| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <xonbgoepadskqagkprwpcse33sgl3yebo52liuskde2eiozcza@njkktzlcar6g> Date: Thu, 24 Oct 2024 17:02:42 +0300 From: "Kirill A. Shutemov" <kirill@...temov.name> To: Josh Poimboeuf <jpoimboe@...nel.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, x86@...nel.org, Andrew Cooper <andrew.cooper3@...rix.com>, Borislav Petkov <bp@...en8.de> Subject: Re: [PATCH] x86: fix user address masking non-canonical speculation issue On Wed, Oct 23, 2024 at 11:13:00PM -0700, Josh Poimboeuf wrote: > On Wed, Oct 23, 2024 at 06:31:59PM -0700, Linus Torvalds wrote: > > @@ -2389,6 +2390,15 @@ void __init arch_cpu_finalize_init(void) > > + /* > > + * Enable this when LAM is gated on LASS support > > + if (cpu_feature_enabled(X86_FEATURE_LAM)) > > + USER_PTR_MAX = (1ul << 63) - PAGE_SIZE; > > + */ > > I'm probably missing something but once LAM is enabled, how wouldn't > this allow non-canonical address speculation? i.e. when bit 47/56 is > set and 63 is cleared, would it not go untouched by mask_user_address() > and thus be speculatively interpreted by AMD as a kernel address? CPU with LAM enabled enforces bit 63 to be equal bit 47/56 and raises #GP otherwise. -- Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists