lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <cover.1455664054.git.luto@kernel.org>
Date:	Tue, 16 Feb 2016 15:09:00 -0800
From:	Andy Lutomirski <luto@...nel.org>
To:	x86@...nel.org
Cc:	Denys Vlasenko <dvlasenk@...hat.com>, Stas Sergeev <stsp@...t.ru>,
	Cyrill Gorcunov <gorcunov@...il.com>,
	Pavel Emelyanov <xemul@...allels.com>,
	Brian Gerst <brgerst@...il.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Oleg Nesterov <oleg@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Andy Lutomirski <luto@...nel.org>
Subject: [PATCH v5 0/4] x86: sigcontext fixes, again

This is take 2 at fixing x86 64-bit signals wrt SS.  After a lot of
thought, this is not controlled by any flags -- I would much prefer
to avoid opt-in behavior.  Instead, it just tries hard to avoid
triggering the cases that break DOSEMU.

Stas, this now seems to pass the test you sent me.  It works with
stock dosemu2 (I haven't tested classic dosemu because I can't get it
to work regardless).  It also works with a patched dosemu2 that bypasses
the userspace trampoline:

https://github.com/amluto/dosemu2/commit/571b4d08dc885b7a133e444a2ad23e0d21366206

With this applied, all of the x86 selftests pass on x86_64.  That
wasn't the case before -- ldt_gdt_64 was broken.

This is a bit risky, and another option would be to do nothing at
all.  Then we'd disable the problematic self-tests (sigh), and
DOSEMU and similar tools will be stuck using gross hacks even on new
kernels.

Changes from v4:
 - More comment fixes from Borislav and Ingo.

Changes from v3:
 - Comment fixes from Borislav.
 - Improve AR_xyz comments to better match SDM.  (Borislav, is this good?)
 - Get rid of duplicate AR_xyz defines in the selftest.
 - (no non-comment code changes)

Changes from v2:
 - Rebased (which wasn't quite trivial since the headers were rearranged)
 - Slightly improved a comment in patch 1.
 - Tidy up changelogs a bit.

Changes from v1:
 - Comment fixes
 - Fix screwed up uaccess that broke things

Andy Lutomirski (4):
  x86/signal/64: Add a comment about sigcontext->fs and gs
  x86/signal/64: Fix SS if needed when delivering a 64-bit signal
  x86/signal/64: Re-add support for SS in the 64-bit signal context
  selftests/x86: Add tests for UC_SIGCONTEXT_SS and UC_STRICT_RESTORE_SS

 arch/x86/include/asm/desc_defs.h        |  23 ++++
 arch/x86/include/asm/sighandling.h      |   1 -
 arch/x86/include/uapi/asm/sigcontext.h  |  32 ++++-
 arch/x86/include/uapi/asm/ucontext.h    |  53 +++++++-
 arch/x86/kernel/signal.c                | 114 +++++++++++++---
 tools/testing/selftests/x86/Makefile    |   7 +-
 tools/testing/selftests/x86/sigreturn.c | 230 ++++++++++++++++++++++++++++----
 7 files changed, 400 insertions(+), 60 deletions(-)

-- 
2.5.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ