lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5F0DC7C6-58D9-4316-AFCB-3F002601DA9F@zytor.com>
Date: Wed, 02 Jul 2025 17:44:27 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Andrew Cooper <andrew.cooper3@...rix.com>
CC: acme@...hat.com, aik@....com, akpm@...ux-foundation.org,
        alexander.shishkin@...ux.intel.com, ardb@...nel.org, ast@...nel.org,
        bp@...en8.de, brijesh.singh@....com, changbin.du@...wei.com,
        christophe.leroy@...roup.eu, corbet@....net,
        daniel.sneddon@...ux.intel.com, dave.hansen@...ux.intel.com,
        ebiggers@...gle.com, geert+renesas@...der.be, houtao1@...wei.com,
        jgg@...pe.ca, jgross@...e.com, jpoimboe@...nel.org,
        kai.huang@...el.com, kees@...nel.org, kirill.shutemov@...ux.intel.com,
        leitao@...ian.org, linux-doc@...r.kernel.org,
        linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, linux@...musvillemoes.dk, luto@...nel.org,
        mcgrof@...nel.org, mhiramat@...nel.org, michael.roth@....com,
        mingo@...nel.org, mingo@...hat.com, namhyung@...nel.org,
        paulmck@...nel.org, pawan.kumar.gupta@...ux.intel.com,
        peterz@...radead.org, rick.p.edgecombe@...el.com, rppt@...nel.org,
        sandipan.das@....com, shijie@...amperecomputing.com,
        sohil.mehta@...el.com, tglx@...utronix.de, tj@...nel.org,
        tony.luck@...el.com, vegard.nossum@...cle.com, x86@...nel.org,
        xin3.li@...el.com, xiongwei.song@...driver.com, ytcoode@...il.com
Subject: Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS

On July 2, 2025 4:42:27 PM PDT, Andrew Cooper <andrew.cooper3@...rix.com> wrote:
>> Note: for a FRED system, ERETU can generate #SS for a non-canonical user space RSP
>
>How?  Or to phrase it differently, I hope not.
>
>%rsp is a 64bit value and does not have canonical restrictions elsewhere
>in the architecture, so far as I'm aware.  IRET really can restore a
>non-canonical %rsp, and userspace can run for an indeterminate period of
>time with a non-canonical %rsp as long as there are no stack accesses.
>
>Accesses relative to the the stack using a non-canonical pointer will
>suffer #SS, but ERETU doesn't modify the userspace stack AFAICT.  I
>can't see anything in the ERETU pseudocode in the FRED spec that
>mentions a canonical check or memory access using %rsp.
>
>~Andrew

You are right of course. Brainfart on my part.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ