From: Andi Kleen <ak@muc.de>
To: "Saxena, Sunil" <sunil.saxena@intel.com>
Cc: linux-kernel@vger.kernel.org
Subject: Initial process CPU state was Re: SSE related security hole
Date: 23 Apr 2002 00:51:09 +0200 [thread overview]
Message-ID: <m3ofgbcppe.fsf@averell.firstfloor.org> (raw)
In-Reply-To: <9287DC1579B0D411AA2F009027F44C3F171C1A9E@FMSMSX41>
"Saxena, Sunil" <sunil.saxena@intel.com> writes:
Hallo Sunil,
> We recognized that there is a discrepancy in the individual instruction
> descriptions in Vol 2 where it is indicated that the instruction would
> generate a UD#. We will be rectifying this discrepancy in the next revision
> of Vol 2 as well as via the monthly Specification Updates.
Could you quickly describe what the Intel recommended way is to clear
the whole CPU at the beginning of a process? Is there a better way
than "save state with fxsave at bootup and restore into each
new process"? After all it would be a bit unfortunate to have
instructions which are transparently tolerant to new CPU state (fxsave/fxrstor
for context switching), but no matching way to clear the same state for
security reasons. Using the bootup FXSAVE image would make linux
depend on the BIOS for this (so in the worst case when the bios
doesn't clear e.g. the XMM registers or some future registers each
process could see the state of some previous boot after a warm boot)
Another way would be to do a fxsave after clearing of known state (x87,MMX,
SSE) at OS bootup and then afterwards set all the so far reserved parts of the
FXSAVE image to zero. Then restore this image later into each new process.
This would avoid any BIOS/direct warmboot dependencies. It would work
assuming that all future IA32 state can be safely initialized with zeroes
via FXRSTOR. Is this a safe assumption?
Thanks,
-Andi
next prev parent reply other threads:[~2002-04-22 22:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-22 22:24 SSE related security hole Saxena, Sunil
2002-04-22 22:51 ` Andi Kleen [this message]
2002-04-22 23:28 ` Initial process CPU state was " Linus Torvalds
-- strict thread matches above, loose matches on Subject: below --
2002-04-23 22:07 Saxena, Sunil
2002-04-24 19:18 ` Bill Davidsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3ofgbcppe.fsf@averell.firstfloor.org \
--to=ak@muc.de \
--cc=linux-kernel@vger.kernel.org \
--cc=sunil.saxena@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox