| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <15270685-c5e0-40f6-91ff-87ff57fdd4d4@citrix.com> Date: Mon, 1 Sep 2025 19:26:36 +0100 From: Andrew Cooper <andrew.cooper3@...rix.com> To: samuele@...ea.dev Cc: bp@...en8.de, dave.hansen@...ux.intel.com, linux-kernel@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de, x86@...nel.org Subject: Re: [PATCH v2] x86/traps: Handle trap flag when instruction is emulated > Simulate the trap flag (TF) behavior when the kernel emulates UIMP > instructions and iopl instructions. You'll want to do this for CPUID too when CPUID Faulting is active. > diff > <https://lore.kernel.org/lkml/20250901162527.18247-2-samuele@cerea.dev/#iZ31arch:x86:kernel:traps.c> > --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index > 36354b470590..bea28473866b 100644 --- a/arch/x86/kernel/traps.c +++ > b/arch/x86/kernel/traps.c > @@ -705,6 +718,7 @@ static bool fixup_iopl_exception(struct pt_regs > *regs) } > > regs->ip += 1; > + emulate_trap_flag(regs); return true; > } > There's a fun bug in fixup_iopl_exception() which you're turning from latent to real. Not all STI/CLI instructions are 1 byte long. If they have a redundant prefix, the old logic would simply brute-force through the instruction 1 prefix byte at a time. But now, you'll generate SIGTRAP in the middle of the instruction. ~Andrew
Powered by blists - more mailing lists