Re: Do the x86 kernel entry points need an xabort on TSX cpus?

From: H. Peter Anvin
Date: Fri Feb 10 2012 - 12:18:54 EST

Next message: Nelson, Doug: "Re: scsi_id: sending ioctl 2285 to a partition"
Previous message: Daniel Vetter: "Re: [PATCH] drm/i915: Fix race condition in accessing GMBUS"
In reply to: Andy Lutomirski: "Do the x86 kernel entry points need an xabort on TSX cpus?"
Next in thread: Andy Lutomirski: "Re: Do the x86 kernel entry points need an xabort on TSX cpus?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/09/2012 11:40 PM, Andy Lutomirski wrote:

[...]

- Ring transitions: SYSENTER, SYSCALL, SYSEXIT, and SYSRET.

I suspect that many bits of the kernel expect that things they do
won't unhappen. For example, it could be fun to do:

That's why entering the kernel will cause an abort. In other words, you will ALWAYS abort when you do a read(), and you will never reach your _xabort().

int devrandom = open("/dev/random", O_RDONLY);
unsigned int abort_code = _xbegin();

if (abort_code& 1) {
printf("Your next random byte is %d\n", (int)(abort_code>> 24));
} else if (abort_code != 0) {
printf("Attack failed\n");
} else {
char r;
read(devrandom,&r, 1);
_xabort(r);
}

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nelson, Doug: "Re: scsi_id: sending ioctl 2285 to a partition"
Previous message: Daniel Vetter: "Re: [PATCH] drm/i915: Fix race condition in accessing GMBUS"
In reply to: Andy Lutomirski: "Do the x86 kernel entry points need an xabort on TSX cpus?"
Next in thread: Andy Lutomirski: "Re: Do the x86 kernel entry points need an xabort on TSX cpus?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]