lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 04 Jul 2016 16:59:35 +0200
From:	Arnd Bergmann <arnd@...db.de>
To:	"Tautschnig, Michael" <tautschn@...zon.co.uk>
Cc:	Andi Kleen <ak@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>,
	"linux-api@...r.kernel.org" <linux-api@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Jaswinder Singh <jaswinder@...radead.org>
Subject: Re: [PATCH] Syscall arguments are unsigned long (full registers)

On Monday, July 4, 2016 2:47:10 PM CEST Tautschnig, Michael wrote:
> Thanks a lot for the immediate feedback.
> 
> > On 4 Jul 2016, at 16:28, Andi Kleen <ak@...ux.intel.com> wrote:
> > 
> > On Mon, Jul 04, 2016 at 01:52:58PM +0000, Tautschnig, Michael wrote:
> >> All syscall arguments are passed in as types of the same byte size as
> >> unsigned long (width of full registers). Using a smaller type without a
> >> cast may result in losing bits of information. In all other instances
> >> apart from the ones fixed by the patch the code explicitly introduces
> >> type casts (using, e.g., SYSCALL_DEFINE1).
> >> 
> >> While goto-cc reported these problems at build time, it is noteworthy
> >> that the calling conventions specified in the System V AMD64 ABI do
> >> ensure that parameters 1-6 are passed via registers, thus there is no
> >> implied risk of misaligned stack access.
> > 
> > Does this actually fix anything?
> > 
> 
> It will ensure the behaviour on 32 and 64-bit systems is consistent, i.e.,
> no truncation occurs. This is to ensure that future uses of these syscalls
> do not face surprises.
> 
> 

It looks to me like you are introducing a truncation, not removing
one as your comment suggests:

long do_arch_prctl(struct task_struct *task, int code, unsigned long addr);

-long sys_arch_prctl(int code, unsigned long addr)
+long sys_arch_prctl(unsigned long code, unsigned long addr)
 {
        return do_arch_prctl(current, code, addr);
 }

This is the same truncation that we do with SYSCALL_DEFINE2(),
clearing the top 32 bits of the 'code' parameter to ensure that
user space doesn't pass data unexpectedly.

That change seems reasonable, but why not just use SYSCALL_DEFINE2()
directly for consistency with the other syscalls?

	Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ