lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <492954632.538.1548953612856.JavaMail.zimbra@efficios.com>
Date:   Thu, 31 Jan 2019 11:53:32 -0500 (EST)
From:   Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To:     Joseph Myers <joseph@...esourcery.com>
Cc:     carlos <carlos@...hat.com>, Florian Weimer <fweimer@...hat.com>,
        Szabolcs Nagy <szabolcs.nagy@....com>,
        libc-alpha <libc-alpha@...rceware.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ben Maurer <bmaurer@...com>,
        Peter Zijlstra <peterz@...radead.org>,
        "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
        Boqun Feng <boqun.feng@...il.com>,
        Will Deacon <will.deacon@....com>,
        Dave Watson <davejwatson@...com>, Paul Turner <pjt@...gle.com>,
        Rich Felker <dalias@...c.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-api <linux-api@...r.kernel.org>
Subject: Re: [RFC PATCH glibc 1/4] glibc: Perform rseq(2) registration at C
 startup and thread creation (v6)

----- On Jan 31, 2019, at 11:37 AM, Mathieu Desnoyers mathieu.desnoyers@...icios.com wrote:

> ----- On Jan 30, 2019, at 4:10 PM, Joseph Myers joseph@...esourcery.com wrote:
> 
>> On Wed, 30 Jan 2019, Mathieu Desnoyers wrote:
>> 
>>> #if defined (__NR_rseq) && !defined (RSEQ_SIG)
>>> # error "UAPI headers support rseq system call, but glibc does not define
>>> RSEQ_SIG."
>>> #endif
>>> 
>>> Would that take care of your concerns ?
>> 
>> That would of course need appropriate conditionals based on the most
>> recent kernel version for which a given glibc version has been updated, so
>> that using new kernel headers with an existing glibc release does not make
>> the build fail (cf. the test of syscall-names.list).
> 
> The test I hint at above would not be for the glibc build per se. It would
> be for a check that glibc implements support for all the system calls
> available in the kernel headers (if such a test target currently exists).
> 
>> And being able to
>> write such a test only solves one half of the problem - it needs to be
>> easy to determine what value to put in that header in glibc for an
>> architecture that's newly gained support in the kernel, *without* needing
>> any architecture expertise.
> 
> I'm afraid this requirement is incompatible with the nature of the RSEQ
> signature. This signature may be required to be a specific trap instruction
> by the architecture, so deciding on its value without architecture expertise
> is not possible.

Just to clarify a point: the "success criterion" I'm aiming for here is to
provide a rseq integration that does not cause foreseeable user crashes on
upgrade.

I'm all for taking into account the maintenance burden on glibc maintainers as
a metric in the implementation choices made, but at this point, I don't see
how we can achieve success without introducing architecture headers for the
RSEQ_SIG signature. If you have ideas on how to further minimize the maintenance
burden for glibc maintainers while still meeting the success criterion, I'm all
ears.

Thanks,

Mathieu



-- 
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ