lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 11 Aug 2021 12:57:40 -0500
From:   "Christopher M. Riedl" <cmr@...ux.ibm.com>
To:     "Christophe Leroy" <christophe.leroy@...roup.eu>,
        <linuxppc-dev@...ts.ozlabs.org>
Cc:     <keescook@...omium.org>, <peterz@...radead.org>, <x86@...nel.org>,
        <npiggin@...il.com>, <linux-hardening@...r.kernel.org>,
        <tglx@...utronix.de>, <dja@...ens.net>
Subject: Re: [PATCH v5 8/8] lkdtm/powerpc: Fix code patching hijack test

On Thu Aug 5, 2021 at 4:18 AM CDT, Christophe Leroy wrote:
>
>
> Le 13/07/2021 à 07:31, Christopher M. Riedl a écrit :
> > Code patching on powerpc with a STRICT_KERNEL_RWX uses a userspace
> > address in a temporary mm on Radix now. Use __put_user() to avoid write
> > failures due to KUAP when attempting a "hijack" on the patching address.
> > __put_user() also works with the non-userspace, vmalloc-based patching
> > address on non-Radix MMUs.
>
> It is not really clean to use __put_user() on non user address,
> allthought it works by change.
>
> I think it would be better to do something like
>
> if (is_kernel_addr(addr))
> copy_to_kernel_nofault(...);
> else
> copy_to_user_nofault(...);
>

Yes that looks much better. I'll pick this up and try it for the next
spin. Thanks!

>
>
> > 
> > Signed-off-by: Christopher M. Riedl <cmr@...ux.ibm.com>
> > ---
> >   drivers/misc/lkdtm/perms.c | 9 ---------
> >   1 file changed, 9 deletions(-)
> > 
> > diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c
> > index 41e87e5f9cc86..da6a34a0a49fb 100644
> > --- a/drivers/misc/lkdtm/perms.c
> > +++ b/drivers/misc/lkdtm/perms.c
> > @@ -262,16 +262,7 @@ static inline u32 lkdtm_read_patch_site(void)
> >   /* Returns True if the write succeeds */
> >   static inline bool lkdtm_try_write(u32 data, u32 *addr)
> >   {
> > -#ifdef CONFIG_PPC
> > -	__put_kernel_nofault(addr, &data, u32, err);
> > -	return true;
> > -
> > -err:
> > -	return false;
> > -#endif
> > -#ifdef CONFIG_X86_64
> >   	return !__put_user(data, addr);
> > -#endif
> >   }
> >   
> >   static int lkdtm_patching_cpu(void *data)
> > 

Powered by blists - more mailing lists