On Mar 28, 2015 6:17 AM, "Denys Vlasenko" wrote:
>
> On Sat, Mar 28, 2015 at 10:46 AM, Ingo Molnar wrote:
> > * Denys Vlasenko wrote:
> >> This is a C function. [...]
> >
> > Arguably that's a self-inflicted wound of uclibc: nothing keeps it
> > from taking advantage of the syscall ABI and
On Mar 28, 2015 6:17 AM, Denys Vlasenko vda.li...@googlemail.com wrote:
On Sat, Mar 28, 2015 at 10:46 AM, Ingo Molnar mi...@kernel.org wrote:
* Denys Vlasenko vda.li...@googlemail.com wrote:
This is a C function. [...]
Arguably that's a self-inflicted wound of uclibc: nothing keeps it
On Sat, Mar 28, 2015 at 10:46 AM, Ingo Molnar wrote:
> * Denys Vlasenko wrote:
>> This is a C function. [...]
>
> Arguably that's a self-inflicted wound of uclibc: nothing keeps it
> from taking advantage of the syscall ABI and avoiding the double
> save/restores.
It's not uclibc who calls
On Sat, Mar 28, 2015 at 1:39 AM, Linus Torvalds
wrote:
> What part of "don't leak kernel data" did you have trouble understanding?
>
> IOW, this is a *security* issue. Stop arguing for crazy shit.
We can zero the registers instead of saving/restoring them.
push/pop pair takes 1-2 cycles at best,
* Denys Vlasenko wrote:
> On Fri, Mar 27, 2015 at 9:00 PM, Linus Torvalds
> wrote:
> > On Fri, Mar 27, 2015 at 7:25 AM, Denys Vlasenko wrote:
> >>
> >> Apparently, users *don't* depend on arithmetic flags
> >> to survive over syscall. They also okay with DF flag
> >> being cleared.
> >
> >
On Fri, Mar 27, 2015 at 01:09:34PM -0700, Linus Torvalds wrote:
> I think AMD documented that the sti "interrupt shadow" shadows even
> NMI.
Hmm, official docs says this:
"15.21.5 Interrupt Shadows
The x86 architecture defines the notion of an interrupt shadow—a
single-instruction window during
* Linus Torvalds wrote:
> On Fri, Mar 27, 2015 at 1:53 PM, Brian Gerst wrote:
> >> <-- IRQ. Boom
> >
> > The sti will delay interrupts for one instruction, and that should include
> > NMIs.
>
> Nope. Intel explicitly documents the NMI case only for mov->ss and popss.
>
> > The Intel SDM
Hi,
Beware that could be opening the door to information leaks for a very
small gain (most syscalls are not getuid).
Best,
OG.
On Sat, Mar 28, 2015 at 1:34 AM, Denys Vlasenko
wrote:
> On Fri, Mar 27, 2015 at 9:00 PM, Linus Torvalds
> wrote:
>> On Fri, Mar 27, 2015 at 7:25 AM, Denys
* Linus Torvalds wrote:
> On Fri, Mar 27, 2015 at 1:53 PM, Brian Gerst wrote:
> >> <-- IRQ. Boom
> >
> > The sti will delay interrupts for one instruction, and that should include
> > NMIs.
>
> Nope. Intel explicitly documents the NMI case only for mov->ss and popss.
Interestingly, I still
On Sat, Mar 28, 2015 at 10:46 AM, Ingo Molnar mi...@kernel.org wrote:
* Denys Vlasenko vda.li...@googlemail.com wrote:
This is a C function. [...]
Arguably that's a self-inflicted wound of uclibc: nothing keeps it
from taking advantage of the syscall ABI and avoiding the double
On Sat, Mar 28, 2015 at 1:39 AM, Linus Torvalds
torva...@linux-foundation.org wrote:
What part of don't leak kernel data did you have trouble understanding?
IOW, this is a *security* issue. Stop arguing for crazy shit.
We can zero the registers instead of saving/restoring them.
push/pop pair
* Linus Torvalds torva...@linux-foundation.org wrote:
On Fri, Mar 27, 2015 at 1:53 PM, Brian Gerst brge...@gmail.com wrote:
-- IRQ. Boom
The sti will delay interrupts for one instruction, and that should include
NMIs.
Nope. Intel explicitly documents the NMI case only for mov-ss
Hi,
Beware that could be opening the door to information leaks for a very
small gain (most syscalls are not getuid).
Best,
OG.
On Sat, Mar 28, 2015 at 1:34 AM, Denys Vlasenko
vda.li...@googlemail.com wrote:
On Fri, Mar 27, 2015 at 9:00 PM, Linus Torvalds
torva...@linux-foundation.org
On Fri, Mar 27, 2015 at 01:09:34PM -0700, Linus Torvalds wrote:
I think AMD documented that the sti interrupt shadow shadows even
NMI.
Hmm, official docs says this:
15.21.5 Interrupt Shadows
The x86 architecture defines the notion of an interrupt shadow—a
single-instruction window during
* Denys Vlasenko vda.li...@googlemail.com wrote:
On Fri, Mar 27, 2015 at 9:00 PM, Linus Torvalds
torva...@linux-foundation.org wrote:
On Fri, Mar 27, 2015 at 7:25 AM, Denys Vlasenko dvlas...@redhat.com wrote:
Apparently, users *don't* depend on arithmetic flags
to survive over syscall.
* Linus Torvalds torva...@linux-foundation.org wrote:
On Fri, Mar 27, 2015 at 1:53 PM, Brian Gerst brge...@gmail.com wrote:
-- IRQ. Boom
The sti will delay interrupts for one instruction, and that should include
NMIs.
Nope. Intel explicitly documents the NMI case only for mov-ss
On Fri, Mar 27, 2015 at 9:00 PM, Linus Torvalds
wrote:
> On Fri, Mar 27, 2015 at 7:25 AM, Denys Vlasenko wrote:
>>
>> Apparently, users *don't* depend on arithmetic flags
>> to survive over syscall. They also okay with DF flag
>> being cleared.
>
> Generally, users probably dont' care about many
On Fri, Mar 27, 2015 at 1:31 PM, Linus Torvalds
wrote:
> On Fri, Mar 27, 2015 at 1:16 PM, Andy Lutomirski wrote:
>>
>> Does it matter on 32-bit kernels? There's no swapgs, so IRQs should
>> still be safe, and we have a real stack pointer before sysexit.
>
> Fair enough. On 32-bit, the only
On Fri, Mar 27, 2015 at 1:53 PM, Brian Gerst wrote:
>> <-- IRQ. Boom
>
> The sti will delay interrupts for one instruction, and that should include
> NMIs.
Nope. Intel explicitly documents the NMI case only for mov->ss and popss.
> The Intel SDM states for STI:
> "The IF flag and the STI and
On Fri, Mar 27, 2015 at 2:37 PM, Andy Lutomirski wrote:
> On Mar 27, 2015 7:26 AM, "Denys Vlasenko" wrote:
>>
>> Hi,
>>
>> While running some tests I noticed that EFLAGS
>> is not saved across syscalls if I use 32-bit
>> userspace, use SYSENTER, and paravirt is active.
>>
>> Looking at the code,
On Fri, Mar 27, 2015 at 1:16 PM, Andy Lutomirski wrote:
>
> Does it matter on 32-bit kernels? There's no swapgs, so IRQs should
> still be safe, and we have a real stack pointer before sysexit.
Fair enough. On 32-bit, the only worry is the race between "return to
user space" and "something set
On Fri, Mar 27, 2015 at 1:09 PM, Linus Torvalds
wrote:
> On Fri, Mar 27, 2015 at 11:37 AM, Andy Lutomirski wrote:
>>
>> User does sysenter. We end up in native_irq_enable_sysexit. We do:
>>
>> swapgs
>> sti
>>
>> <-- NMI here can happen on some (all?) cpus, returns successfully
>> *with
On Fri, Mar 27, 2015 at 11:37 AM, Andy Lutomirski wrote:
>
> User does sysenter. We end up in native_irq_enable_sysexit. We do:
>
> swapgs
> sti
>
> <-- NMI here can happen on some (all?) cpus, returns successfully
> *with interrupts unmasked*
I think AMD documented that the sti "interrupt
On Fri, Mar 27, 2015 at 7:25 AM, Denys Vlasenko wrote:
>
> Apparently, users *don't* depend on arithmetic flags
> to survive over syscall. They also okay with DF flag
> being cleared.
Generally, users probably dont' care about many registers at all being
saved, but it's worth noting that the
On Mar 27, 2015 7:26 AM, "Denys Vlasenko" wrote:
>
> Hi,
>
> While running some tests I noticed that EFLAGS
> is not saved across syscalls if I use 32-bit
> userspace, use SYSENTER, and paravirt is active.
>
> Looking at the code, it's actually clear why that happens.
>
> /*
> * SYSENTER loads
+ Linus.
On Fri, Mar 27, 2015 at 03:25:47PM +0100, Denys Vlasenko wrote:
> Hi,
>
> While running some tests I noticed that EFLAGS
> is not saved across syscalls if I use 32-bit
> userspace, use SYSENTER, and paravirt is active.
>
> Looking at the code, it's actually clear why that happens.
>
>
Hi,
While running some tests I noticed that EFLAGS
is not saved across syscalls if I use 32-bit
userspace, use SYSENTER, and paravirt is active.
Looking at the code, it's actually clear why that happens.
/*
* SYSENTER loads ss, rsp, cs, and rip from previously programmed MSRs.
* IF and VM in
Hi,
While running some tests I noticed that EFLAGS
is not saved across syscalls if I use 32-bit
userspace, use SYSENTER, and paravirt is active.
Looking at the code, it's actually clear why that happens.
/*
* SYSENTER loads ss, rsp, cs, and rip from previously programmed MSRs.
* IF and VM in
+ Linus.
On Fri, Mar 27, 2015 at 03:25:47PM +0100, Denys Vlasenko wrote:
Hi,
While running some tests I noticed that EFLAGS
is not saved across syscalls if I use 32-bit
userspace, use SYSENTER, and paravirt is active.
Looking at the code, it's actually clear why that happens.
/*
*
On Fri, Mar 27, 2015 at 7:25 AM, Denys Vlasenko dvlas...@redhat.com wrote:
Apparently, users *don't* depend on arithmetic flags
to survive over syscall. They also okay with DF flag
being cleared.
Generally, users probably dont' care about many registers at all being
saved, but it's worth
On Fri, Mar 27, 2015 at 11:37 AM, Andy Lutomirski l...@amacapital.net wrote:
User does sysenter. We end up in native_irq_enable_sysexit. We do:
swapgs
sti
-- NMI here can happen on some (all?) cpus, returns successfully
*with interrupts unmasked*
I think AMD documented that the sti
On Fri, Mar 27, 2015 at 1:16 PM, Andy Lutomirski l...@amacapital.net wrote:
Does it matter on 32-bit kernels? There's no swapgs, so IRQs should
still be safe, and we have a real stack pointer before sysexit.
Fair enough. On 32-bit, the only worry is the race between return to
user space and
On Fri, Mar 27, 2015 at 1:09 PM, Linus Torvalds
torva...@linux-foundation.org wrote:
On Fri, Mar 27, 2015 at 11:37 AM, Andy Lutomirski l...@amacapital.net wrote:
User does sysenter. We end up in native_irq_enable_sysexit. We do:
swapgs
sti
-- NMI here can happen on some (all?) cpus,
On Mar 27, 2015 7:26 AM, Denys Vlasenko dvlas...@redhat.com wrote:
Hi,
While running some tests I noticed that EFLAGS
is not saved across syscalls if I use 32-bit
userspace, use SYSENTER, and paravirt is active.
Looking at the code, it's actually clear why that happens.
/*
* SYSENTER
On Fri, Mar 27, 2015 at 1:53 PM, Brian Gerst brge...@gmail.com wrote:
-- IRQ. Boom
The sti will delay interrupts for one instruction, and that should include
NMIs.
Nope. Intel explicitly documents the NMI case only for mov-ss and popss.
The Intel SDM states for STI:
The IF flag and the
On Fri, Mar 27, 2015 at 1:31 PM, Linus Torvalds
torva...@linux-foundation.org wrote:
On Fri, Mar 27, 2015 at 1:16 PM, Andy Lutomirski l...@amacapital.net wrote:
Does it matter on 32-bit kernels? There's no swapgs, so IRQs should
still be safe, and we have a real stack pointer before sysexit.
On Fri, Mar 27, 2015 at 2:37 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mar 27, 2015 7:26 AM, Denys Vlasenko dvlas...@redhat.com wrote:
Hi,
While running some tests I noticed that EFLAGS
is not saved across syscalls if I use 32-bit
userspace, use SYSENTER, and paravirt is active.
On Fri, Mar 27, 2015 at 9:00 PM, Linus Torvalds
torva...@linux-foundation.org wrote:
On Fri, Mar 27, 2015 at 7:25 AM, Denys Vlasenko dvlas...@redhat.com wrote:
Apparently, users *don't* depend on arithmetic flags
to survive over syscall. They also okay with DF flag
being cleared.
Generally,
38 matches
Mail list logo
