| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a14155b7-65ff-4686-b6ba-a6900549864c@intel.com>
Date: Tue, 8 Jul 2025 19:40:35 -0700
From: Sohil Mehta <sohil.mehta@...el.com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Andy Lutomirski
<luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar
<mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen
<dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H. Peter Anvin"
<hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, Ard Biesheuvel
<ardb@...nel.org>, "Paul E. McKenney" <paulmck@...nel.org>, Josh Poimboeuf
<jpoimboe@...nel.org>, Xiongwei Song <xiongwei.song@...driver.com>, Xin Li
<xin3.li@...el.com>, "Mike Rapoport (IBM)" <rppt@...nel.org>, Brijesh Singh
<brijesh.singh@....com>, Michael Roth <michael.roth@....com>, Tony Luck
<tony.luck@...el.com>, Alexey Kardashevskiy <aik@....com>, Alexander Shishkin
<alexander.shishkin@...ux.intel.com>
CC: Jonathan Corbet <corbet@....net>, Ingo Molnar <mingo@...nel.org>, "Pawan
Gupta" <pawan.kumar.gupta@...ux.intel.com>, Daniel Sneddon
<daniel.sneddon@...ux.intel.com>, Kai Huang <kai.huang@...el.com>, "Sandipan
Das" <sandipan.das@....com>, Breno Leitao <leitao@...ian.org>, Rick Edgecombe
<rick.p.edgecombe@...el.com>, Alexei Starovoitov <ast@...nel.org>, Hou Tao
<houtao1@...wei.com>, Juergen Gross <jgross@...e.com>, Vegard Nossum
<vegard.nossum@...cle.com>, Kees Cook <kees@...nel.org>, Eric Biggers
<ebiggers@...gle.com>, Jason Gunthorpe <jgg@...pe.ca>, "Masami Hiramatsu
(Google)" <mhiramat@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>,
Luis Chamberlain <mcgrof@...nel.org>, Yuntao Wang <ytcoode@...il.com>,
"Rasmus Villemoes" <linux@...musvillemoes.dk>, Christophe Leroy
<christophe.leroy@...roup.eu>, Tejun Heo <tj@...nel.org>, Changbin Du
<changbin.du@...wei.com>, Huang Shijie <shijie@...amperecomputing.com>,
"Geert Uytterhoeven" <geert+renesas@...der.be>, Namhyung Kim
<namhyung@...nel.org>, Arnaldo Carvalho de Melo <acme@...hat.com>,
<linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-efi@...r.kernel.org>, <linux-mm@...ck.org>
Subject: Re: [PATCHv9 11/16] x86/traps: Communicate a LASS violation in #GP
message
On 7/7/2025 1:03 AM, Kirill A. Shutemov wrote:
> From: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
>
> Provide a more helpful message on #GP when a kernel side LASS violation
> is detected.
>
> A NULL pointer dereference is reported if a LASS violation occurs due to
> accessing the first page frame.
>
> Signed-off-by: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> ---
> arch/x86/kernel/traps.c | 41 +++++++++++++++++++++++++++++------------
> 1 file changed, 29 insertions(+), 12 deletions(-)
>
Reviewed-by: Sohil Mehta <sohil.mehta@...el.com>
A nit below.
> diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
> index 59bfbdf0a1a0..4a4194e1d119 100644
> --- a/arch/x86/kernel/traps.c
> +++ b/arch/x86/kernel/traps.c
> @@ -636,7 +636,16 @@ DEFINE_IDTENTRY(exc_bounds)
> enum kernel_gp_hint {
> GP_NO_HINT,
> GP_NON_CANONICAL,
> - GP_CANONICAL
> + GP_CANONICAL,
> + GP_LASS_VIOLATION,
> + GP_NULL_POINTER,
> +};
> +
> +static const char * const kernel_gp_hint_help[] = {
> + [GP_NON_CANONICAL] = "probably for non-canonical address",
> + [GP_CANONICAL] = "maybe for address",
> + [GP_LASS_VIOLATION] = "LASS prevented access to address",
> + [GP_NULL_POINTER] = "kernel NULL pointer dereference",
> };
>
> /*
> @@ -664,14 +673,23 @@ static enum kernel_gp_hint get_kernel_gp_address(struct pt_regs *regs,
> return GP_NO_HINT;
>
> #ifdef CONFIG_X86_64
Might as well get rid of the #ifdef in C code, if possible.
if (!IS_ENABLED(CONFIG_X86_64)
return GP_CANONICAL;
or combine it with the next check.
> - /*
> - * Check that:
> - * - the operand is not in the kernel half
> - * - the last byte of the operand is not in the user canonical half
> - */
> - if (*addr < ~__VIRTUAL_MASK &&
> - *addr + insn.opnd_bytes - 1 > __VIRTUAL_MASK)
> + /* Operand is in the kernel half */
> + if (*addr >= ~__VIRTUAL_MASK)
> + return GP_CANONICAL;
> +
> + /* The last byte of the operand is not in the user canonical half */
> + if (*addr + insn.opnd_bytes - 1 > __VIRTUAL_MASK)
> return GP_NON_CANONICAL;
> +
> + /*
> + * If LASS is enabled, NULL pointer dereference generates
> + * #GP instead of #PF.
> + */
> + if (*addr < PAGE_SIZE)
> + return GP_NULL_POINTER;
> +
> + if (cpu_feature_enabled(X86_FEATURE_LASS))
> + return GP_LASS_VIOLATION;
> #endif
>
> return GP_CANONICAL;
Powered by blists - more mailing lists