| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201021232613.e40c1daef4b567e0e29044a4@kernel.org>
Date: Wed, 21 Oct 2020 23:26:13 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Borislav Petkov <bp@...en8.de>
Cc: x86-ml <x86@...nel.org>, Joerg Roedel <jroedel@...e.de>,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: [RFC] Have insn decoder functions return success/failure
On Wed, 21 Oct 2020 11:27:50 +0200
Borislav Petkov <bp@...en8.de> wrote:
> On Wed, Oct 21, 2020 at 09:50:13AM +0900, Masami Hiramatsu wrote:
> > Agreed. So I'm OK for returning the result of "decoding".
> > But we also need to note that the returning success doesn't
> > mean the instruction is valid. That needs another validator.
> >
> ...
>
> >
> > Yes, so let's add the return value (with a note, so that someone
> > does not try to use it for validation).
>
> Ok, I'm unclear on that "validation" you talk about. What exactly do
> you mean? Can you give an example of how one would determine whether an
> instruction is valid? And valid how?
Hmm, I meant someone might think it can be used for filtering the
instruction something like,
insn_init(insn, buf, buflen, 1);
ret = insn_get_length(insn);
if (!ret) {
/* OK, this is safe */
patch_text(buf, trampoline);
}
No, we need another validator for such usage.
Thank you,
>
> Thx.
>
> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists