| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2018 19:25:39 -0700
From: hpa@...or.com
To: Ingo Molnar <mingo@...nel.org>,
"H. Peter Anvin, Intel" <h.peter.anvin@...el.com>
CC: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"H. Peter Anvin" <hpa@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Andy Lutomirski <luto@...nel.org>,
"Chang S . Bae" <chang.seok.bae@...el.com>,
"Markus T . Metzger" <markus.t.metzger@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Josh Poimboeuf <jpoimboe@...hat.com>
Subject: Re: [PATCH v3 0/7] x86/ptrace: regset access to the GDT and LDT
On June 21, 2018 6:58:51 PM PDT, Ingo Molnar <mingo@...nel.org> wrote:
>
>* H. Peter Anvin, Intel <h.peter.anvin@...el.com> wrote:
>
>> From: "H. Peter Anvin" <hpa@...ux.intel.com>
>>
>> Give a debugger access to the visible part of the GDT and LDT. This
>> allows a debugger to find out what a particular segment descriptor
>> corresponds to; e.g. if %cs is 16, 32, or 64 bits.
>>
>> v3:
>> Requalify LDT segments for selectors that have actually changed.
>>
>> v2:
>> Add missing change to elf.h for the very last patch.
>>
>> Cc: Ingo Molnar <mingo@...nel.org>
>> Cc: Thomas Gleixner <tglx@...utronix.de>
>> Cc: Andy Lutomirski <luto@...nel.org>
>> Cc: Chang S. Bae <chang.seok.bae@...el.com>
>> Cc: Markus T. Metzger <markus.t.metzger@...el.com>
>> Cc: H. Peter Anvin <hpa@...or.com>
>>
>> arch/x86/Kconfig | 4 +
>> arch/x86/include/asm/desc.h | 24 +++-
>> arch/x86/include/asm/ldt.h | 16 +++
>> arch/x86/include/asm/segment.h | 10 ++
>> arch/x86/kernel/Makefile | 3 +-
>> arch/x86/kernel/ldt.c | 283
>++++++++++++++++++++++++++++++++---------
>> arch/x86/kernel/ptrace.c | 103 ++++++++++++++-
>> arch/x86/kernel/tls.c | 102 +++++----------
>> arch/x86/kernel/tls.h | 8 +-
>> include/uapi/linux/elf.h | 2 +
>> 10 files changed, 413 insertions(+), 142 deletions(-)
>
>Ok, this looks mostly good to me at a quick glance, but could you
>please do one
>more iteration and more explicitly describe where you change/extend
>existing ABIs?
>
>I.e. instead of a terse and somewhat vague summary:
>
>> x86/tls,ptrace: provide regset access to the GDT
>>
>> Give a debugger access to the visible part of the GDT and LDT. This
>> allows a debugger to find out what a particular segment descriptor
>> corresponds to; e.g. if %cs is 16, 32, or 64 bits.
>
>Please make it really explicit how the ABI is affected, both in the
>title and in
>the description, and also _explain_ how this helps us over what we had
>before,
>plus also list limitations of the new ABI.
>
>I.e. something like:
>
> x86/tls, ptrace: Extend the ptrace ABI with the new REGSET_GDT method
>
> Add the new REGSET_GDT ptrace variant to PTRACE_{GET|SET}REGSET,
> to give read and write access to the GDT:
>
>- Previously only certain parts of the GDT were visible, and only via
>random
>ABIs and instructions - there was no architectured access to all of it.
>
>- The SETREGSET variant is only allowed to change the TLS area of the
>GDT.
>
>(or so.)
>
>This is important not just for documentation and library support
>purposes, but
>also to be able to review it properly, to match 'intent' to
>'implementation'.
>
>(It might also help later on in finding bugs/quirks, if any.)
>
>Please do this for all patches in the series that change the ABI.
>
>Thanks,
>
> Ingo
ACK.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Powered by blists - more mailing lists