| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAG48ez1-u8DbxSAu9DXTEEy3-ADquQLWXB6ufV+By7TnuxWOsQ@mail.gmail.com>
Date: Wed, 18 Dec 2019 23:33:54 +0100
From: Jann Horn <jannh@...gle.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
"the arch/x86 maintainers" <x86@...nel.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
kasan-dev <kasan-dev@...glegroups.com>,
kernel list <linux-kernel@...r.kernel.org>,
Andrey Konovalov <andreyknvl@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Sean Christopherson <sean.j.christopherson@...el.com>
Subject: Re: [PATCH v6 4/4] x86/kasan: Print original address on #GP
On Wed, Dec 11, 2019 at 6:37 PM Borislav Petkov <bp@...en8.de> wrote:
> On Mon, Dec 09, 2019 at 03:31:20PM +0100, Jann Horn wrote:
> > arch/x86/kernel/traps.c | 12 ++++++++++-
> > arch/x86/mm/kasan_init_64.c | 21 -------------------
> > include/linux/kasan.h | 6 ++++++
> > mm/kasan/report.c | 40 +++++++++++++++++++++++++++++++++++++
> > 4 files changed, 57 insertions(+), 22 deletions(-)
>
> I need a KASAN person ACK here, I'd guess.
Right, I got a Reviewed-by from Dmitry for v2, but cleared that when I
made changes to the patch later - I'll ask Dmitry for a fresh ack on
the v7 patch.
[...]
> > - die(desc, regs, error_code);
> > + flags = oops_begin();
> > + sig = SIGSEGV;
> > + __die_header(desc, regs, error_code);
> > + if (hint == GP_NON_CANONICAL)
> > + kasan_non_canonical_hook(gp_addr);
> > + if (__die_body(desc, regs, error_code))
> > + sig = 0;
> > + oops_end(flags, regs, sig);
>
> Instead of opencoding it like this, can we add a
>
> die_addr(desc, regs, error_code, gp_addr);
>
> to arch/x86/kernel/dumpstack.c and call it from here:
>
> if (hint != GP_NON_CANONICAL)
> gp_addr = 0;
>
> die_addr(desc, regs, error_code, gp_addr);
Okay, so I'll make __die_header() and __die_body() static, introduce
and hook up die_addr() in patch 3/4, and then in patch 4/4 insert the
call to the KASAN hook.
> This way you won't need to pass down to die_addr() the hint too - you
> code into gp_addr whether it was non-canonical or not.
>
> The
>
> + if (addr < KASAN_SHADOW_OFFSET)
> + return;
>
> check in kasan_non_canonical_hook() would then catch it when addr == 0.
I'll add an explicit check for nonzero address before calling
kasan_non_canonical_hook() so that the semantics are a bit more
cleanly split.
Powered by blists - more mailing lists