* LTP cve-2017-5754 test fails on kernel-v4.17-rc2
@ 2018-04-26 7:02 Li Wang
2018-04-26 10:00 ` Li Wang
0 siblings, 1 reply; 2+ messages in thread
From: Li Wang @ 2018-04-26 7:02 UTC (permalink / raw)
To: linux-kernel, ltp; +Cc: pboldin, dave.hansen, Andrea Arcangeli, linux-mm
[-- Attachment #1: Type: text/plain, Size: 2117 bytes --]
Hi LKML & LTP,
LTP/meltdown.c fails on upstream kernel-v4.17-rc2 with both kvm and
bare-metal system. Please attention!!!
kernel-v4.17-rc2 FAIL
kernel-v4.17-rc1 PASS
=======================
Kernel Version: 4.17.0-rc2
Machine Architecture: x86_64
tst_test.c:1015: INFO: Timeout per run is 0h 50m 00s
meltdown.c:259: INFO: access time: cached = 51, uncached = 343, threshold = 132
meltdown.c:309: INFO: linux_proc_banner is at ffffffff8ba00060
meltdown.c:332: INFO: read ffffffff8ba00060 = 0x25 %
meltdown.c:332: INFO: read ffffffff8ba00061 = 0x73 s
meltdown.c:332: INFO: read ffffffff8ba00062 = 0x20
meltdown.c:332: INFO: read ffffffff8ba00063 = 0x76 v
meltdown.c:332: INFO: read ffffffff8ba00064 = 0x65 e
meltdown.c:332: INFO: read ffffffff8ba00065 = 0x72 r
meltdown.c:332: INFO: read ffffffff8ba00066 = 0x73 s
meltdown.c:332: INFO: read ffffffff8ba00067 = 0x69 i
meltdown.c:332: INFO: read ffffffff8ba00068 = 0x6f o
meltdown.c:332: INFO: read ffffffff8ba00069 = 0x6e n
meltdown.c:332: INFO: read ffffffff8ba0006a = 0x20
meltdown.c:332: INFO: read ffffffff8ba0006b = 0x25 %
meltdown.c:332: INFO: read ffffffff8ba0006c = 0x73 s
meltdown.c:342: FAIL: I was able to read your kernel memory!!!
Summary:
passed 0
failed 1
skipped 0
warnings 0
# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 2
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 13
Model name: QEMU Virtual CPU version (cpu64-rhel6)
Stepping: 3
CPU MHz: 2892.748
BogoMIPS: 5785.49
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
NUMA node0 CPU(s): 0,1
Flags: fpu de pse tsc msr pae mce cx8 apic mtrr pge mca
cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm nopl cpuid pni cx16
hypervisor lahf_lm pti
--
Li Wang
liwang@redhat.com
[-- Attachment #2: Type: text/html, Size: 3701 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: LTP cve-2017-5754 test fails on kernel-v4.17-rc2
2018-04-26 7:02 LTP cve-2017-5754 test fails on kernel-v4.17-rc2 Li Wang
@ 2018-04-26 10:00 ` Li Wang
0 siblings, 0 replies; 2+ messages in thread
From: Li Wang @ 2018-04-26 10:00 UTC (permalink / raw)
To: linux-kernel, ltp
Cc: pboldin, dave.hansen, Andrea Arcangeli, linux-mm, Jan Stancek
[-- Attachment #1: Type: text/plain, Size: 2413 bytes --]
On Thu, Apr 26, 2018 at 3:02 PM, Li Wang <liwang@redhat.com> wrote:
> Hi LKML & LTP,
>
> LTP/meltdown.c fails on upstream kernel-v4.17-rc2 with both kvm and
> bare-metal system. Please attention!!!
>
The failure was only occurred on kvm system not include bare-matal. Sorry
for that.
After a simple discussion with Jan, we guess the reason is that commit
8c06c774 (x86/pti: Leave kernel text global for !PCID)
involves new function pti_kernel_image_global_ok(void) which makes kernel
use global pages when pti_mode == PTI_AUTO,
then LTP meltdown.c obviously easy to read the linux_banner content there.
After rebooting kernel with parameter "pti=on", the FAIL is gone. So, from
the result, seems LTP/meltdown.c should be improved.
Btw, I'm not very good at this, If anything I was wrong, pls feel free to
correct me.
============
391 * Global pages and PCIDs are both ways to make kernel TLB entries
392 * live longer, reduce TLB misses and improve kernel performance.
393 * But, leaving all kernel text Global makes it potentially
accessible
394 * to Meltdown-style attacks which make it trivial to find
gadgets or
395 * defeat KASLR.
396 *
397 * Only use global pages when it is really worth it.
398 */
399 static inline bool pti_kernel_image_global_ok(void)
400 {
401 /*
402 * Systems with PCIDs get litlle benefit from global
403 * kernel text and are not worth the downsides.
404 */
405 if (cpu_feature_enabled(X86_FEATURE_PCID))
406 return false;
407
408 /*
409 * Only do global kernel image for pti=auto. Do the most
410 * secure thing (not global) if pti=on specified.
411 */
412 if (pti_mode != PTI_AUTO)
413 return false;
414
415 /*
416 * K8 may not tolerate the cleared _PAGE_RW on the userspace
417 * global kernel image pages. Do the safe thing (disable
418 * global kernel image). This is unlikely to ever be
419 * noticed because PTI is disabled by default on AMD CPUs.
420 */
421 if (boot_cpu_has(X86_FEATURE_K8))
422 return false;
423
424 return true;
425 }
--
Li Wang
liwang@redhat.com
[-- Attachment #2: Type: text/html, Size: 4463 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-04-26 10:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-26 7:02 LTP cve-2017-5754 test fails on kernel-v4.17-rc2 Li Wang
2018-04-26 10:00 ` Li Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox