| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <F535D469-6B77-47CC-8D04-FA6D8D7E937D@zytor.com>
Date: Fri, 23 May 2025 00:42:18 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Xin Li <xin@...or.com>, Andrew Cooper <andrew.cooper3@...rix.com>,
Dave Hansen <dave.hansen@...el.com>, linux-kernel@...r.kernel.org
CC: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, peterz@...radead.org,
stable@...r.kernel.org
Subject: Re: [PATCH v2 1/1] x86/fred/signal: Prevent single-step upon ERETU completion
On May 22, 2025 5:57:31 PM PDT, Xin Li <xin@...or.com> wrote:
>On 5/22/2025 10:53 AM, Andrew Cooper wrote:
>> This was a behaviour intentionally changed in FRED so traps wouldn't get
>> lost if an exception where to occur.
>>
>> What precise case is triggering this?
>
>Following is the test code:
>
>// SPDX-License-Identifier: GPL-2.0-or-later
>/*
> * Copyright (C) 2025 Intel Corporation
> */
>#define _GNU_SOURCE
>
>#include <err.h>
>#include <signal.h>
>#include <stdio.h>
>#include <stdlib.h>
>#include <string.h>
>#include <sys/ucontext.h>
>
>static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *), int flags)
>{
> struct sigaction sa;
>
> memset(&sa, 0, sizeof(sa));
> sa.sa_sigaction = handler;
> sa.sa_flags = SA_SIGINFO | flags;
> sigemptyset(&sa.sa_mask);
>
> if (sigaction(sig, &sa, 0))
> err(1, "sigaction");
>
> return;
>}
>
>static void sigtrap(int sig, siginfo_t *info, void *ctx_void)
>{
> ucontext_t *ctx = (ucontext_t *)ctx_void;
> static unsigned long last_trap_ip;
> static unsigned int loop_count_on_same_ip;
>
> if (last_trap_ip == ctx->uc_mcontext.gregs[REG_RIP]) {
> printf("trapped on %016lx\n", last_trap_ip);
>
> if (++loop_count_on_same_ip > 10) {
> printf("trap loop detected, test failed\n");
> exit(2);
> }
>
> return;
> }
>
> loop_count_on_same_ip = 0;
> last_trap_ip = ctx->uc_mcontext.gregs[REG_RIP];
> printf("trapped on %016lx\n", last_trap_ip);
>}
>
>int main(int argc, char *argv[])
>{
> sethandler(SIGTRAP, sigtrap, 0);
>
> asm volatile("push $0x302\n\t"
> "popf\n\t"
> "nop\n\t"
> "nop\n\t"
> "push $0x202\n\t"
> "popf\n\t");
>
> printf("test passed\n");
>}
>
>
>W/o the fix when FRED enabled, I get:
>xin@...d-ubt:~$ ./lass_test
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trapped on 00000000004012fe
>trap loop detected, test failed
>
>
>W/ the fix when FRED enabled:
>[xin@dev ~]$ ./lass_test
>trapped on 00000000004012fe
>trapped on 00000000004012ff
>trapped on 0000000000401304
>trapped on 0000000000401305
>test passed
>
>Obviously the test passes on IDT.
>
>As Dave asked, I will integrate this test into selftests.
>
>Thanks!
> Xin
Btw, make the test work on 32 bits as well (just a matter of using a different ucontext.)
Powered by blists - more mailing lists