| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Jul 2020 17:20:02 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Gabriel Krisman Bertazi <krisman@...labora.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>, kernel@...labora.com,
Matthew Wilcox <willy@...radead.org>,
Andrew Lutomirski <luto@...nel.org>,
Paul Gofman <gofmanp@...il.com>,
Kees Cook <keescook@...omium.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>, Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH v4 1/2] kernel: Implement selective syscall userspace redirection
On Thu, Jul 16, 2020 at 12:31 PM Gabriel Krisman Bertazi
<krisman@...labora.com> wrote:
>
This is quite nice. I have a few comments, though:
You mentioned rt_sigreturn(). Should this automatically exempt the
kernel-provided signal restorer on architectures (e.g. x86_32) that
provide one?
The amount of syscall entry wiring that arches need to do is IMO
already a bit out of hand. Should we instead rename TIF_SECCOMP to
TIF_SYSCALL_INTERCEPTION and have one generic callback that handles
seccomp and this new thing?
> +int do_syscall_user_dispatch(struct pt_regs *regs)
> +{
> + struct syscall_user_dispatch *sd = ¤t->syscall_dispatch;
> + unsigned long ip = instruction_pointer(regs);
> + char state;
> +
> + if (likely(ip >= sd->dispatcher_start && ip <= sd->dispatcher_end))
> + return 0;
> +
> + if (likely(sd->selector)) {
> + if (unlikely(__get_user(state, sd->selector)))
> + do_exit(SIGSEGV);
> +
> + if (likely(state == 0))
> + return 0;
> +
> + if (state != 1)
> + do_exit(SIGSEGV);
This seems a bit extreme and hard to debug if it ever happens.
Powered by blists - more mailing lists