lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 14 Jul 2016 07:49:14 +0000
From:	Zheng Xu <Zheng.Xu@....com>
To:	"agraf@...e.de" <agraf@...e.de>,
	Steve Capper <Steve.Capper@....com>
CC:	Ard Biesheuvel <ard.biesheuvel@...aro.org>,
	Mark Rutland <Mark.Rutland@....com>,
	"mbrugger@...e.com" <mbrugger@...e.com>,
	"Catalin Marinas" <Catalin.Marinas@....com>,
	Will Deacon <Will.Deacon@....com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-arm-kernel@...ts.infradead.org" 
	<linux-arm-kernel@...ts.infradead.org>,
	Stuart Monteith <Stuart.Monteith@....com>
Subject: RE: [PATCH] arm64: Add config to limit user space to 47bits

Sorry, I might misunderstand the issue. I thought there are still issues with master.

I saw that you've mentioned there are pointers to .rodata. And I only fixed the heap. So I am just worried if there can be issues with .rodata. If pointers to .rodata are not tagged and used as js objects, it should be fine.

Thanks,
Zheng

-----Original Message-----
From: Alexander Graf [mailto:agraf@...e.de]
Sent: 14 July 2016 15:14
To: Zheng Xu; Steve Capper
Cc: Ard Biesheuvel; Mark Rutland; mbrugger@...e.com; Catalin Marinas; Will Deacon; linux-kernel@...r.kernel.org; linux-arm-kernel@...ts.infradead.org; Stuart Monteith
Subject: Re: [PATCH] arm64: Add config to limit user space to 47bits


On 14.07.16 09:03, Zheng Xu wrote:
> LuaJIT also fix the 48VA issue by allocating heap memory below 47 bits.
>
> For mozjs issue, if there are pointers to .rodata, it can be a problem. Does it happen on master and do we have any case to reproduce the issue so that I can take a look?

mozjs is fixed with your patch. I backported it to all of the ancient versions of mozjs, so we're probably good there. Though every distro will have to redo that work in their own trees, because older versions of mozjs are no longer maintained upstream. If you want to be a hero, you can try to port polkitd and gnome to use more recent versions of mozjs ;). Or maybe they can already and we just messed up packaging.

The issue I mentioned with "js 1.8.5" is this gem:


https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Releases/1.8.5

I don't know the exact history, but I think it predates mozjs. With a bit of sledge hammering your heap allocation patch applies there too, but we still get the rodata references.


Alex

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ