| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <83e4ffb4-26e9-4fc9-90ad-256a1613ba7d@citrix.com> Date: Sat, 21 Jun 2025 00:29:40 +0100 From: Andrew Cooper <andrew.cooper3@...rix.com> To: Sohil Mehta <sohil.mehta@...el.com>, dave.hansen@...el.com Cc: acme@...hat.com, aik@....com, akpm@...ux-foundation.org, alexander.shishkin@...ux.intel.com, ardb@...nel.org, ast@...nel.org, bp@...en8.de, brijesh.singh@....com, changbin.du@...wei.com, christophe.leroy@...roup.eu, corbet@....net, daniel.sneddon@...ux.intel.com, dave.hansen@...ux.intel.com, ebiggers@...gle.com, geert+renesas@...der.be, houtao1@...wei.com, hpa@...or.com, jgg@...pe.ca, jgross@...e.com, jpoimboe@...nel.org, kai.huang@...el.com, kees@...nel.org, kirill.shutemov@...ux.intel.com, leitao@...ian.org, linux-doc@...r.kernel.org, linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, linux@...musvillemoes.dk, luto@...nel.org, mcgrof@...nel.org, mhiramat@...nel.org, michael.roth@....com, mingo@...nel.org, mingo@...hat.com, namhyung@...nel.org, paulmck@...nel.org, pawan.kumar.gupta@...ux.intel.com, peterz@...radead.org, rick.p.edgecombe@...el.com, rppt@...nel.org, sandipan.das@....com, shijie@...amperecomputing.com, tglx@...utronix.de, tj@...nel.org, tony.luck@...el.com, vegard.nossum@...cle.com, x86@...nel.org, xin3.li@...el.com, xiongwei.song@...driver.com, ytcoode@...il.com Subject: Re: [PATCHv6 07/16] x86/vsyscall: Reorganize the #PF emulation code On 21/06/2025 12:18 am, Sohil Mehta wrote: > On 6/20/2025 4:08 PM, Andrew Cooper wrote: >>> But, the resulting code is wonky. It needs to do something more like this: >>> >>> if ((error_code & (X86_PF_WRITE | X86_PF_USER)) != X86_PF_USER) >>> return false; >>> >>> if (error_code & X86_PF_INSTR)) >>> return __emulate_vsyscall(regs, address); >> To do this, LASS needs a proper interlink against NX || SMEP. >> >> If neither NX nor SMEP are active, the CPU does not report X86_PF_INSTR, >> meaning that fetches are reported as plain reads. >> >> This leads to some fun corner cases in SMAP and now LASS too for virt. > Maybe I am missing something, but LASS works pre-paging so it wouldn't > generate a PF, right? Oh right, yes. This is a preexisting bug in vsyscall #PF handling. It simply became obvious with Dave's suggested rearrangement. ~Andrew
Powered by blists - more mailing lists