From: Andrea Arcangeli <andrea@suse.de>
To: Andi Kleen <ak@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org, jh@suse.cz, bgerst@didntduck.org
Subject: Re: SSE related security hole
Date: Sat, 20 Apr 2002 05:23:03 +0200 [thread overview]
Message-ID: <20020420052303.F1291@dualathlon.random> (raw)
In-Reply-To: <20020419230454.C1291@dualathlon.random> <2459.131.107.184.74.1019252157.squirrel@www.zytor.com> <20020419234206.A15187@wotan.suse.de>
On Fri, Apr 19, 2002 at 11:42:06PM +0200, Andi Kleen wrote:
> On Fri, Apr 19, 2002 at 02:35:57PM -0700, H. Peter Anvin wrote:
> > would initialize the entire FPU, including any state that future
> > processors may add, thus reducing the likelihood of any funnies in the
> > future.
>
> That's also why I like it.
Trusting the "boot state" of the cpu would require the BIOS to match the
linux ABI. The FPU must be in a known initialized state at the linux
level, not at the BIOS level, as first for the mxcsr, but also the other
registers should be set to zero by default so gcc can exploit that (I
guess that's what gcc is just doing and that's why Honza noticed it). so
if new future processors will add new stuff, the new stuff will have to
be initialized again in the "fxrestor" default payload in linux (so
requiring a modification to the OS), and having to change the default
rxrestor payload for a new cpu is equivalent to add another xor there
(modulo the runtime check on the cpu features that could be avoided with
two separate exception handlers for each cpu revision but it's fast
enough that it doesn't matter at the moment on x86).
Andrea
next prev parent reply other threads:[~2002-04-20 3:21 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20020418183639.20946.qmail@science.horizon.com.suse.lists.linux.kernel>
[not found] ` <a9ncgs$2s2$1@cesium.transmeta.com.suse.lists.linux.kernel>
2002-04-19 14:06 ` SSE related security hole Andi Kleen
2002-04-19 18:00 ` Doug Ledford
2002-04-19 21:04 ` Andrea Arcangeli
2002-04-19 21:35 ` H. Peter Anvin
2002-04-19 21:42 ` Andi Kleen
2002-04-20 3:23 ` Andrea Arcangeli [this message]
2002-04-19 23:12 ` [PATCH] " Brian Gerst
2002-04-19 23:41 ` Linus Torvalds
2002-04-20 0:01 ` H. Peter Anvin
2002-04-20 0:09 ` Linus Torvalds
2002-04-20 0:11 ` Brian Gerst
2002-04-20 0:19 ` H. Peter Anvin
2002-04-20 0:29 ` Linus Torvalds
2002-04-20 0:31 ` Alan Cox
2002-04-20 0:08 ` Brian Gerst
2002-04-20 0:21 ` Linus Torvalds
2002-04-20 4:21 ` Andrea Arcangeli
2002-04-20 4:35 ` Linus Torvalds
2002-04-20 5:07 ` Andrea Arcangeli
2002-04-20 16:27 ` Linus Torvalds
2002-04-20 17:27 ` Andrea Arcangeli
2002-04-20 17:38 ` Linus Torvalds
2002-04-20 18:12 ` Andrea Arcangeli
2002-04-20 19:30 ` Linus Torvalds
2002-04-20 19:41 ` Andi Kleen
2002-04-20 21:28 ` Andrea Arcangeli
2002-04-20 22:43 ` H. Peter Anvin
2002-04-21 2:09 ` Andrea Arcangeli
2002-04-20 23:23 ` Linus Torvalds
2002-04-21 2:08 ` Andrea Arcangeli
2002-04-20 23:13 ` Linus Torvalds
2002-04-23 19:21 ` Linus Torvalds
2002-04-23 20:05 ` H. Peter Anvin
2002-04-24 0:32 ` Andrea Arcangeli
2002-04-24 2:10 ` Linus Torvalds
2002-04-26 9:13 ` Pavel Machek
2002-04-26 11:55 ` Andrea Arcangeli
2002-04-19 22:18 ` Jan Hubicka
2002-04-22 22:24 Saxena, Sunil
[not found] <200204182320.53095.nahshon@actcom.co.il>
2002-04-19 11:22 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2002-04-18 18:36 linux
2002-04-18 18:53 ` Richard B. Johnson
2002-04-21 19:52 ` Pavel Machek
2002-04-21 22:11 ` David Wagner
2002-04-18 21:06 ` H. Peter Anvin
2002-04-17 23:42 Doug Ledford
2002-04-18 5:26 ` Andrea Arcangeli
2002-04-18 9:10 ` Arjan van de Ven
2002-04-18 11:18 ` Alan Cox
2002-04-18 11:14 ` Andi Kleen
2002-04-18 11:53 ` Alan Cox
2002-04-18 11:46 ` Andi Kleen
2002-04-18 11:55 ` Andi Kleen
2002-04-18 13:44 ` Doug Ledford
2002-04-18 19:20 ` Pavel Machek
2002-04-18 19:32 ` Doug Ledford
2002-04-21 19:54 ` Pavel Machek
2002-04-18 8:22 ` Andi Kleen
2002-04-17 14:51 Jan Hubicka
2002-04-17 15:23 ` Jan Hubicka
2002-04-18 14:57 ` Denis Vlasenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020420052303.F1291@dualathlon.random \
--to=andrea@suse.de \
--cc=ak@suse.de \
--cc=bgerst@didntduck.org \
--cc=hpa@zytor.com \
--cc=jh@suse.cz \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox