Re: [PATCH] Re: SSE related security hole

Linus Torvalds (torvalds@transmeta.com)
Sat, 20 Apr 2002 09:27:11 -0700 (PDT)


On Sat, 20 Apr 2002, Andrea Arcangeli wrote:
>
> Note that with init_fpu I meant the init_fpu written in the patch. All
> you need is a:
>
> fxrstor "default fpu state"

Ok, that I agree with.

> > That's no fast path, that's a "this process has never used the FPU before,
> > so we'd better make sure that it starts off with a really clean slate".
>
> it's executed by every single task using the fpu

Yes. _Once_ in their lifetimes.

> > But the point is that people may still use a 2.4.x kernel on a P4-SSE3,
> > which only adds a few new instructions, and which re-uses the old SSE2
> > save area.
>
> If there's no new xmm and new control register that's fine. If there's
> new control register the 2.4.x kernel will need modifications anyways.
>
> Just adding new instructions is just fine, like between sse and sse2.

If Intel makes the SSE3 registers twice as wide (or creates new ones), the
xorps trick simply will not work.

> I think the only argument for that is that it will potentially clear the
> xmm8-15 registers too, if they will be added to an x86 (they're just in
> x86-64). The control part doesn't make much sense to be because it will
> likely not be zero anyways.

Actually, even control parts likely _will_ be be zero, the way people
work.

> > THAT is the reason we can't just zero the SSE registers - because if we
> > do, we'll have the same problem next time around.
>
> You are zeroing the SSE registers with the fxrestor way too.

Andrea, that's the whole _point_.

> If a new
> control register is added zero won't be guaranteed to be the right
> initialization for it, most control registers aren't set to 0 by
> default.

Even then, having a reliable failure that is easy to pinpoint it a lot
better than random behaviour that has taken us more than two years to even
_find_.

Besides, zeroes for initial values of control registers actually _is_
fairly likely, in my opinion. I've sent off an email to my Intel contacts
to try to make this architected..

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/