From: Willy Tarreau <w@1wt.eu>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@elte.hu>, Pavel Machek <pavel@ucw.cz>,
Avi Kivity <avi@redhat.com>, Alan Cox <alan@lxorguk.ukuu.org.uk>,
Matteo Croce <technoboy85@gmail.com>,
Sven-Haegar Koch <haegar@sdinet.de>,
linux-kernel@vger.kernel.org
Subject: Re: i686 quirk for AMD Geode
Date: Wed, 11 Nov 2009 06:52:20 +0100 [thread overview]
Message-ID: <20091111055220.GA560@1wt.eu> (raw)
In-Reply-To: <4AF9ED78.3000106@zytor.com>
On Tue, Nov 10, 2009 at 02:47:20PM -0800, H. Peter Anvin wrote:
> On 11/10/2009 02:42 PM, Willy Tarreau wrote:
> > On Tue, Nov 10, 2009 at 11:20:31PM +0100, Ingo Molnar wrote:
> >>
> >> * H. Peter Anvin <hpa@zytor.com> wrote:
> >>
> >>> *THIS* is the kind of complexity that makes me think that having a
> >>> single source for all interpretation done in the kernel is the
> >>> preferred option.
> >>
> >> Definitely agreed ... The NX code is quite a maze right now, so changes
> >> to it should come generously laced with cleanups.
> >
> > BTW, I don't see why we should be impacted by NX. Trying to
> > execute from an NX page would return a SEGV, not SIGILL, so
> > we should not be bothered, am I wrong ?
>
> Yes. Consider a page-crossing instruction.
OK, but to be pragmatic, NX is there to prevent execution of
instructions in the stack (or heap) during buffer overflows.
If we only implement the few instructions lised in previous
mail, there is very little benefit to check for NX :
- those instructions cannot jump to other code, they just
change one register or memory location at most (or just nop)
- once we return from the signal handler, if we have crossed
a NX page boundary, the program will segfault anyway, taking
with it the change we just completed.
- last, the probability of having an NX page just after an
executable one seems too tight to me to even constitute
an attack vector ! BTW, I'm not even certain that all CPUs
correctly implement this check !
On the other hand, I certainly understand why this would be
an important check in a complete emulator which could parse
and emulate a flow of instructions.
So in short, I think we could reasonably implement CMOV/NOPL
with the instruction length control, with getuser for data
accesses but without checking the code pages permissions if
we know that the CPU could already fetch the beginning of
the instruction correctly to cause an invalid opcode trap.
I'm not saying this is perfect, just that this is reasonable.
Regards,
Willy
next prev parent reply other threads:[~2009-11-11 5:52 UTC|newest]
Thread overview: 135+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-03 2:12 i686 quirk for AMD Geode Matteo Croce
2009-10-03 2:34 ` H. Peter Anvin
2009-10-03 3:08 ` Matteo Croce
2009-10-03 2:35 ` H. Peter Anvin
2009-10-03 7:21 ` Ingo Molnar
2009-10-03 9:53 ` Matteo Croce
2009-10-03 14:12 ` H. Peter Anvin
2009-10-03 14:56 ` Matteo Croce
2009-11-06 14:59 ` Matteo Croce
2009-11-06 16:44 ` H. Peter Anvin
2009-11-06 22:18 ` Matteo Croce
2009-11-07 0:49 ` Alan Cox
2009-11-08 17:37 ` Pavel Machek
2009-11-08 17:40 ` Matteo Croce
2009-11-08 18:10 ` Pavel Machek
2009-11-08 18:13 ` Matteo Croce
2009-11-08 19:29 ` Sven-Haegar Koch
2009-11-08 19:36 ` Pavel Machek
2009-11-08 19:47 ` Matteo Croce
2009-11-08 19:51 ` Pavel Machek
2009-11-08 20:08 ` Alan Cox
2009-11-10 5:27 ` Willy Tarreau
2009-11-10 6:02 ` H. Peter Anvin
2009-11-10 10:41 ` Avi Kivity
2009-11-10 10:56 ` Alan Cox
2009-11-10 17:08 ` H. Peter Anvin
2009-11-10 17:24 ` Alan Cox
2009-11-10 18:49 ` H. Peter Anvin
2009-11-10 19:50 ` Avi Kivity
2009-11-10 20:01 ` H. Peter Anvin
2009-11-10 20:16 ` Willy Tarreau
2009-11-10 20:25 ` H. Peter Anvin
2009-11-10 20:34 ` Willy Tarreau
2009-11-10 20:54 ` Pavel Machek
2009-11-10 21:12 ` Willy Tarreau
2009-11-10 21:19 ` H. Peter Anvin
2009-11-10 22:06 ` Willy Tarreau
2009-11-10 22:15 ` H. Peter Anvin
2009-11-10 22:20 ` Ingo Molnar
2009-11-10 22:42 ` Willy Tarreau
2009-11-10 22:47 ` H. Peter Anvin
2009-11-11 5:52 ` Willy Tarreau [this message]
2009-11-11 6:15 ` H. Peter Anvin
2009-11-11 6:36 ` Willy Tarreau
2009-11-11 7:57 ` H. Peter Anvin
2009-11-11 9:32 ` Willy Tarreau
2009-11-12 2:23 ` Matt Thrailkill
2009-11-12 5:27 ` Willy Tarreau
2009-11-12 5:31 ` H. Peter Anvin
2009-11-12 5:40 ` Willy Tarreau
2009-11-23 19:27 ` Eric W. Biederman
2009-11-23 19:35 ` H. Peter Anvin
2009-11-23 20:03 ` Eric W. Biederman
2009-11-11 10:03 ` Alan Cox
2009-11-11 8:17 ` Pavel Machek
2009-11-10 22:21 ` Willy Tarreau
2009-11-11 10:21 ` Alan Cox
2009-11-11 10:43 ` Willy Tarreau
2009-11-11 16:15 ` H. Peter Anvin
2009-11-10 22:27 ` Lennart Sorensen
2009-11-10 22:29 ` H. Peter Anvin
2009-11-10 22:34 ` Lennart Sorensen
2009-11-10 22:38 ` H. Peter Anvin
2009-11-10 22:54 ` Lennart Sorensen
2009-11-11 8:03 ` Pavel Machek
2009-11-11 9:35 ` Willy Tarreau
2009-11-10 21:21 ` Matt Thrailkill
2009-11-10 21:26 ` H. Peter Anvin
2009-11-10 22:01 ` Matteo Croce
2009-11-10 22:10 ` Willy Tarreau
2009-11-11 10:54 ` Bernd Petrovitsch
2009-11-12 0:51 ` Daniel Pittman
2009-11-12 1:00 ` H. Peter Anvin
2009-11-10 16:29 ` H. Peter Anvin
2009-11-08 19:46 ` Matteo Croce
2009-11-08 19:50 ` Pavel Machek
2009-11-08 20:41 ` Krzysztof Halasa
2009-11-08 18:42 ` Matteo Croce
2009-11-09 20:16 ` Lennart Sorensen
2009-11-09 21:03 ` Matteo Croce
2009-11-09 21:17 ` H. Peter Anvin
2009-11-09 21:23 ` Lennart Sorensen
2009-11-12 12:18 ` Pavel Machek
2009-11-13 2:03 ` Andres Salomon
2009-11-13 10:50 ` Alan Cox
2009-11-13 16:23 ` Lennart Sorensen
2009-11-13 16:57 ` Alan Cox
2009-11-13 19:24 ` Lennart Sorensen
2009-11-13 21:21 ` Alan Cox
2009-11-16 17:50 ` Lennart Sorensen
2009-11-17 11:59 ` Alan Cox
2009-11-17 14:34 ` Lennart Sorensen
2009-11-17 16:43 ` H. Peter Anvin
2009-11-17 17:10 ` Lennart Sorensen
2009-11-17 16:48 ` Valdis.Kletnieks
2009-11-17 17:25 ` Lennart Sorensen
2009-11-17 17:33 ` H. Peter Anvin
2009-11-17 18:33 ` Lennart Sorensen
2009-11-18 20:21 ` Lennart Sorensen
2009-11-18 20:59 ` H. Peter Anvin
2009-11-18 21:11 ` Lennart Sorensen
2009-11-19 0:41 ` Lennart Sorensen
2009-11-13 5:55 ` Yuhong Bao
2009-11-13 16:24 ` Lennart Sorensen
2009-11-13 13:33 ` Pádraig Brady
2009-11-13 16:25 ` Lennart Sorensen
2009-11-08 17:35 ` Pavel Machek
2009-10-03 18:05 ` Arjan van de Ven
2009-10-03 22:04 ` Matteo Croce
2009-10-03 22:32 ` Gabor Gombas
2009-10-03 22:54 ` Matteo Croce
2009-10-04 7:29 ` Gabor Gombas
2009-10-04 2:25 ` Arjan van de Ven
2009-10-04 14:58 ` Alan Cox
2009-11-09 21:14 ` H. Peter Anvin
-- strict thread matches above, loose matches on Subject: below --
2009-11-06 15:49 Martin Schleier
2009-11-06 15:59 ` Alan Cox
2009-11-06 16:42 ` Matteo Croce
2009-11-06 16:57 ` Martin Schleier
2009-11-06 18:22 ` Alan Cox
2009-11-06 20:06 ` Martin Schleier
[not found] ` <20091106210259.290b281a@lxorguk.ukuu.org.uk>
2009-11-06 22:33 ` Martin Schleier
2009-11-06 23:05 ` Krzysztof Halasa
2009-11-07 0:05 ` Martin Schleier
2009-11-07 10:37 ` Krzysztof Halasa
2009-11-07 11:11 ` Matteo Croce
2009-11-08 2:14 ` H. Peter Anvin
2009-11-08 16:05 ` Andres Salomon
2009-11-08 18:04 ` Matteo Croce
2009-11-08 18:46 ` Andres Salomon
2009-11-08 18:22 ` Matteo Croce
2009-11-08 18:47 ` Andres Salomon
2009-11-10 5:58 ` Willy Tarreau
2009-11-08 22:10 H. Peter Anvin
2009-11-09 0:22 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091111055220.GA560@1wt.eu \
--to=w@1wt.eu \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=avi@redhat.com \
--cc=haegar@sdinet.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=pavel@ucw.cz \
--cc=technoboy85@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox