lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251029071109.Hj1fO_B-@linutronix.de>
Date: Wed, 29 Oct 2025 08:11:09 +0100
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Xie Yuanbin <xieyuanbin1@...wei.com>
Cc: akpm@...ux-foundation.org, arnd@...db.de, brauner@...nel.org,
	kuninori.morimoto.gx@...esas.com, liaohua4@...wei.com,
	lilinjie8@...wei.com, linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org, linux@...linux.org.uk,
	lorenzo.stoakes@...cle.com, marc.zyngier@....com, pfalcato@...e.de,
	punitagrawal@...il.com, rjw@...ysocki.net,
	rmk+kernel@...linux.org.uk, rppt@...nel.org, tony@...mide.com,
	vbabka@...e.cz, will@...nel.org
Subject: Re: [PATCH v2 RESEND 1/2] ARM: spectre-v2: Fix potential missing
 mitigations

On 2025-10-29 10:41:51 [+0800], Xie Yuanbin wrote:
> On Tue, 28 Oct 2025 17:20:05 +0100, Sebastian Andrzej Siewior wrote:
> > If I apply both patches (of yours) then it sends a
> > signal with disabled interrupts which breaks my PREEMPT_RT case.
> 
> I am not familiar with PREEMPT_RT yet and do not know that signals cannot
> be sent with disabled interrupts and PREEMPT_RT=y.
> I apologize for this.

no worries.

> On Tue, 28 Oct 2025 19:20:52 +0100, Sebastian Andrzej Siewior wrote:
> > !LPAE does do_bad_area() -> __do_user_fault() and does not trigger the
> > warning in harden_branch_predictor() because the interrupts are off.
> > On PREEMPT_RT this leads to an error due to accessing spinlock_t from
> > force_sig_fault() with disabled interrupts.
> 
> This seems to be a more serious bug, and may require another patch to
> fix it. Not only !LPAE is affected, but LAPE=y is also affected:
> do_translation_fault() -> do_bad_area() -> __do_user_fault()
> This code path seems very easy to trigger.

correct.

> > I guess the requirement is to invoke harden_branch_predictor() on the
> > same CPU that triggered the page_fault, right? Couldn't we then move
> > harden_branch_predictor() a little bit earlier, invoke it in the >=
> > TASK_SIZE case and then enable interrupts if they were enabled?
> >
> > That would make me happy ;)
> 
> This seems to only fix the warning in harden_branch_predictor, but cannot
> fix the issue of sending signals with disabled interrupts mentioned above.
> 
> What about adding:

I was planning to just move it up. Let me try to form something in a
bit.

> Xie Yuanbin

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ