| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3350ece7-9eab-404c-8cad-f0a307781068@intel.com> Date: Tue, 14 Jan 2025 08:41:48 -0800 From: Dave Hansen <dave.hansen@...el.com> To: Tom Lendacky <thomas.lendacky@....com>, Rik van Riel <riel@...riel.com>, x86@...nel.org Cc: linux-kernel@...r.kernel.org, bp@...en8.de, peterz@...radead.org, dave.hansen@...ux.intel.com, zhengqi.arch@...edance.com, nadav.amit@...il.com, kernel-team@...a.com, linux-mm@...ck.org, akpm@...ux-foundation.org, jannh@...gle.com Subject: Re: [PATCH v4 05/12] x86/mm: add INVLPGB support code On 1/14/25 08:30, Tom Lendacky wrote: >> Let me remove it again, now that we seem to have a >> consensus that a panic is preferable to a wrong >> TLB flush. > I believe the instruction will #GP if any of the ECX[30:16] reserved > bits are non-zero (although the APM doesn't document that), in addition > to ECX[15:0] being greater than allowed. But what if 0x80000000 is > passed in. That would set ECX[31] with a zero count field, which is > valid for the instruction, but the input is obviously bogus. > > I think the safest thing to do is make the extra_count parameter an > unsigned int and check if it is greater than invlpgb_count_max. Not sure > what to actually do at that point, though... panic()? WARN() with full > TLB flush? How about we give 'extra_count' a type that can't bleed over into the stride bits: static inline void __invlpgb(unsigned long asid, unsigned long pcid, unsigned long addr, u16 extra_count, bool pmd_stride, u8 flags) plus a check on CPUID 8000_0008h EDX[15:0] to make sure it's not 0xffff.
Powered by blists - more mailing lists