| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 09 Apr 2019 14:23:53 +1000
From: Michael Ellerman <mpe@...erman.id.au>
To: Carlos O'Donell <codonell@...hat.com>,
Tulio Magno Quites Machado Filho <tuliom@...ii.art.br>,
Florian Weimer <fweimer@...hat.com>,
Michael Meissner <meissner@...ux.ibm.com>,
Alan Modra <amodra@...il.com>,
Peter Bergner <bergner@...t.ibm.com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
Cc: Paul Burton <paul.burton@...s.com>,
Will Deacon <will.deacon@....com>,
Boqun Feng <boqun.feng@...il.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Martin Schwidefsky <schwidefsky@...ibm.com>,
Russell King <linux@...linux.org.uk>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>, carlos <carlos@...hat.com>,
Joseph Myers <joseph@...esourcery.com>,
Szabolcs Nagy <szabolcs.nagy@....com>,
libc-alpha <libc-alpha@...rceware.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ben Maurer <bmaurer@...com>,
Peter Zijlstra <peterz@...radead.org>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
Dave Watson <davejwatson@...com>, Paul Turner <pjt@...gle.com>,
Rich Felker <dalias@...c.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
linux-api <linux-api@...r.kernel.org>
Subject: Re: [PATCH 1/4] glibc: Perform rseq(2) registration at C startup and thread creation (v7)
Carlos O'Donell <codonell@...hat.com> writes:
> On 4/8/19 3:20 PM, Tulio Magno Quites Machado Filho wrote:
>> Carlos O'Donell <codonell@...hat.com> writes:
>>
>>> On 4/5/19 5:16 AM, Florian Weimer wrote:
>>>> * Carlos O'Donell:
>>>>> It is valuable that it be a trap, particularly for constant pools because
>>>>> it means that a jump into the constant pool will trap.
>>>>
>>>> Sorry, I don't understand why this matters in this context. Would you
>>>> please elaborate?
>>>
>>> Sorry, I wasn't very clear.
>>>
>>> My point is only that any accidental jumps, either with off-by-one (like you
>>> fixed in gcc/glibc's signal unwinding most recently), result in a process fault
>>> rather than executing RSEQ_SIG as a valid instruction *and then* continuing
>>> onwards to the handler.
>>>
>>> A process fault is achieved either by a trap, or an invalid instruction, or
>>> a privileged insn (like suggested for MIPS in this thread).
>>
>> In that case, mtmsr (Move to Machine State Register) seems a good candidate.
>>
>> mtmsr is available both on 32 and 64 bits since their first implementations.
>>
>> It's a privileged instruction and should never appear in userspace
>> code (causes SIGILL).
I'd much rather we use a trap with a specific immediate value. Otherwise
someone's going to waste time one day puzzling over why userspace is
doing mtmsr.
It would also complicate things if we ever wanted to emulate mtmsr.
If we want something that is a trap rather than a nop then use 0x0fe50553.
That's "compare the value in r5 with 0x553 and then trap unconditionally".
It shows up in objdump as:
10000000: 53 05 e5 0f twui r5,1363
The immediate can be anything, I chose that value to mimic the x86 value
Mathieu mentioned.
There's no reason that instruction would ever be generated because the
immediate value serves no purpose. So it satisfies the "very unlikely
to appear" criteria AFAICS.
cheers
Powered by blists - more mailing lists