lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 18 Dec 2017 16:34:10 +0800
From:   Rui Wang <rui.y.wang@...el.com>
To:     linux-kernel@...r.kernel.org, x86@...nel.org
Cc:     dave.hansen@...ux.intel.com, rui.y.wang@...el.com
Subject: [PATCH] x86/mpx/selftests: Fix wrong bounds with old _sigfault

I fixed this on my machine and forgot to tell anyone until a
recent bug report. The patch almost get lost. Archiving it here.

For distributions with old userspace header files, the _sigfault
structure is different. mpx-mini-test fails with the following
error:

[root@...ley]# mpx-mini-test_64 tabletest
XSAVE is supported by HW & OS
XSAVE processor supported state mask: 0x2ff
XSAVE OS supported state mask: 0x2ff
 BNDREGS: size: 64 user: 1 supervisor: 0 aligned: 0
  BNDCSR: size: 64 user: 1 supervisor: 0 aligned: 0
starting mpx bounds table test
ERROR: siginfo bounds do not match shadow bounds for register 0

Fix it by using the correct offset of _lower/_upper in _sigfault.
RHEL needs this patch to work.

Fixes: e754aedc26ef ("x86/mpx, selftests: Add MPX self test")
Signed-off-by: Rui Wang <rui.y.wang@...el.com>
---
 tools/testing/selftests/x86/mpx-mini-test.c |   27 +++++++++++++++++++++++++--
 1 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/x86/mpx-mini-test.c b/tools/testing/selftests/x86/mpx-mini-test.c
index ec0f6b4..45035c3 100644
--- a/tools/testing/selftests/x86/mpx-mini-test.c
+++ b/tools/testing/selftests/x86/mpx-mini-test.c
@@ -315,11 +315,34 @@ static uint64_t read_mpx_status_sig(ucontext_t *uctxt)
 	return si->si_upper;
 }
 #else
+
+/* This deals with old version of _sigfault in some distros
+old _sigfault:
+        struct {
+            void *si_addr;
+	} _sigfault;
+
+new _sigfault:
+	struct {
+		void __user *_addr;
+		int _trapno;
+		short _addr_lsb;
+		union {
+			struct {
+				void __user *_lower;
+				void __user *_upper;
+			} _addr_bnd;
+			__u32 _pkey;
+		};
+	} _sigfault;
+*/
 static inline void **__si_bounds_hack(siginfo_t *si)
 {
 	void *sigfault = &si->_sifields._sigfault;
 	void *end_sigfault = sigfault + sizeof(si->_sifields._sigfault);
-	void **__si_lower = end_sigfault;
+	int *trapno = (int*)end_sigfault;
+	/* skip _trapno and _addr_lsb */
+	void **__si_lower = (void**)(trapno + 2);
 
 	return __si_lower;
 }
@@ -331,7 +354,7 @@ static uint64_t read_mpx_status_sig(ucontext_t *uctxt)
 
 static inline void *__si_bounds_upper(siginfo_t *si)
 {
-	return (*__si_bounds_hack(si)) + sizeof(void *);
+	return *(__si_bounds_hack(si) + 1);
 }
 #endif
 
-- 
1.7.5.4

Powered by blists - more mailing lists