lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20101113171722.GA2956@redhat.com>
Date:	Sat, 13 Nov 2010 18:17:22 +0100
From:	Oleg Nesterov <oleg@...hat.com>
To:	akpm@...ux-foundation.org
Cc:	linux-kernel@...r.kernel.org, ddaney@...iumnetworks.com,
	arnd@...db.de, benh@...nel.crashing.org, cmetcalf@...era.com,
	davem@...emloft.net, deller@....de, heiko.carstens@...ibm.com,
	hpa@...or.com, jejb@...isc-linux.org, kyle@...artin.ca,
	mingo@...e.hu, roland@...hat.com, schwidefsky@...ibm.com,
	tglx@...utronix.de, tony.luck@...el.com
Subject: Re: +
	exec_domain-establish-a-linux32-domain-on-config_compat-systems.patc
	h added to -mm tree

On 11/12, Andrew Morton wrote:
>
> From: David Daney <ddaney@...iumnetworks.com>
>
> If PER_LINUX32 is set calling sys_personality, we will try to find the
> corresponding exec_domain.  This causes us to try to load a module for
> personality-8.  After running the userspace module loader and failing to
> find the module, we fall back to the default.

Cough. It is not easy to me comment this patch ;)

Personally, I think this change is fine. But, despite the fact
the code in exec_domain.c is very trivial, I was never able to really
understand its rationality. And the usage of ->personality has some
oddities.

In particular, I can't parse default_exec_domain() at all. And,
what exec_domain->handler() actually does? I do not see anything
in arch/ which uses EXEC_DOMAIN offsets.

Perhaps someone from CC can explain this?


> We can avoid the failed module loading overhead by building-in the
> linux32_exec_domain for systems that have CONFIG_COMPAT.

Indeed. But at the same time this means it is not possible to use
personality-8.ko if the system has it.

Don't get me wrong, I have no idea why anyone could want this module,
just I am a bit worried.

> +#ifdef CONFIG_COMPAT
> +static struct exec_domain linux32_exec_domain = {
> +	.name		= "Linux32",		/* name */
> +	.handler	= default_handler,	/* lcall7 causes a seg fault. */
> +	.pers_low	= PER_LINUX32,
> +	.pers_high	= PER_LINUX32,
> +	.signal_map	= ident_map,		/* Identity map signals. */
> +	.signal_invmap	= ident_map,		/*  - both ways. */
> +};
> +#endif
> +
>  struct exec_domain default_exec_domain = {
>  	.name		= "Linux",		/* name */
>  	.handler	= default_handler,	/* lcall7 causes a seg fault. */
> @@ -41,6 +52,9 @@ struct exec_domain default_exec_domain =
>  	.pers_high	= 0,			/* PER_LINUX personality. */
>  	.signal_map	= ident_map,		/* Identity map signals. */
>  	.signal_invmap	= ident_map,		/*  - both ways. */
> +#ifdef CONFIG_COMPAT
> +	.next		= &linux32_exec_domain,
> +#endif
>  };

OK, but please look at arch/s390/kernel/compat_exec_domain.c and
arch/ia64/mm/init.c, they also register PER_LINUX32 domain, not
good. And note that register_exec_domain() doesn't check
pers_low/high, this means linux32_exec_domain can silently supress
s390_exec_domain/ia32_exec_domain.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ