| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrVOb91w8SJwYKSXgtfs+MyzifpPoVSyiaOUKCVSXKwNSg@mail.gmail.com>
Date: Sat, 27 Jul 2019 17:33:44 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Andy Lutomirski <luto@...nel.org>,
Sean Christopherson <sean.j.christopherson@...el.com>,
Kees Cook <keescook@...omium.org>,
Vincenzo Frascino <vincenzo.frascino@....com>,
X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
Paul Bolle <pebolle@...cali.nl>, Arnd Bergmann <arnd@...db.de>
Subject: Re: [5.2 REGRESSION] Generic vDSO breaks seccomp-enabled userspace on i386
On Sat, Jul 27, 2019 at 2:52 PM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> On Sat, 27 Jul 2019, Thomas Gleixner wrote:
> > On Sat, 27 Jul 2019, Andy Lutomirski wrote:
> > >
> > > I think it's getting quite late to start inventing new seccomp
> > > features to fix this. I think the right solution for 5.3 is to change
> > > the 32-bit vdso fallback to use the old clock_gettime, i.e.
> > > clock_gettime32. This is obviously not an acceptable long-term
> > > solution.
> >
> > Sigh. I'll have a look....
>
> Completely untested patch below.
>
> For the record: I have to say that I hate it.
Me too.
How about something more like the attached. (The attachment obviously
won't compile, since it's incomplete. I'm wondering if you think the
idea is okay. The idea is to have the vdso calls fall back to the
corresponding syscalls rather than internally converting.)
--Andy
View attachment "vdso.patch" of type "text/x-patch" (1794 bytes)
Powered by blists - more mailing lists