| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <95dc18fd-73b0-4019-92d2-c0e6aaf22c96@intel.com>
Date: Tue, 1 Jul 2025 18:35:40 -0700
From: Sohil Mehta <sohil.mehta@...el.com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Andy Lutomirski
<luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar
<mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen
<dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H. Peter Anvin"
<hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, Ard Biesheuvel
<ardb@...nel.org>, "Paul E. McKenney" <paulmck@...nel.org>, Josh Poimboeuf
<jpoimboe@...nel.org>, Xiongwei Song <xiongwei.song@...driver.com>, Xin Li
<xin3.li@...el.com>, "Mike Rapoport (IBM)" <rppt@...nel.org>, Brijesh Singh
<brijesh.singh@....com>, Michael Roth <michael.roth@....com>, Tony Luck
<tony.luck@...el.com>, Alexey Kardashevskiy <aik@....com>, Alexander Shishkin
<alexander.shishkin@...ux.intel.com>
CC: Jonathan Corbet <corbet@....net>, Ingo Molnar <mingo@...nel.org>, "Pawan
Gupta" <pawan.kumar.gupta@...ux.intel.com>, Daniel Sneddon
<daniel.sneddon@...ux.intel.com>, Kai Huang <kai.huang@...el.com>, "Sandipan
Das" <sandipan.das@....com>, Breno Leitao <leitao@...ian.org>, Rick Edgecombe
<rick.p.edgecombe@...el.com>, Alexei Starovoitov <ast@...nel.org>, Hou Tao
<houtao1@...wei.com>, Juergen Gross <jgross@...e.com>, Vegard Nossum
<vegard.nossum@...cle.com>, Kees Cook <kees@...nel.org>, Eric Biggers
<ebiggers@...gle.com>, Jason Gunthorpe <jgg@...pe.ca>, "Masami Hiramatsu
(Google)" <mhiramat@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>,
Luis Chamberlain <mcgrof@...nel.org>, Yuntao Wang <ytcoode@...il.com>,
"Rasmus Villemoes" <linux@...musvillemoes.dk>, Christophe Leroy
<christophe.leroy@...roup.eu>, Tejun Heo <tj@...nel.org>, Changbin Du
<changbin.du@...wei.com>, Huang Shijie <shijie@...amperecomputing.com>,
"Geert Uytterhoeven" <geert+renesas@...der.be>, Namhyung Kim
<namhyung@...nel.org>, Arnaldo Carvalho de Melo <acme@...hat.com>,
<linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-efi@...r.kernel.org>, <linux-mm@...ck.org>
Subject: Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS
On 7/1/2025 2:58 AM, Kirill A. Shutemov wrote:
> LASS throws a #GP for any violations except for stack register accesses,
> in which case it throws a #SS instead. Handle this similarly to how other
> LASS violations are handled.
>
Maybe I've misunderstood something:
Is the underlying assumption here that #SS were previously only
generated by userspace, but now they can also be generated by the
kernel? And we want the kernel generated #SS to behave the same as the #GP?
> In case of FRED, before handling #SS as LASS violation, kernel has to
> check if there's a fixup for the exception. It can address #SS due to
> invalid user context on ERETU. See 5105e7687ad3 ("x86/fred: Fixup
> fault on ERETU by jumping to fred_entrypoint_user") for more details.
>
> Co-developed-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> ---
> arch/x86/kernel/traps.c | 39 +++++++++++++++++++++++++++++++++------
> 1 file changed, 33 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
> index ceb091f17a5b..f9ca5b911141 100644
> --- a/arch/x86/kernel/traps.c
> +++ b/arch/x86/kernel/traps.c
> @@ -418,12 +418,6 @@ DEFINE_IDTENTRY_ERRORCODE(exc_segment_not_present)
> SIGBUS, 0, NULL);
> }
>
> -DEFINE_IDTENTRY_ERRORCODE(exc_stack_segment)
> -{
> - do_error_trap(regs, error_code, "stack segment", X86_TRAP_SS, SIGBUS,
> - 0, NULL);
> -}
> -
> DEFINE_IDTENTRY_ERRORCODE(exc_alignment_check)
> {
> char *str = "alignment check";
> @@ -866,6 +860,39 @@ DEFINE_IDTENTRY_ERRORCODE(exc_general_protection)
> cond_local_irq_disable(regs);
> }
>
> +#define SSFSTR "stack segment fault"
> +
> +DEFINE_IDTENTRY_ERRORCODE(exc_stack_segment)
> +{
> + if (user_mode(regs))
> + goto error_trap;
> +
> + if (cpu_feature_enabled(X86_FEATURE_FRED) &&
> + fixup_exception(regs, X86_TRAP_SS, error_code, 0))
> + return;
> +
> + if (cpu_feature_enabled(X86_FEATURE_LASS)) {
> + enum kernel_exc_hint hint;
> + unsigned long exc_addr;
> +
> + hint = get_kernel_exc_address(regs, &exc_addr);
> + if (hint != EXC_NO_HINT) {
The brackets are not needed for singular statements. Also the max line
length is longer now. You can fit this all in a single line.
> + printk(SSFSTR ", %s 0x%lx", kernel_exc_hint_help[hint],
> + exc_addr);
> + }
> +
> + if (hint != EXC_NON_CANONICAL)
> + exc_addr = 0;
> +
> + die_addr(SSFSTR, regs, error_code, exc_addr);
The variable names in die_addr() should be generalized as well. They
seem to assume the caller to be a #GP handler.
> + return;
> + }
> +
> +error_trap:
> + do_error_trap(regs, error_code, "stack segment", X86_TRAP_SS, SIGBUS,
> + 0, NULL);
> +}
> +
> static bool do_int3(struct pt_regs *regs)
> {
> int res;
Powered by blists - more mailing lists