| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jun 2020 21:16:53 +0800
From: "Wangshaobo (bobo)" <bobo.shaobowang@...wei.com>
To: Catalin Marinas <catalin.marinas@....com>
CC: <huawei.libin@...wei.com>, <cj.chengjian@...wei.com>,
<xiexiuqi@...wei.com>, <mark.rutland@....com>, <hch@...radead.org>,
<wcohen@...hat.com>, <linux-kernel@...r.kernel.org>,
<mtk.manpages@...il.com>, <wezhang@...hat.com>,
<gregkh@...uxfoundation.org>, Will Deacon <will@...nel.org>
Subject: Re: [RESEND PATCH] sys_personality: Add optional arch hook
arch_check_personality
在 2020/6/8 17:46, Catalin Marinas 写道:
> On Mon, Jun 08, 2020 at 10:49:25AM +0800, Wang ShaoBo wrote:
>> Currently arm64 personality syscall uses wrapper __arm64_sys_personality
>> to redirect to __arm64_sys_arm64_personality, it's easily confused,
>> Whereas using an normal hook arch_check_personality() can reject
>> additional settings like this for special case of different architectures.
>>
>> This makes code clean and easier for subsequent modification.
> Do you plan to add more stuff here? Curious what triggered this patch.
>
>> diff --git a/arch/arm64/kernel/sys.c b/arch/arm64/kernel/sys.c
>> index d5ffaaab31a7..5c01816d7a77 100644
>> --- a/arch/arm64/kernel/sys.c
>> +++ b/arch/arm64/kernel/sys.c
>> @@ -28,12 +28,13 @@ SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
>> return ksys_mmap_pgoff(addr, len, prot, flags, fd, off >> PAGE_SHIFT);
>> }
>>
>> -SYSCALL_DEFINE1(arm64_personality, unsigned int, personality)
>> +int arch_check_personality(unsigned int personality)
>> {
>> if (personality(personality) == PER_LINUX32 &&
>> !system_supports_32bit_el0())
>> return -EINVAL;
>> - return ksys_personality(personality);
>> +
>> + return 0;
>> }
> We use the ksys_* pattern in other places as well, so this wouldn't be
> something new.
>
>> diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
>> index 1815065d52f3..3dbbad498027 100644
>> --- a/include/linux/syscalls.h
>> +++ b/include/linux/syscalls.h
>> @@ -1393,16 +1393,6 @@ static inline long ksys_truncate(const char __user *pathname, loff_t length)
>> return do_sys_truncate(pathname, length);
>> }
>>
>> -static inline unsigned int ksys_personality(unsigned int personality)
>> -{
>> - unsigned int old = current->personality;
>> -
>> - if (personality != 0xffffffff)
>> - set_personality(personality);
>> -
>> - return old;
>> -}
>> -
>> /* for __ARCH_WANT_SYS_IPC */
>> long ksys_semtimedop(int semid, struct sembuf __user *tsops,
>> unsigned int nsops,
>> diff --git a/kernel/exec_domain.c b/kernel/exec_domain.c
>> index 33f07c5f2515..f3682f4bf205 100644
>> --- a/kernel/exec_domain.c
>> +++ b/kernel/exec_domain.c
>> @@ -35,9 +35,21 @@ static int __init proc_execdomains_init(void)
>> module_init(proc_execdomains_init);
>> #endif
>>
>> +int __weak arch_check_personality(unsigned int personality)
>> +{
>> + return 0;
>> +}
>> +
>> SYSCALL_DEFINE1(personality, unsigned int, personality)
>> {
>> - unsigned int old = current->personality;
>> + int err;
>> + unsigned int old;
>> +
>> + err = arch_check_personality(personality);
>> + if (err)
>> + return err;
>> +
>> + old = current->personality;
> I'm surprised that the generic sys_personality() doesn't call
> ksys_personality() directly but rather duplicates the code.
>
> Anyway, without knowing what else you plan to do with
> arch_check_personality(), I don't think it's worth changing. Calling
> ksys_personality() directly from sys_personality() would be a good
> clean-up though.
Hi catalin,
I have sent a version just calling ksys_personality() directly from
sys_personality() before:
https://lore.kernel.org/patchwork/patch/1158872/
thanks,
Wang ShaoBo
>
Powered by blists - more mailing lists