| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <868qv6717r.wl-maz@kernel.org> Date: Wed, 02 Oct 2024 20:29:28 +0100 From: Marc Zyngier <maz@...nel.org> To: Mark Brown <broonie@...nel.org> Cc: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Jonathan Corbet <corbet@....net>, Andrew Morton <akpm@...ux-foundation.org>, Oliver Upton <oliver.upton@...ux.dev>, James Morse <james.morse@....com>, Suzuki K Poulose <suzuki.poulose@....com>, Arnd Bergmann <arnd@...db.de>, Oleg Nesterov <oleg@...hat.com>, Eric Biederman <ebiederm@...ssion.com>, Shuah Khan <shuah@...nel.org>, "Rick P. Edgecombe" <rick.p.edgecombe@...el.com>, Deepak Gupta <debug@...osinc.com>, Ard Biesheuvel <ardb@...nel.org>, Szabolcs Nagy <Szabolcs.Nagy@....com>, Kees Cook <kees@...nel.org>, "H.J. Lu" <hjl.tools@...il.com>, Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, Florian Weimer <fweimer@...hat.com>, Christian Brauner <brauner@...nel.org>, Thiago Jung Bauermann <thiago.bauermann@...aro.org>, Ross Burton <ross.burton@....com>, David Spickett <david.spickett@....com>, Yury Khrustalev <yury.khrustalev@....com>, Wilco Dijkstra <wilco.dijkstra@....com>, linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org, kvmarm@...ts.linux.dev, linux-fsdevel@...r.kernel.org, linux-arch@...r.kernel.org, linux-mm@...ck.org, linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org Subject: Re: [PATCH v13 16/40] KVM: arm64: Manage GCS access and registers for guests On Wed, 02 Oct 2024 19:24:12 +0100, Mark Brown <broonie@...nel.org> wrote: > > [1 <text/plain; us-ascii (7bit)>] > On Wed, Oct 02, 2024 at 04:55:25PM +0100, Marc Zyngier wrote: > > Marc Zyngier <maz@...nel.org> wrote: > > > > > + if (!kvm_has_gcs(kvm)) > > > > + kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nGCS_EL0 | > > > > + HFGxTR_EL2_nGCS_EL1); > > > > Why are you still allowing the GCS instructions when GCS isn't > > > enabled? > > > Scratch that, they are NOPs when GCS isn't enabled, so there shouldn't > > be any need for extra traps. > > They are, though really they should UNDEF if GCS isn't there (which I > had thought was what you were referencing here). Equally we only have > traps for a subset of GCS instructions and it's not like there aren't a > whole bunch of untrappable extensions anyway so it's not clear it's > worth the effort just for that. If the encodings UNDEF when GCS is not implemented (i.e. they are not in the NOP space), then all trapable instructions should absolutely UNDEF (and yes, it is worth the effort, even if it is only to demonstrate that the architecture is sub-par). So I expect the next version to handle traps for GCSPUSHX, GCSPOPX, GCSPUSHM, GCSSTR and GCSSTTR when GCS isn't enabled. I'm also pretty sure this is missing some form of sanitisation for PSTATE.EXLOCK, and looking at the pseudocode, you seem to be missing the handling of that bit on exception injection. M. -- Without deviation from the norm, progress is not possible.
Powered by blists - more mailing lists