| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1459894127-17698-2-git-send-email-ynorov@caviumnetworks.com> Date: Wed, 6 Apr 2016 01:08:23 +0300 From: Yury Norov <ynorov@...iumnetworks.com> To: <arnd@...db.de>, <catalin.marinas@....com>, <linux-arm-kernel@...ts.infradead.org>, <linux-kernel@...r.kernel.org> CC: <schwidefsky@...ibm.com>, <heiko.carstens@...ibm.com>, <ynorov@...iumnetworks.com>, <pinskia@...il.com>, <Prasun.Kapoor@...iumnetworks.com>, <schwab@...e.de>, <Nathan_Lynch@...tor.com>, <agraf@...e.de>, <klimov.linux@...il.com>, <broonie@...nel.org>, <joseph@...esourcery.com>, <christoph.muellner@...obroma-systems.com>, <bamvor.zhangjian@...wei.com>, <linux-doc@...r.kernel.org>, <linux-arch@...r.kernel.org>, <linux-s390@...r.kernel.org> Subject: [PATCH 01/25] all: syscall wrappers: add documentation Signed-off-by: Yury Norov <ynorov@...iumnetworks.com> Acked-by: Heiko Carstens <heiko.carstens@...ibm.com> --- Documentation/adding-syscalls.txt | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/adding-syscalls.txt b/Documentation/adding-syscalls.txt index cc2d4ac..d02a6bd 100644 --- a/Documentation/adding-syscalls.txt +++ b/Documentation/adding-syscalls.txt @@ -341,6 +341,38 @@ To summarize, you need: - instance of __SC_COMP not __SYSCALL in include/uapi/asm-generic/unistd.h +Compatibility System Calls Wrappers +-------------------------------- + +Some architectures prevent 32-bit userspace from access to top halves of 64-bit +registers, but some not. It's not a problem if specific argument is the same +size in kernel and userspace. It also is not a problem if system call is already +handled by compatible routine. Otherwise we'd take care of it. Usually, glibc +and compiler handles register's top halve, but from kernel side, we cannot rely +on it, as malicious code may cause incorrect behaviour and/or security +vulnerabilities. + +For now, only s390 and arm64/ilp32 are affected. + +To clear that top halves, automatic wrappers are introduced. They clear all +required registers before passing control to regular syscall handler. + +If your architecture allows userspace code to access top halves of register, +you need to: + - enable COMPAT_WRAPPER in configuration file; + - declare: "#define __SC_WRAP(nr, sym) [nr] = compat_##sym,", just before + compatible syscall table declaration, if you use generic unistd; or + - declare compat wrappers manually, if you use non-generic syscall table. + The list of unsafe syscalls is in kernel/compat_wrapper. + +If you write new syscall, make sure, its arguments are the same size in both +64- and 32-bits modes. If no, and if there's no explicit compat version for +syscall handler, you need to: + - declare compat version prototype in 'include/linux/compat.h'; + - in 'include/uapi/asm-generic/unistd.h' declare syscall with macro '__SC_WRAP' + instead of '__SYSCALL'; + - add corresponding line to 'kernel/compat_wrapper.c' to let it generate wrapper. + Compatibility System Calls (x86) -------------------------------- -- 2.5.0
Powered by blists - more mailing lists