| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2a7e5737-2f5a-02c7-bf74-9371190a0370@virtuozzo.com>
Date: Mon, 13 Mar 2017 17:17:00 +0300
From: Dmitry Safonov <dsafonov@...tuozzo.com>
To: Thomas Gleixner <tglx@...utronix.de>
CC: <linux-kernel@...r.kernel.org>, <0x7f454c46@...il.com>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...e.de>, <x86@...nel.org>,
<linux-mm@...ck.org>, Cyrill Gorcunov <gorcunov@...nvz.org>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Michael Kerrisk <mtk@...7.org>
Subject: Re: [PATCHv6 4/5] x86/mm: check in_compat_syscall() instead
TIF_ADDR32 for mmap(MAP_32BIT)
On 03/13/2017 05:03 PM, Thomas Gleixner wrote:
> On Mon, 13 Mar 2017, Dmitry Safonov wrote:
>> On 03/13/2017 04:47 PM, Thomas Gleixner wrote:
>>> On Mon, 13 Mar 2017, Dmitry Safonov wrote:
>>>> On 03/13/2017 12:39 PM, Thomas Gleixner wrote:
>>>>> On Mon, 6 Mar 2017, Dmitry Safonov wrote:
>>>>>
>>>>>> Result of mmap() calls with MAP_32BIT flag at this moment depends
>>>>>> on thread flag TIF_ADDR32, which is set during exec() for 32-bit apps.
>>>>>> It's broken as the behavior of mmap() shouldn't depend on exec-ed
>>>>>> application's bitness. Instead, it should check the bitness of mmap()
>>>>>> syscall.
>>>>>> How it worked before:
>>>>>> o for 32-bit compatible binaries it is completely ignored. Which was
>>>>>> fine when there were one mmap_base, computed for 32-bit syscalls.
>>>>>> After introducing mmap_compat_base 64-bit syscalls do use computed
>>>>>> for 64-bit syscalls mmap_base, which means that we can allocate 64-bit
>>>>>> address with 64-bit syscall in application launched from 32-bit
>>>>>> compatible binary. And ignoring this flag is not expected behavior.
>>>>>
>>>>> Well, the real question here is, whether we should allow 32bit
>>>>> applications
>>>>> to obtain 64bit mappings at all. We can very well force 32bit
>>>>> applications
>>>>> into the 4GB address space as it was before your mmap base splitup and
>>>>> be
>>>>> done with it.
>>>>
>>>> Hmm, yes, we could restrict 32bit applications to 32bit mappings only.
>>>> But the approach which I tried to follow in the patches set, it was do
>>>> not base the logic on the bitness of launched applications
>>>> (native/compat) - only base on bitness of the performing syscall.
>>>> The idea was suggested by Andy and I made mmap() logic here independent
>>>> from original application's bitness.
>>>>
>>>> It also seems to me simpler:
>>>> if 32-bit application wants to allocate 64-bit mapping, it should
>>>> long-jump with 64-bit segment descriptor and do `syscall` instruction
>>>> for 64-bit syscall entry path. So, in my point of view after this dance
>>>> the application does not differ much from native 64-bit binary and can
>>>> have 64-bit address mapping.
>>>
>>> Works for me, but it lacks documentation .....
>>
>> Sure, could you recommend a better place for it?
>> Should it be in-code comment in x86 mmap() code or Documentation/*
>> change or a patch to man-pages?
>
> I added a comment in the code and fixed up the changelogs. man-page needs
> some care as well.
Big thanks, Thomas!
I'll make a patch for man-pages on the week.
>
> Thanks,
>
> tglx
>
--
Dmitry
Powered by blists - more mailing lists