lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 30 Mar 2015 11:58:04 -0700
From:	Dave Hansen <dave@...1.net>
To:	Borislav Petkov <bp@...en8.de>
CC:	linux-kernel@...r.kernel.org, x86@...nel.org, tglx@...utronix.de,
	dave.hansen@...ux.intel.com
Subject: Re: [PATCH 15/17] x86, mpx: do 32-bit-only cmpxchg for 32-bit apps

On 03/28/2015 01:39 AM, Borislav Petkov wrote:
> AFAICT, in this case, we return only a 32-bit value and don't touch
> the upper 32 bits of actual_old_val which might be a problem if the
> assumptions of the callers is that the whole unsigned long is being
> changed.

The suggestion to just drop in the futex code does not work for just
that reason.

We do this:

static int unmap_single_bt(struct mm_struct *mm,
{
...
	unsigned long uninitialized_var(actual_old_val);

	ret = mpx_cmpxchg_bd_entry(mm, &actual_old_val,
                                bd_entry, bt_addr, cleared_bd_entry);

and then check:

        if (actual_old_val != expected_old_val) {

If we do not touch the upper 32-bits of 'actual_old_val', then we might
end up with stack gunk in there.  The other caller of
mpx_cmpxchg_bd_entry() is OK since it initializes its 'actual_old_val'.

So, I don't think it will work as you've written.  We need to somehow
ensure that the upper 32-bits match the upper 32-bits of
'expected_old_val' which will always be 0's for a 32-bit app.

So, yeah, it's ugly.  You got me.  But all the 64/32-bit conversions are
done out in the open and it's obvious what's going on.  It is also
_tested_ and works.

I'd really like to keep it the way it is.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ