lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 2 Dec 2016 07:39:10 +0300
From:   Eugene Syromyatnikov <evgsyr@...il.com>
To:     linux-kernel@...r.kernel.org
Subject: CONFIG_* in UAPI headers

Hello.

It was noticed during addition of support for the new arch_prctl code constants
to strace that these new constants (ARCH_MAP_VDSO_X32, ARCH_MAP_VDSO_32 and
ARCH_MAP_VDSO_64) are guarded with the CONFIG_CHECKPOINT_RESTORE ifdef.
However, from what I can see (by looking at headers in and around
/usr/include/linux in Debian and Red Hat distributions), kernel configuration
definitions are not exported as a part of the UAPI headers, so these definitions
would be unusable unless user application explicitly defines
CONFIG_CHECKPOINT_RESTORE macro, regardless of kernel support.

Further inspection of UAPI headers revealed that there are several other
examples of such CONFIG_*-guarded definitions, namely:
 * include/uapi/asm-generic/fcntl.h — ifndef CONFIG_64BIT (however glibc
   headers have own magic regarding fcntl constants)
 * include/uapi/asm-generic/mman-common.h —
   ifdef CONFIG_MMAP_ALLOW_UNINITIALIZED
 * include/uapi/asm-generic/unistd.h — ifdef CONFIG_MMU
 * include/uapi/linux/atmdev.h — ifdef CONFIG_COMPAT
 * include/uapi/linux/elfcore.h — ifdef CONFIG_BINFMT_ELF_FDPIC
 * include/uapi/linux/eventpoll.h — ifdef CONFIG_PM_SLEEP
 * include/uapi/linux/fb.h — ifdef CONFIG_FB_BACKLIGHT
 * include/uapi/linux/flat.h — ifdef CONFIG_BINFMT_SHARED_FLAT
 * include/uapi/linux/hw_breakpoint.h — ifdef CONFIG_HAVE_MIXED_BREAKPOINTS_REGS
 * include/uapi/linux/pktcdvd.h — if defined(CONFIG_CDROM_PKTCDVD_WCACHE)
 * arch/arc/include/uapi/asm/swab.h — ifdef CONFIG_ARC_HAS_SWAPE
 * arch/arm/include/uapi/asm/ptrace.h — ifdef CONFIG_CPU_ENDIAN_BE8
 * arch/hexagon/include/uapi/asm/ptrace.h — if CONFIG_HEXAGON_ARCH_VERSION >= 4
 * arch/hexagon/include/uapi/asm/user.h — if CONFIG_HEXAGON_ARCH_VERSION < 4
 * arch/m68k/include/uapi/asm/ptrace.h — ifdef CONFIG_COLDFIRE
 * arch/nios2/include/uapi/asm/swab.h — ifdef CONFIG_NIOS2_CI_SWAB_SUPPORT
 * arch/x86/include/uapi/asm/auxvec.h — if defined(CONFIG_IA32_EMULATION) ||
   !defined(CONFIG_X86_64)
 * arch/x86/include/uapi/asm/mman.h —
   ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS (another piece of the new code
   added in 4.9)
 * arch/xtensa/include/uapi/asm/mman.h — ifdef CONFIG_MMAP_ALLOW_UNINITIALIZED

Maybe most of these are false positives, but by looking at them it isn't clear
how user space should use definitions and code under under these checks, so
maybe it should be moved out from UAPI or at least fitted with comments
regarding necessity of these guards useful only in kernel space?

-- 
Eugene Syromyatnikov
mailto:evgsyr@...il.com
xmpp:esyr@...ber.{ru|org}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ