lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251028182052.nrRad87D@linutronix.de>
Date: Tue, 28 Oct 2025 19:20:52 +0100
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Xie Yuanbin <xieyuanbin1@...wei.com>
Cc: rmk+kernel@...linux.org.uk, linux@...linux.org.uk, rppt@...nel.org,
	vbabka@...e.cz, pfalcato@...e.de, brauner@...nel.org,
	lorenzo.stoakes@...cle.com, kuninori.morimoto.gx@...esas.com,
	tony@...mide.com, arnd@...db.de, akpm@...ux-foundation.org,
	punitagrawal@...il.com, rjw@...ysocki.net, marc.zyngier@....com,
	will@...nel.org, linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org, liaohua4@...wei.com,
	lilinjie8@...wei.com
Subject: Re: [PATCH v2 RESEND 1/2] ARM: spectre-v2: Fix potential missing
 mitigations

On 2025-10-28 17:20:06 [+0100], To Xie Yuanbin wrote:
> On 2025-10-16 20:16:21 [+0800], Xie Yuanbin wrote:
> > Over the past six years, there have been continuous reports of this bug:
> …
> > 2019.3.19 https://lore.kernel.org/all/20190319203239.gl46fxnfz6gzeeic@linutronix.de/
> > 
> > To fix it, we must check whether mitigation are needed before enabling
> > interrupt(with PREEMPT) or before calling mm_read_lock()(without PREEMPT).
> > 
> > Fixes: f5fe12b1eaee ("ARM: spectre-v2: harden user aborts in kernel space")
> 
> Hmm.
> I was moving things back in 2019 but things shifted and this is no
> longer required. If I apply both patches (of yours) then it sends a
> signal with disabled interrupts which breaks my PREEMPT_RT case.

Now I got my things together.
LPAE enables interrupts early in do_page_fault(), therefore accessing a
kernel address from userland triggers the warning in
harden_branch_predictor() before sending the signal.

!LPAE does do_bad_area() -> __do_user_fault() and does not trigger the
warning in harden_branch_predictor() because the interrupts are off. 
On PREEMPT_RT this leads to an error due to accessing spinlock_t from
force_sig_fault() with disabled interrupts. Therefore I did enable
interrupts early and would need end up with the same warning as in the
LPAE case.

Now Russell wants to keep interrupts/ preemption disabled for the
address > TASK_SIZE for the entire page fault path to so that
harden_branch_predictor() works properly.

If we need that, then it won't work with the preempt-disable suggestion
I had… We don't send SIGKILL because userland might want emulate paging
for the kernel regions. Okay.

I guess the requirement is to invoke harden_branch_predictor() on the
same CPU that triggered the page_fault, right? Couldn't we then move
harden_branch_predictor() a little bit earlier, invoke it in the >=
TASK_SIZE case and then enable interrupts if they were enabled?

That would make me happy ;)

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ