lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 07 Mar 2019 09:14:45 -0800
From:   hpa@...or.com
To:     Peter Zijlstra <peterz@...radead.org>,
        torvalds@...ux-foundation.org, tglx@...utronix.de,
        julien.thierry@....com, will.deacon@....com, luto@...capital.net,
        mingo@...nel.org, catalin.marinas@....com, james.morse@....com,
        valentin.schneider@....com, brgerst@...il.com, jpoimboe@...hat.com,
        luto@...nel.org, bp@...en8.de, dvlasenk@...hat.com
CC:     linux-kernel@...r.kernel.org, peterz@...radead.org,
        dvyukov@...gle.com, rostedt@...dmis.org
Subject: Re: [PATCH 00/20] objtool: UACCESS validation v3

On March 7, 2019 3:45:11 AM PST, Peter Zijlstra <peterz@...radead.org> wrote:
>Teach objtool to validate the UACCESS (SMAP, PAN) rules with are
>currently
>unenforced and (therefore obviously) violated.
>
>UACCESS sections should be small; we want to limit the amount of code
>that can
>touch userspace. Furthermore, UACCESS state isn't scheduled, this means
>that
>anything that directly calls into the scheduler will result in random
>code
>running with UACCESS enabled and possibly getting back into the UACCESS
>region
>with UACCESS disabled and causing faults.
>
>Forbid any CALL/RET while UACCESS is enabled; but provide a few
>exceptions.
>
>This builds x86_64-allmodconfig clean, and I've only got a few
>randconfig
>failures left (GCC-8) that I'm not quite understanding.
>
>---
> arch/x86/ia32/ia32_signal.c                |  29 ++-
> arch/x86/include/asm/asm.h                 |  24 --
> arch/x86/include/asm/nospec-branch.h       |   4 +-
> arch/x86/include/asm/smap.h                |  20 ++
> arch/x86/include/asm/uaccess.h             |   5 +-
> arch/x86/include/asm/uaccess_64.h          |   3 -
> arch/x86/include/asm/xen/hypercall.h       |  26 +-
> arch/x86/kernel/signal.c                   |   2 +-
> arch/x86/lib/copy_user_64.S                |  48 ++++
> arch/x86/lib/memcpy_64.S                   |   3 +-
> arch/x86/lib/usercopy_64.c                 |  20 --
> drivers/gpu/drm/i915/i915_gem_execbuffer.c |   6 +-
> include/linux/uaccess.h                    |   2 +
> kernel/trace/trace_branch.c                |   4 +
> lib/Makefile                               |   1 +
> lib/ubsan.c                                |   4 +
> mm/kasan/Makefile                          |   3 +
> mm/kasan/common.c                          |  10 +
> mm/kasan/report.c                          |   3 +-
> scripts/Makefile.build                     |   3 +
> tools/objtool/Makefile                     |   2 +-
> tools/objtool/arch.h                       |   8 +-
> tools/objtool/arch/x86/decode.c            |  26 +-
> tools/objtool/builtin-check.c              |   4 +-
> tools/objtool/builtin.h                    |   2 +-
>tools/objtool/check.c                      | 382
>++++++++++++++++++++++-------
> tools/objtool/check.h                      |   4 +-
> tools/objtool/elf.c                        |  15 +-
> tools/objtool/elf.h                        |   3 +-
> tools/objtool/special.c                    |  10 +-
> tools/objtool/warn.h                       |   8 +
> 31 files changed, 511 insertions(+), 173 deletions(-)
>
>
> 

This is phenomenal. Thank you so much for digging into this. I'm hoping this will greatly reduce the risk of future leakage.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ