lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <15270685-c5e0-40f6-91ff-87ff57fdd4d4@citrix.com>
Date: Mon, 1 Sep 2025 19:26:36 +0100
From: Andrew Cooper <andrew.cooper3@...rix.com>
To: samuele@...ea.dev
Cc: bp@...en8.de, dave.hansen@...ux.intel.com, linux-kernel@...r.kernel.org,
 mingo@...hat.com, tglx@...utronix.de, x86@...nel.org
Subject: Re: [PATCH v2] x86/traps: Handle trap flag when instruction is
 emulated

> Simulate the trap flag (TF) behavior when the kernel emulates UIMP
> instructions and iopl instructions.

You'll want to do this for CPUID too when CPUID Faulting is active.

> diff
> <https://lore.kernel.org/lkml/20250901162527.18247-2-samuele@cerea.dev/#iZ31arch:x86:kernel:traps.c>
> --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index
> 36354b470590..bea28473866b 100644 --- a/arch/x86/kernel/traps.c +++
> b/arch/x86/kernel/traps.c
> @@ -705,6 +718,7 @@ static bool fixup_iopl_exception(struct pt_regs
> *regs)  	}
>  
>  	regs->ip += 1;
> + emulate_trap_flag(regs);  	return true;
>  }
>  

There's a fun bug in fixup_iopl_exception() which you're turning from
latent to real.

Not all STI/CLI instructions are 1 byte long.  If they have a redundant
prefix, the old logic would simply brute-force through the instruction 1
prefix byte at a time.

But now, you'll generate SIGTRAP in the middle of the instruction.

~Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ