lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 5 Jan 2018 10:01:23 -0800
From:   Andy Lutomirski <luto@...nel.org>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Andy Lutomirski <luto@...nel.org>, X86 ML <x86@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Kees Cook <keescook@...omium.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [RFC] selftests/x86: Add test_vsyscall

On Fri, Jan 5, 2018 at 5:40 AM, Borislav Petkov <bp@...en8.de> wrote:
> On Thu, Jan 04, 2018 at 09:38:37PM -0800, Andy Lutomirski wrote:
>> It's RFC because I want to re-read it myself first.  It's also missing
>> a test that will reliably make sure that vsyscall=none prevents use of
>> vsyscalls.
>
> With my patch ontop of 4.4 from yesterday:
>
> # ./test_vsyscall_32
> Warning: failed to find getcpu in vDSO

I should suppress that warning on 32-bit.  Apparently no one ever
wired up 32-bit getcpu.

> [RUN]   Checking read access to the vsyscall page
> [FAIL]  We don't have read access, but we should
>
> Do I really need the read access? :-)

Yes.  There are very clever tools like 'pin' that instrument a binary
by decoding all the instructions it executes and generating an
instrumented copy.  If that binary calls into the vDSO, the vDSO gets
decoded and instrumented (which works fine).  If the binary calls into
the vsyscall page, it still needs to work.  So the vsyscall page
contains machine code that actually works (even if it's NX) to support
these tools.  The authors and users of the tools yelled loudly in an
earlier version of the vsyscall emulation code that didn't support
this use case.

The root cause here is that 4.4 is KAISER, not KPTI.  The
kaiser_set_shadow_pgd() function is a steaming pile of shit, and this
is a known bug in it.  I have zero desire to hack up some stupid
special case in there.  For the modern KPTI kernels, I rewrote that
function entirely to be much simpler and much more correct.

It should be straightforward to kludge something up, though, but I'm
not volunteering.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ