lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 30 Jun 2015 13:06:46 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Borislav Petkov <bp@...en8.de>
Cc:	Andy Lutomirski <luto@...nel.org>, x86@...nel.org,
	linux-kernel@...r.kernel.org,
	Frédéric Weisbecker <fweisbec@...il.com>,
	Rik van Riel <riel@...hat.com>,
	Oleg Nesterov <oleg@...hat.com>,
	Denys Vlasenko <vda.linux@...glemail.com>,
	Kees Cook <keescook@...omium.org>,
	Brian Gerst <brgerst@...il.com>, paulmck@...ux.vnet.ibm.com
Subject: Re: [PATCH v4 02/17] x86/entry/64/compat: Fix bad fast syscall arg
 failure path


* Borislav Petkov <bp@...en8.de> wrote:

> On Mon, Jun 29, 2015 at 12:33:34PM -0700, Andy Lutomirski wrote:
> > diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
> > index bb187a6a877c..efe0b1e499fa 100644
> > --- a/arch/x86/entry/entry_64_compat.S
> > +++ b/arch/x86/entry/entry_64_compat.S
> > @@ -425,8 +425,39 @@ cstar_tracesys:
> >  END(entry_SYSCALL_compat)
> >  
> >  ia32_badarg:
> > -	ASM_CLAC
> > -	movq	$-EFAULT, RAX(%rsp)
> > +	/*
> > +	 * So far, we've entered kernel mode, set AC, turned on IRQs, and
> > +	 * saved C regs except r8-r11.  We haven't done any of the other
> > +	 * standard entry work, though.  We want to bail, but we shouldn't
> > +	 * treat this as a syscall entry since we don't even know what the
> > +	 * args are.  Instead, treat this as a non-syscall entry, finish
> > +	 * the entry work, and immediately exit after setting AX = -EFAULT.
> > +	 *
> > +	 * We're really just being polite here.  Killing the task outright
> > +	 * would be a reasonable action, too.  Given that the only valid
> > +	 * way to have gotten here is through the vDSO, and we already know
> > +	 * that the stack pointer is bad, the task isn't going to survive
> > +	 * for long no matter what we do.
> 
> You mean something like
> 
> 	force_sig_info(SIGSEGV, &si, current);
> 
> ?

We should also emit a warning message, even if user-space installed a 'special' 
sigfault handler to hide such failures. (I'm looking at you systemd!)

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ