| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 Feb 2012 16:19:25 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Indan Zupancic <indan@....nu> CC: Linus Torvalds <torvalds@...ux-foundation.org>, Andi Kleen <andi@...stfloor.org>, Jamie Lokier <jamie@...reable.org>, Andrew Lutomirski <luto@....edu>, Oleg Nesterov <oleg@...hat.com>, Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org, keescook@...omium.org, john.johansen@...onical.com, serge.hallyn@...onical.com, coreyb@...ux.vnet.ibm.com, pmoore@...hat.com, eparis@...hat.com, djm@...drot.org, segoon@...nwall.com, rostedt@...dmis.org, jmorris@...ei.org, scarybeasts@...il.com, avi@...hat.com, penberg@...helsinki.fi, viro@...iv.linux.org.uk, mingo@...e.hu, akpm@...ux-foundation.org, khilman@...com, borislav.petkov@....com, amwang@...hat.com, ak@...ux.intel.com, eric.dumazet@...il.com, gregkh@...e.de, dhowells@...hat.com, daniel.lezcano@...e.fr, linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, olofj@...omium.org, mhalcrow@...gle.com, dlaor@...hat.com, Roland McGrath <mcgrathr@...omium.org>, "H.J. Lu" <hjl.tools@...il.com> Subject: Re: Compat 32-bit syscall entry from 64-bit task!? On 02/06/2012 05:52 PM, Indan Zupancic wrote: >> >> - If the CPU is currently in 32- or 64-bit mode. > > What is the best way to find that out at the kernel side? Add a function > that checks cs and returns the correct answer? But in the kernel path the > CPU is always in 64-bit mode, so I suppose you want to know what mode the > tracee was in? > You need to look at the CS descriptor. >> - If we are currently inside a system call, and if so if it was entered >> via: >> - SYSCALL64 >> - INT 80 >> - SYSCALL32 >> - SYSENTER >> >> The reason we need this information is because for the various 32-bit >> entry points we do some very ugly swizzling of registers, which >> matters to a ptrace client which wants to modify system call >> arguments. > > But isn't the swizzling done in such way that all this is hidden from > ptrace clients (and the rest of the kernel)? Why would a ptrace client > need to know the details of the 32-bit entry call? > > The ptrace client can always modify the same registers, as system calls > always use the same registers too. No unexpected behaviour happens as > far as I can tell from looking at the code, at least not in the syscall > entry path. The simple stuff works, but once you want to do things like change the arguments and/or move the execution point, things get unswizzled in uncontrolled ways. There are bug reports related to that (I would have to dig them up) and they aren't really fixable in any sane way right now. > A pure 32-bit kernel is compiled with: > > #define asmlinkage CPP_ASMLINKAGE __attribute__((regparm(0))) ... which we'd like to get rid of ... > So all arguments are passed on the stack and those arguments can be > directly modified by ptrace. For compat kernels the arguments are > reloaded after ptrace and before the actual system call is done. >> - If the process was started as a 64-bit process, i386 process or x32 >> process. > > Can't that be figured out by looking at the AUXV data? Either via /proc > or PTRACE_GETREGSET + NT_AUXV. And as this can't change, there is no > need to pass it on all the time. I'll look at the auxv stuff. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists