lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1810021949450.1435@nanos.tec.linutronix.de>
Date:   Tue, 2 Oct 2018 19:58:06 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Tim Chen <tim.c.chen@...ux.intel.com>
cc:     Jiri Kosina <jikos@...nel.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Casey Schaufler <casey.schaufler@...el.com>,
        Asit Mallick <asit.k.mallick@...el.com>,
        Arjan van de Ven <arjan@...ux.intel.com>,
        Jon Masters <jcm@...hat.com>, linux-kernel@...r.kernel.org,
        x86@...nel.org
Subject: Re: [Patch v2 4/4] x86/speculation: Add prctl to control indirect
 branch speculation per process

On Tue, 25 Sep 2018, Tim Chen wrote:
>  
> +void arch_set_dumpable(struct task_struct *tsk, struct mm_struct *mm, int value)
> +{
> +	if (!static_branch_unlikely(&spectre_v2_app_lite))
> +		return;
> +	if (!static_cpu_has(X86_FEATURE_STIBP))
> +		return;
> +
> +	if ((unsigned) value != SUID_DUMP_USER) {

First of all we use unsigned int and not unsigned, Aside of that why is the
argument not unsigned int right away?

> +		set_tsk_thread_flag(tsk, TIF_STIBP);
> +		return;
> +	}
> +
> +	if (!task_spec_indir_branch_disable(tsk)) {
> +		clear_tsk_thread_flag(tsk, TIF_STIBP);
> +	}

No braces for single line statements required.

> +}
> +
>  #ifdef CONFIG_SECCOMP
>  void arch_seccomp_spec_mitigate(struct task_struct *task)
>  {
> @@ -766,11 +824,33 @@ static int ssb_prctl_get(struct task_struct *task)
>  	}
>  }
>  
> -static void set_stibp(struct task_struct *tsk)
> -{
> -	/*
> -	 * For lite protection mode, we set STIBP only 
> -	 * for non-dumpable processes.
> -	 */
> -
> -	if (!static_branch_unlikely(&spectre_v2_app_lite))
> -		return;
> -
> -	if (!tsk || !tsk->mm)
> -		return;
> -
> -	if (get_dumpable(tsk->mm) != SUID_DUMP_USER)
> -		set_tsk_thread_flag(tsk, TIF_STIBP);
> -	else
> -		clear_tsk_thread_flag(tsk, TIF_STIBP);
> -}

This patch ordering is really strange. You first add set_stibp() just to
replace it in the next patch.


> diff --git a/fs/exec.c b/fs/exec.c
> index 1ebf6e5..89edadd 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1362,9 +1362,9 @@ void setup_new_exec(struct linux_binprm * bprm)
>  	if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP ||
>  	    !(uid_eq(current_euid(), current_uid()) &&
>  	      gid_eq(current_egid(), current_gid())))
> -		set_dumpable(current->mm, suid_dumpable);
> +		set_dumpable(current, current->mm, suid_dumpable);
>  	else
> -		set_dumpable(current->mm, SUID_DUMP_USER);
> +		set_dumpable(current, current->mm, SUID_DUMP_USER);

What's the point of adding an argument instead of just replacing mm with
task?

> +void __weak arch_set_dumpable(struct task_struct *tsk, struct mm_struct *mm, int value)
> +{
> +	return;
> +}

So this wants to be structured as follows:

 Patch 1: Change the argument from mm to task and update the implementation of
 	  set_dumpable() accordingly and fixup the users

 Patch 2: Introduce the weak arch_set_dumpable()
	 
 Patch N: Add the x86 implementation along with the patch which adds the
          stipb magic instead of having that extra step of set_stipb() and
          then replacing it.

 ....

 Patch X: Add the PRCTL

It's well documented that patches should do one thing at a time and not
come as a hodgepogde of changes.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ