Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?

From: Denys Vlasenko
Date: Wed Mar 18 2015 - 18:28:01 EST

Next message: Linus Torvalds: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Previous message: Charlie Mooney: "[PATCH] Input: Add MT_TOOL_PALM"
In reply to: Andy Lutomirski: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Next in thread: Linus Torvalds: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 18, 2015 at 11:20 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>> There is an easy way to test the theory that SYSRET is to blame.
>>
>> Just replace
>>
>> movq RCX(%rsp),%rcx
>> cmpq %rcx,RIP(%rsp) /* RCX == RIP */
>> jne opportunistic_sysret_failed
>>
>> this "jne" with "jmp", and try to reproduce.
>>
>
> This is a classic root exploit, and it's why we check for
> non-canonical RIP. In theory, that's the only way this can happen.
> Intel screwed up -- AMD never fails SYSRET.

I'm not saying the code needs to be changed.

I'm saying that *people who see the crash* can make this change,
run the modified kernel, and if crash disappears -
then it is caused by "opportunistic SYSRET".
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Previous message: Charlie Mooney: "[PATCH] Input: Add MT_TOOL_PALM"
In reply to: Andy Lutomirski: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Next in thread: Linus Torvalds: "Re: PANIC: double fault, error_code: 0x0 in 4.0.0-rc3-2, kvm related?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]