeck <linux@...ck-us.net>, Andy Lutomirski <luto@...nel.org>, Ingo Molnar <mingo@...hat.com>, Peter Anvin <hpa@...or.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Jens Axboe <axboe@...nel.dk>, the arch/x86 maintainers <x86@...nel.org> Subject: Re: Linux 6.11-rc1 On Tue, Jul 30, 2024 at 11:53:31AM -0700, Linus Torvalds wrote: > Which makes me think it's asm_exc_int3 just recursively failing. Sounds like text_poke() going sideways, there's a jump_label fail out there: https://lkml.kernel.org/r/20240730132626.GV26599@noisy.programming.kicks-ass.net > Let's see it x86 people have some idea, but that > > restore_all_switch_stack+0x65/0xe6 > > and doing an objdump to see the code generation, it is literally here: > > 0f 20 d8 mov %cr3,%eax > 0d 00 10 00 00 or $0x1000,%eax > 0f 22 d8 mov %eax,%cr3 That looks like SWITCH_TO_USER_CR3 > eb 16 jmp <restore_all_switch_stack+0x7d> > > with that "jmp" instruction being the restore_all_switch_stack+0x65 address. Thish would make this BUG_IF_WRONG_CR3, which starts with an ALTERNATIVE jmp. I think we landed a pile of ALTERNATIVE patches this merge window. That said, Boris did spend an awful lot of time testing them... but this is 32bit so who knows how much time that got.
Powered by blists - more mailing lists