lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAN_oZf3HkO5+f5OJibGpsnnu1Khnx5mxdSimL9bDBbs+33ka0A@mail.gmail.com>
Date:   Tue, 29 Sep 2020 13:22:48 -0400
From:   Anthony Steinhauser <asteinhauser@...gle.com>
To:     Will Deacon <will@...nel.org>
Cc:     LKML <linux-kernel@...r.kernel.org>, catalin.marinas@....com,
        maz@...nel.org
Subject: Re: [PATCH v2] PR_SPEC_DISABLE_NOEXEC support for arm64.

Thanks a lot Will,

Everything looks good to me now.
On Tue, Sep 29, 2020 at 4:10 AM Will Deacon <will@...nel.org> wrote:
>
> Hi Anthony,
>
...
>
> I'll fold in the diff below, which I think solves the problem above; it's
> closer to what you had originally, just refactored a bit and with the
> execve()/fork() issue fixed.
>
> Will
>
> --->8
>
> diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c
> index 59f2ceb7a0e5..68b710f1b43f 100644
> --- a/arch/arm64/kernel/proton-pack.c
> +++ b/arch/arm64/kernel/proton-pack.c
> @@ -660,6 +660,20 @@ void spectre_v4_enable_task_mitigation(struct task_struct *tsk)
>   * prctl() may be necessary even when PSTATE.SSBS can be toggled directly
>   * from userspace.
>   */
> +static void ssbd_prctl_enable_mitigation(struct task_struct *task)
> +{
> +       task_clear_spec_ssb_noexec(task);
> +       task_set_spec_ssb_disable(task);
> +       set_tsk_thread_flag(task, TIF_SSBD);
> +}
> +
> +static void ssbd_prctl_disable_mitigation(struct task_struct *task)
> +{
> +       task_clear_spec_ssb_noexec(task);
> +       task_clear_spec_ssb_disable(task);
> +       clear_tsk_thread_flag(task, TIF_SSBD);
> +}
> +
>  static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
>  {
>         switch (ctrl) {
> @@ -679,8 +693,7 @@ static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
>                 if (spectre_v4_mitigations_on())
>                         return -EPERM;
>
> -               task_clear_spec_ssb_disable(task);
> -               clear_tsk_thread_flag(task, TIF_SSBD);
> +               ssbd_prctl_disable_mitigation(task);
>                 break;
>         case PR_SPEC_FORCE_DISABLE:
>                 /* Force disable speculation: force enable mitigation */
> @@ -693,28 +706,33 @@ static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
>
>                 task_set_spec_ssb_force_disable(task);
>                 fallthrough;
> -       case PR_SPEC_DISABLE_NOEXEC:
> -               /* Disable speculation until execve(): enable mitigation */
> -               fallthrough;
>         case PR_SPEC_DISABLE:
>                 /* Disable speculation: enable mitigation */
>                 /* Same as PR_SPEC_FORCE_DISABLE */
>                 if (spectre_v4_mitigations_off())
>                         return -EPERM;
>
> -               task_set_spec_ssb_disable(task);
> -               set_tsk_thread_flag(task, TIF_SSBD);
> +               ssbd_prctl_enable_mitigation(task);
> +               break;
> +       case PR_SPEC_DISABLE_NOEXEC:
> +               /* Disable speculation until execve(): enable mitigation */
> +               /*
> +                * If the mitigation state is forced one way or the other, then
> +                * we must fail now before we try to toggle it on execve().
> +                */
> +               if (task_spec_ssb_force_disable(task) ||
> +                   spectre_v4_mitigations_off() ||
> +                   spectre_v4_mitigations_on()) {
> +                       return -EPERM;
> +               }
> +
> +               ssbd_prctl_enable_mitigation(task);
> +               task_set_spec_ssb_noexec(task);
>                 break;
>         default:
>                 return -ERANGE;
>         }
>
> -       /* Handle the 'noexec' flag separately to save bloating up the switch */
> -       if (ctrl == PR_SPEC_DISABLE_NOEXEC)
> -               task_set_spec_ssb_noexec(task);
> -       else
> -               task_clear_spec_ssb_noexec(task);
> -
>         spectre_v4_enable_task_mitigation(task);
>         return 0;
>  }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ