| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Nov 2018 21:50:41 +0000
From: "Bae, Chang Seok" <chang.seok.bae@...el.com>
To: LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3] x86/fsgsbase/64: Fix the base write helper functions
On Nov 6, 2018, at 17:23, Andy Lutomirski <luto@...nel.org> wrote:
>
> On Thu, Nov 1, 2018 at 1:32 PM Chang S. Bae <chang.seok.bae@...el.com> wrote:
>>
>> @@ -392,12 +384,7 @@ int x86_fsbase_write_task(struct task_struct *task, unsigned long fsbase)
>> if (unlikely(fsbase >= TASK_SIZE_MAX))
>> return -EPERM;
>>
>> - preempt_disable();
>> task->thread.fsbase = fsbase;
>> - if (task == current)
>> - x86_fsbase_write_cpu(fsbase);
>> - task->thread.fsindex = 0;
>> - preempt_enable();
>>
>> return 0;
>> }
>
> Similar objection to last time. If you get rid of the task == current
> check, you should WARN_ON_ONCE(task != current).
>
From your previous comments, I was a bit confused by a mixture of options.
It looks like you’d intended to suggest two different ways (by our own words):
1. The _write_task() functions must not be called on current. Then
there should be a warning, and you shouldn't call them on current.
2. The _write_task() functions should work correctly on current. In
this case, you shouldn't need to *also* called _write_cpu /
_write_cpu_inactive. You'll still need the special loadseg handling
in do_arch_prctl_64().
The option 1 looks to be simple and straight forward. So, let me go with that.
Nit. I think it should be WARN_ON_ONCE(task == current).
>> @@ -758,11 +740,41 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
>>
>> switch (option) {
>> case ARCH_SET_GS: {
>> + preempt_disable();
>> ret = x86_gsbase_write_task(task, arg2);
>> + if (ret == 0) {
>> + /*
>> + * ARCH_SET_GS has always overwritten the index
>> + * and the base. Zero is the most sensible value
>> + * to put in the index, and is the only value that
>> + * makes any sense if FSGSBASE is unavailable.
>> + */
>> + if (task == current) {
>> + loadseg(GS, 0);
>> + x86_gsbase_write_cpu_inactive(arg2);
>> + } else {
>> + task->thread.gsindex = 0;
>> + }
>> + }
>> + preempt_enable();
>
> And you should drop the redundant ...write_task if task == current.
To avoid the redundancy, the sanity check for a base value can be moved out here.
>>
>> diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
>> index ffae9b9740fd..e4ab1abca5b5 100644
>> --- a/arch/x86/kernel/ptrace.c
>> +++ b/arch/x86/kernel/ptrace.c
>> @@ -397,11 +397,11 @@ static int putreg(struct task_struct *child,
>> if (value >= TASK_SIZE_MAX)
>> return -EIO;
>> /*
>> - * When changing the FS base, use the same
>> - * mechanism as for do_arch_prctl_64().
>> + * When changing the FS base, use do_arch_prctl_64()
>> + * to set the index and the base.
>
> to set the index to zero and to set the base as requested.
Thanks for the edit.
Chang
Powered by blists - more mailing lists