lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 11 Feb 2009 23:41:26 +0900
From:	Tejun Heo <tj@...nel.org>
To:	Brian Gerst <brgerst@...il.com>
CC:	Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] x86: Pass in pt_regs pointer for syscalls that need
 	it

Hello, Brian.

Brian Gerst wrote:
>> Here and at other places where the function takes more than one
>> arguments, wouldn't it be better to just take *regs and use other
>> parameters from regs?  That way we won't have to worry about gcc
>> corrupting register frame at all and I think it's cleaner that way.
> 
> Expanding the parameters is good documentation.

Copying from ptregs to appropriately named local variable would
provide at least similar level of documentation but I don't think this
is a big deal one way or the other.

> If there is a risk of tail-call optimization causing the register
> corruption, then asmlinkage_protect() should be used.  The problem
> isn't limited to just the syscalls that take pt_regs.  It's just
> getting the args out of the pt_regs struct was an easy hack to get
> around it.

If pt_regs is being passed with regparm(1) and no other parameter is
specified, it's a proper solution as we can guarantee that callee
can't corrupt (or discard changes to) the register frame no matter
what gcc does.

> I checked the disassembly of these functions and didn't see this
> happen on gcc 4.3.0.

Well, tracking down why run_init_process() is returning 0 with
-fstack-protector wasn't much of fun.  These breakages are very subtle
and if we're gonna pass in pointer to pt_regs anyway and thus can
guarantee such breakage can't happen at no additional cost, I think we
should do that even if it means slightly more argument fetching in a
few places.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ