| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Dec 2019 15:33:18 -0500
From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: linux-kernel@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>,
"Paul E . McKenney" <paulmck@...ux.ibm.com>,
Boqun Feng <boqun.feng@...il.com>,
"H . Peter Anvin" <hpa@...or.com>, Paul Turner <pjt@...gle.com>,
linux-api@...r.kernel.org, stable@...r.kernel.org,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Shuah Khan <skhan@...uxfoundation.org>,
Florian Weimer <fw@...eb.enyo.de>,
Dmitry Vyukov <dvyukov@...gle.com>
Subject: [PATCH for 5.5 2/2 v2] rseq/selftests: Clarify rseq_prepare_unload() helper requirements
The rseq.h UAPI now documents that the rseq_cs field must be cleared
before reclaiming memory that contains the targeted struct rseq_cs, but
also that the rseq_cs field must be cleared before reclaiming memory of
the code pointed to by the rseq_cs start_ip and post_commit_offset
fields.
While we can expect that use of dlclose(3) will typically unmap
both struct rseq_cs and its associated code at once, nothing would
theoretically prevent a JIT from reclaiming the code without
reclaiming the struct rseq_cs, which would erroneously allow the
kernel to consider new code which is not a rseq critical section
as a rseq critical section following a code reclaim.
Suggested-by: Florian Weimer <fw@...eb.enyo.de>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
Cc: Shuah Khan <skhan@...uxfoundation.org>
Cc: Florian Weimer <fw@...eb.enyo.de>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Peter Zijlstra (Intel) <peterz@...radead.org>
Cc: "Paul E. McKenney" <paulmck@...ux.ibm.com>
Cc: Boqun Feng <boqun.feng@...il.com>
Cc: "H . Peter Anvin" <hpa@...or.com>
Cc: Paul Turner <pjt@...gle.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
---
tools/testing/selftests/rseq/rseq.h | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/rseq/rseq.h b/tools/testing/selftests/rseq/rseq.h
index d40d60e7499e..3f63eb362b92 100644
--- a/tools/testing/selftests/rseq/rseq.h
+++ b/tools/testing/selftests/rseq/rseq.h
@@ -149,11 +149,13 @@ static inline void rseq_clear_rseq_cs(void)
/*
* rseq_prepare_unload() should be invoked by each thread executing a rseq
* critical section at least once between their last critical section and
- * library unload of the library defining the rseq critical section
- * (struct rseq_cs). This also applies to use of rseq in code generated by
- * JIT: rseq_prepare_unload() should be invoked at least once by each
- * thread executing a rseq critical section before reclaim of the memory
- * holding the struct rseq_cs.
+ * library unload of the library defining the rseq critical section (struct
+ * rseq_cs) or the code referred to by the struct rseq_cs start_ip and
+ * post_commit_offset fields. This also applies to use of rseq in code
+ * generated by JIT: rseq_prepare_unload() should be invoked at least once by
+ * each thread executing a rseq critical section before reclaim of the memory
+ * holding the struct rseq_cs or reclaim of the code pointed to by struct
+ * rseq_cs start_ip and post_commit_offset fields.
*/
static inline void rseq_prepare_unload(void)
{
--
2.17.1
Powered by blists - more mailing lists