lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150630105855.GB23297@pd.tnic>
Date:	Tue, 30 Jun 2015 12:58:55 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Andy Lutomirski <luto@...nel.org>
Cc:	x86@...nel.org, linux-kernel@...r.kernel.org,
	Frédéric Weisbecker <fweisbec@...il.com>,
	Rik van Riel <riel@...hat.com>,
	Oleg Nesterov <oleg@...hat.com>,
	Denys Vlasenko <vda.linux@...glemail.com>,
	Kees Cook <keescook@...omium.org>,
	Brian Gerst <brgerst@...il.com>, paulmck@...ux.vnet.ibm.com
Subject: Re: [PATCH v4 02/17] x86/entry/64/compat: Fix bad fast syscall arg
 failure path

On Mon, Jun 29, 2015 at 12:33:34PM -0700, Andy Lutomirski wrote:
> diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
> index bb187a6a877c..efe0b1e499fa 100644
> --- a/arch/x86/entry/entry_64_compat.S
> +++ b/arch/x86/entry/entry_64_compat.S
> @@ -425,8 +425,39 @@ cstar_tracesys:
>  END(entry_SYSCALL_compat)
>  
>  ia32_badarg:
> -	ASM_CLAC
> -	movq	$-EFAULT, RAX(%rsp)
> +	/*
> +	 * So far, we've entered kernel mode, set AC, turned on IRQs, and
> +	 * saved C regs except r8-r11.  We haven't done any of the other
> +	 * standard entry work, though.  We want to bail, but we shouldn't
> +	 * treat this as a syscall entry since we don't even know what the
> +	 * args are.  Instead, treat this as a non-syscall entry, finish
> +	 * the entry work, and immediately exit after setting AX = -EFAULT.
> +	 *
> +	 * We're really just being polite here.  Killing the task outright
> +	 * would be a reasonable action, too.  Given that the only valid
> +	 * way to have gotten here is through the vDSO, and we already know
> +	 * that the stack pointer is bad, the task isn't going to survive
> +	 * for long no matter what we do.

You mean something like

	force_sig_info(SIGSEGV, &si, current);

?

I'd say we do it and not noodle unnecessarily with zeroing out pt_regs
if the task is going to die anyway. IOW, make it die faster. :)

> +	 */
> +
> +	ASM_CLAC			/* undo STAC */
> +	movq	$-EFAULT, RAX(%rsp)	/* return -EFAULT if possible */
> +
> +	/* Fill in the rest of pt_regs */
> +	xorl	%eax, %eax
> +	movq	%rax, R11(%rsp)
> +	movq	%rax, R10(%rsp)
> +	movq	%rax, R9(%rsp)
> +	movq	%rax, R8(%rsp)
> +	SAVE_EXTRA_REGS
> +
> +	/* Turn IRQs back off. */
> +	DISABLE_INTERRUPTS(CLBR_NONE)
> +	TRACE_IRQS_OFF
> +
> +	/* And exit again. */
> +	jmp retint_user
> +
>  ia32_ret_from_sys_call:
>  	xorl	%eax, %eax		/* Do not leak kernel information */
>  	movq	%rax, R11(%rsp)
> -- 
> 2.4.3

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ