| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c96c98ec-d72a-81a3-06e2-2040f3ece33a@intel.com>
Date: Mon, 21 Sep 2020 09:22:25 -0700
From: "Yu, Yu-cheng" <yu-cheng.yu@...el.com>
To: Andy Lutomirski <luto@...nel.org>
Cc: X86 ML <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
Linux-MM <linux-mm@...ck.org>,
linux-arch <linux-arch@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
Arnd Bergmann <arnd@...db.de>,
Balbir Singh <bsingharora@...il.com>,
Borislav Petkov <bp@...en8.de>,
Cyrill Gorcunov <gorcunov@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Florian Weimer <fweimer@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
Dave Martin <Dave.Martin@....com>,
Weijiang Yang <weijiang.yang@...el.com>
Subject: Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is
enabled
On 9/18/2020 5:11 PM, Andy Lutomirski wrote:
> On Fri, Sep 18, 2020 at 12:23 PM Yu-cheng Yu <yu-cheng.yu@...el.com> wrote:
>>
>> Emulation of the legacy vsyscall page is required by some programs
>> built before 2013. Newer programs after 2013 don't use it.
>> Disable vsyscall emulation when Control-flow Enforcement (CET) is
>> enabled to enhance security.
>>
>> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@...el.com>
>> ---
>> v12:
>> - Disable vsyscall emulation only when it is attempted (vs. at compile time).
>>
>> arch/x86/entry/vsyscall/vsyscall_64.c | 9 +++++++++
>> 1 file changed, 9 insertions(+)
>>
>> diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
>> index 44c33103a955..3196e963e365 100644
>> --- a/arch/x86/entry/vsyscall/vsyscall_64.c
>> +++ b/arch/x86/entry/vsyscall/vsyscall_64.c
>> @@ -150,6 +150,15 @@ bool emulate_vsyscall(unsigned long error_code,
>>
>> WARN_ON_ONCE(address != regs->ip);
>>
>> +#ifdef CONFIG_X86_INTEL_CET
>> + if (current->thread.cet.shstk_size ||
>> + current->thread.cet.ibt_enabled) {
>> + warn_bad_vsyscall(KERN_INFO, regs,
>> + "vsyscall attempted with cet enabled");
>> + return false;
>> + }
>
> Nope, try again. Having IBT on does *not* mean that every library in
> the process knows that we have indirect branch tracking. The legacy
> bitmap exists for a reason. Also, I want a way to flag programs as
> not using the vsyscall page, but that flag should not be called CET.
> And a process with vsyscalls off should not be able to read the
> vsyscall page, and /proc/self/maps should be correct.
>
> So you have some choices:
>
> 1. Drop this patch and make it work.
>
> 2. Add a real per-process vsyscall control. Either make it depend on
> vsyscall=xonly and wire it up correctly or actually make it work
> correctly with vsyscall=emulate.
>
> NAK to any hacks in this space. Do it right or don't do it at all.
>
We can drop this patch, and bring back the previous patch that fixes up
shadow stack and ibt. That makes vsyscall emulation work correctly, and
does not force the application to do anything different from what is
working now. I will post the previous patch as a reply to this thread
so that people can make comments on it.
Yu-cheng
Powered by blists - more mailing lists