lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 May 2014 14:19:43 +0200 From: Philipp Kern <pkern@...gle.com> To: hpa@...ux.intel.com Cc: Philipp Kern <pkern@...gle.com>, linux-kernel@...r.kernel.org, "H. J. Lu" <hjl.tools@...il.com>, Eric Paris <eparis@...hat.com> Subject: [PATCH] x32: Mask away the x32 syscall bit in the ptrace codepath audit_filter_syscall uses the syscall number to reference into a bitmask (e->rule.mask[word]). Not removing the x32 bit before passing the number to this architecture independent codepath will fail to lookup the proper audit bit. Furthermore it will cause an invalid memory access in the kernel if the out of bound location is not mapped: BUG: unable to handle kernel paging request at ffff8800e5446630 IP: [<ffffffff810fcdd0>] audit_filter_syscall+0x90/0xf0 Together with the entrypoint in entry_64.S this change causes x32 programs to pass in both AUDIT_ARCH_X86_64 and AUDIT_ARCH_I386 depending on the syscall path. Cc: linux-kernel@...r.kernel.org Cc: H. J. Lu <hjl.tools@...il.com> Cc: Eric Paris <eparis@...hat.com> Signed-off-by: Philipp Kern <pkern@...gle.com> --- arch/x86/kernel/ptrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 678c0ad..166a3c7 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -1489,7 +1489,7 @@ long syscall_trace_enter(struct pt_regs *regs) if (IS_IA32) audit_syscall_entry(AUDIT_ARCH_I386, - regs->orig_ax, + regs->orig_ax & __SYSCALL_MASK, regs->bx, regs->cx, regs->dx, regs->si); #ifdef CONFIG_X86_64 -- 1.9.1.423.g4596e3a -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists