| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Mar 2019 11:47:15 +0000
From: Kevin Brodsky <kevin.brodsky@....com>
To: Andrey Konovalov <andreyknvl@...gle.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Mark Rutland <mark.rutland@....com>,
Robin Murphy <robin.murphy@....com>,
Kees Cook <keescook@...omium.org>,
Kate Stewart <kstewart@...uxfoundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Shuah Khan <shuah@...nel.org>,
Vincenzo Frascino <vincenzo.frascino@....com>,
Eric Dumazet <edumazet@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org,
linux-mm@...ck.org, linux-arch@...r.kernel.org,
netdev@...r.kernel.org, bpf@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
Kostya Serebryany <kcc@...gle.com>,
Evgeniy Stepanov <eugenis@...gle.com>,
Lee Smith <Lee.Smith@....com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>,
Jacob Bramley <Jacob.Bramley@....com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>,
Chintan Pandya <cpandya@...eaurora.org>,
Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
Dave Martin <Dave.Martin@....com>,
Szabolcs Nagy <Szabolcs.Nagy@....com>
Subject: Re: [PATCH v11 09/14] kernel, arm64: untag user pointers in
prctl_set_mm*
On 15/03/2019 19:51, Andrey Konovalov wrote:
> This patch is a part of a series that extends arm64 kernel ABI to allow to
> pass tagged user pointers (with the top byte set to something else other
> than 0x00) as syscall arguments.
>
> prctl_set_mm() and prctl_set_mm_map() use provided user pointers for vma
> lookups, which can only by done with untagged pointers.
>
> Untag user pointers in these functions.
>
> Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
> ---
> kernel/sys.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/kernel/sys.c b/kernel/sys.c
> index 12df0e5434b8..8e56d87cc6db 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -1993,6 +1993,18 @@ static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data
> if (copy_from_user(&prctl_map, addr, sizeof(prctl_map)))
> return -EFAULT;
>
> + prctl_map->start_code = untagged_addr(prctl_map.start_code);
> + prctl_map->end_code = untagged_addr(prctl_map.end_code);
> + prctl_map->start_data = untagged_addr(prctl_map.start_data);
> + prctl_map->end_data = untagged_addr(prctl_map.end_data);
> + prctl_map->start_brk = untagged_addr(prctl_map.start_brk);
> + prctl_map->brk = untagged_addr(prctl_map.brk);
> + prctl_map->start_stack = untagged_addr(prctl_map.start_stack);
> + prctl_map->arg_start = untagged_addr(prctl_map.arg_start);
> + prctl_map->arg_end = untagged_addr(prctl_map.arg_end);
> + prctl_map->env_start = untagged_addr(prctl_map.env_start);
> + prctl_map->env_end = untagged_addr(prctl_map.env_end);
As the buildbot suggests, those -> should be . instead :) You might want to check
your local build with CONFIG_CHECKPOINT_RESTORE=y.
> +
> error = validate_prctl_map(&prctl_map);
> if (error)
> return error;
> @@ -2106,6 +2118,8 @@ static int prctl_set_mm(int opt, unsigned long addr,
> opt != PR_SET_MM_MAP_SIZE)))
> return -EINVAL;
>
> + addr = untagged_addr(addr);
This is a bit too coarse, addr is indeed used for find_vma() later on, but it is also
used to access memory, by prctl_set_mm_mmap() and prctl_set_auxv().
Kevin
> +
> #ifdef CONFIG_CHECKPOINT_RESTORE
> if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE)
> return prctl_set_mm_map(opt, (const void __user *)addr, arg4);
Powered by blists - more mailing lists