| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ftksvi2g.fsf@mpe.ellerman.id.au>
Date: Thu, 19 Sep 2019 17:52:39 +1000
From: Michael Ellerman <mpe@...erman.id.au>
To: Oleg Nesterov <oleg@...hat.com>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Madhavan Srinivasan <maddy@...ux.vnet.ibm.com>,
Paul Mackerras <paulus@...ba.org>
Cc: Jan Kratochvil <jan.kratochvil@...hat.com>,
linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH?] powerpc: Hard wire PT_SOFTE value to 1 in gpr_get() too
Hi Oleg,
Thanks for the patch.
Oleg Nesterov <oleg@...hat.com> writes:
> I don't have a ppc machine, this patch wasn't even compile tested,
> could you please review?
>
> The commit a8a4b03ab95f ("powerpc: Hard wire PT_SOFTE value to 1 in
> ptrace & signals") changed ptrace_get_reg(PT_SOFTE) to report 0x1,
> but PTRACE_GETREGS still copies pt_regs->softe as is.
Ugh, that certainly seems broken. I guess we forgot/didn't-know that
there were two paths through ptrace to get the one register.
> This is not consistent and this breaks
> http://sourceware.org/systemtap/wiki/utrace/tests/user-regs-peekpoke
That's a 404 for me?
Is it this: https://sourceware.org/systemtap/wiki/utrace/tests/
That seems to point me to a CVS repo? Which then didn't build. But now I
have that one test built, and you're right it fails with:
$ ./user-regs-peekpoke
mismatch at offset 0x138: poked 0 but peeked 1
> Reported-by: Jan Kratochvil <jan.kratochvil@...hat.com>
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>
> ---
> arch/powerpc/kernel/ptrace.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
> diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
> index 8c92feb..9e9342c 100644
> --- a/arch/powerpc/kernel/ptrace.c
> +++ b/arch/powerpc/kernel/ptrace.c
> @@ -363,11 +363,36 @@ static int gpr_get(struct task_struct *target, const struct user_regset *regset,
> BUILD_BUG_ON(offsetof(struct pt_regs, orig_gpr3) !=
> offsetof(struct pt_regs, msr) + sizeof(long));
>
> +#ifdef CONFIG_PPC64
> + if (!ret)
> + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
> + &target->thread.regs->orig_gpr3,
> + offsetof(struct pt_regs, orig_gpr3),
> + offsetof(struct pt_regs, softe));
> +
> + if (!ret) {
> + unsigned long softe = 0x1;
> + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &msr,
> + offsetof(struct pt_regs, softe),
> + offsetof(struct pt_regs, softe) +
> + sizeof(softe));
> + }
> +
> + BUILD_BUG_ON(offsetof(struct pt_regs, trap) !=
> + offsetof(struct pt_regs, softe) + sizeof(long));
> +
> + if (!ret)
> + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
> + &target->thread.regs->trap,
> + offsetof(struct pt_regs, trap),
> + sizeof(struct user_pt_regs));
> +#else
> if (!ret)
> ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
> &target->thread.regs->orig_gpr3,
> offsetof(struct pt_regs, orig_gpr3),
> sizeof(struct user_pt_regs));
> +#endif
> if (!ret)
> ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
> sizeof(struct user_pt_regs), -1);
It would be nice if we could isolate the special logic in once place,
ie. ptrace_get_reg().
We could do it like below. I'm 50/50 though on whether it's worth it, or
if we should just go with the big ifdef like in your patch.
cheers
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index 8c92febf5f44..55510f1a7ec1 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -334,6 +334,11 @@ int ptrace_put_reg(struct task_struct *task, int regno, unsigned long data)
return -EIO;
}
+#ifndef __powerpc64__
+/* Needed on 32-bit to make the SOFTE logic below work without ifdefs */
+#define PT_SOFTE PT_MQ
+#endif
+
static int gpr_get(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
void *kbuf, void __user *ubuf)
@@ -367,6 +372,24 @@ static int gpr_get(struct task_struct *target, const struct user_regset *regset,
ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
&target->thread.regs->orig_gpr3,
offsetof(struct pt_regs, orig_gpr3),
+ PT_SOFTE * sizeof(long));
+
+ /* SOFTE is special on 64-bit, the logic is in ptrace_get_reg() */
+ if (!ret) {
+ unsigned long val = 0;
+ ptrace_get_reg(target, PT_SOFTE, &val);
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &val,
+ PT_SOFTE * sizeof(long),
+ offsetof(struct pt_regs, trap));
+ }
+
+ BUILD_BUG_ON(offsetof(struct pt_regs, trap) !=
+ (PT_SOFTE * sizeof(long)) + sizeof(long));
+
+ if (!ret)
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+ &target->thread.regs->trap,
+ offsetof(struct pt_regs, trap),
sizeof(struct user_pt_regs));
if (!ret)
ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
@@ -3384,9 +3407,13 @@ void __init pt_regs_check(void)
#ifdef __powerpc64__
BUILD_BUG_ON(offsetof(struct pt_regs, softe) !=
offsetof(struct user_pt_regs, softe));
+ BUILD_BUG_ON(offsetof(struct pt_regs, softe) !=
+ PT_SOFTE * sizeof(long));
#else
BUILD_BUG_ON(offsetof(struct pt_regs, mq) !=
offsetof(struct user_pt_regs, mq));
+ BUILD_BUG_ON(offsetof(struct pt_regs, mq) !=
+ PT_MQ * sizeof(long));
#endif
BUILD_BUG_ON(offsetof(struct pt_regs, trap) !=
offsetof(struct user_pt_regs, trap));
Powered by blists - more mailing lists