lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20090514091247.32082.38639.sendpatchset@subratamodak.linux.ibm.com>
Date:	Thu, 14 May 2009 14:42:47 +0530
From:	Subrata Modak <subrata@...ux.vnet.ibm.com>
To:	Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	Balbir Singh <balbir@...ux.vnet.ibm.com>,
	Andi Kleen <andi@...stfloor.org>,
	Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Sachin P Sant <sachinp@...ux.vnet.ibm.com>,
	Subrata Modak <subrata@...ux.vnet.ibm.com>,
	Andi Kleen <ak@...ux.intel.com>, Ingo Molnar <mingo@...e.hu>
Subject: Re:[PATCH] Fix Warnining in arch/x86/kernel/signal.c

Hello Hiroshi-san,

On Thu, 2009-05-14 at 09:24 +0900, Hiroshi Shimamoto wrote:
H. Peter Anvin wrote:
> > Ingo Molnar wrote:
> >>>>>  
> >>>>>         if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
> >>>>>                 goto badframe;
> >>>>> -       if (__get_user(set.sig[0], &frame->sc.oldmask) || (_NSIG_WORDS > 1
> >>>>> -               && __copy_from_user(&set.sig[1], &frame->extramask,
> >>>>> -                                   sizeof(frame->extramask))))
> >>>>> +
> >>>>> +        if ( (__copy_from_user(&set.sig[1], &frame->extramask,
> >>>>> +                sizeof(frame->extramask)) && _NSIG_WORDS > 1) || 
> >>>>> +                __get_user(set.sig[0], &frame->sc.oldmask))
> >>>>>                 goto badframe;
> >>>> I'm not sure why this eliminates that warning.
> >>>> set.sig[0] may not be initialized too, if __copy_from_user() failed.
> >>> True, but only when either or both of __copy_from_user() and
> >>> (_NSIG_WORDS > 1) fails. But in all instances set.sig[1] gets
> >>> initialized.
> >>>
> >>>> I don't have enough time to look at this right now, sorry.
> >>>>
> >>>> Another question, __copy_from_user() will be called even if
> >>>> _NSIG_WORDS is less than 2, perhaps it never occurs.
> >>>> I think, to check _NSIG_WORDS > 1 before calling __copy_from_user()
> >>>> is better.
> >>> Fine. Let Ingo/Thomas/Peter decide whether they would like this fix or
> >>> drop it.
> >> If you get the Acked-by from Hiroshi-san it looks good to me. He 
> >> modified this code last.
> >>
> > 
> > This seriously looks wrong to me.  If _NSIG_WORDS == 1, then calling
> > __copy_from_user here is a serious error.
> 
> Right. If _NSIG_WORDS is 1, sigset_t set has only sig[0], writing to
> set.sig[1] means stack corruption.
> 
> Subrata, could you try like this?
> if ((_NSIG_WORDS > 1 && __copy_from_user(&set.sig[1], ...) ||
>       __get_user(set.sig[0], ...))
> 
> 

How about now ? Thanks for pointing that out. My mistake ;-)

Signed-off-by: Subrata Modak <subrata@...ux.vnet.ibm.com>
To: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>,
Cc: H. Peter Anvin <hpa@...or.com>,
Cc: Ingo Molnar <mingo@...e.hu>,
Cc: x86@...nel.org,
Cc: Sachin P Sant <sachinp@...ux.vnet.ibm.com>,
Cc: Andi Kleen <andi@...stfloor.org>,
Cc: Andi Kleen <ak@...ux.intel.com>,
Cc: Linux Kernel <linux-kernel@...r.kernel.org>,
Cc: Balbir Singh <balbir@...ux.vnet.ibm.com>,
Cc: Thomas Gleixner <tglx@...utronix.de>,
Cc: Ingo Molnar <mingo@...hat.com>
Subject: Re:[PATCH] Fix Warnining in arch/x86/kernel/signal.c
---

--- a/arch/x86/kernel/signal.c	2009-05-14 11:27:15.000000000 +0530
+++ b/arch/x86/kernel/signal.c	2009-05-14 14:36:24.000000000 +0530
@@ -576,9 +576,9 @@ unsigned long sys_sigreturn(struct pt_re
 
 	if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
 		goto badframe;
-	if (__get_user(set.sig[0], &frame->sc.oldmask) || (_NSIG_WORDS > 1
-		&& __copy_from_user(&set.sig[1], &frame->extramask,
-				    sizeof(frame->extramask))))
+	if ((_NSIG_WORDS > 1 && __copy_from_user(&set.sig[1],
+		&frame->extramask, sizeof(frame->extramask))) ||
+		__get_user(set.sig[0], &frame->sc.oldmask))
 		goto badframe;
 
 	sigdelsetmask(&set, ~_BLOCKABLE);

---
Regards--
Subrata

> I wonder whether gcc really complains about the case of
> __get_user(set.sig[0], ...) failure.
> Why, the case which sig[0] initialized and sig[1] uninitialized is NG
> and the case which sig[0] uninitialized and sig[1] initialized is OK.
> 
> Thanks,
> Hiroshi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ