lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 2 Sep 2020 12:43:48 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     Christoph Hellwig <hch@....de>
Cc:     Josh Poimboeuf <jpoimboe@...hat.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Will Deacon <will@...nel.org>,
        Dan Williams <dan.j.williams@...el.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Waiman Long <longman@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Cooper <andrew.cooper3@...rix.com>,
        Andy Lutomirski <luto@...nel.org>
Subject: Re: [PATCH] x86/uaccess: Use pointer masking to limit uaccess
 speculation

On Tue, Sep 01, 2020 at 05:46:29PM +0200, Christoph Hellwig wrote:
> On Tue, Sep 01, 2020 at 05:05:53PM +0200, Christoph Hellwig wrote:
> > > Is there anything in particular that's tricky, or do you just want
> > > someone to look generally? From a quick grep arch/arm64/* looks clean, but
> > > I suspect that's misleading.
> > 
> > Yes, it should be mostly trivial.  I just bet the maintainers are
> > better at optimizing the low-level assembly code with the variable
> > address limit gone than I am.  (See Linus comments on the x86 version
> > for example).  And I don't have a physical arm64 to test with so I'd
> > have to rely on qemu for any testing.

Makes sense.

I'll take a look if Will doesn't beat me to it, and I'm happy to test
the result regardless.

> So I looked at the arm64 code and I don't think it is entirely trivial,
> due to the orig_addr_limit saving in the syscall entry path, and due
> to all the UAO stuff.  On the plus side it looks to me like
> CONFIG_ARM64_UAO and all the code relate to it can go away entirely
> if set_fs() is gone.

I *think* removing that should be largely mechanical for someone
for someone familiar with it, and it'd be nice to see it go.

> So if I can trick you guys into submiting a patch on top of:
> 
>    http://git.infradead.org/users/hch/misc.git/shortlog/refs/heads/set_fs-removal
> 
> that would make my life a lot simpler.

I'll see what I can do.

At first glance it looks like we might need to flesh out or refactor the
arm64 kernel maccess routines first (since we want the user maccess
routines to use LDTR/STTR instructions that can't access kernel memory),
but after that I think the rest is largely mechanical.

Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ