lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 24 Nov 2020 18:22:06 +0000
From:   "Bae, Chang Seok" <chang.seok.bae@...el.com>
To:     Jann Horn <jannh@...gle.com>
CC:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...e.de>,
        Andy Lutomirski <luto@...nel.org>,
        "the arch/x86 maintainers" <x86@...nel.org>,
        "Brown, Len" <len.brown@...el.com>,
        "Hansen, Dave" <dave.hansen@...el.com>,
        "H.J. Lu" <hjl.tools@...il.com>,
        "Dave Martin" <Dave.Martin@....com>,
        Michael Ellerman <mpe@...erman.id.au>,
        "Luck, Tony" <tony.luck@...el.com>,
        "Shankar, Ravi V" <ravi.v.shankar@...el.com>,
        "libc-alpha@...rceware.org" <libc-alpha@...rceware.org>,
        linux-arch <linux-arch@...r.kernel.org>,
        Linux API <linux-api@...r.kernel.org>,
        "kernel list" <linux-kernel@...r.kernel.org>,
        Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>,
        Roland McGrath <roland@...hat.com>
Subject: Re: [PATCH v2 3/4] x86/signal: Prevent an alternate stack overflow
 before a signal delivery


> On Nov 20, 2020, at 15:04, Jann Horn <jannh@...gle.com> wrote:
> 
> On Thu, Nov 19, 2020 at 8:40 PM Chang S. Bae <chang.seok.bae@...el.com> wrote:
>> 
>> diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
>> index ee6f1ceaa7a2..cee41d684dc2 100644
>> --- a/arch/x86/kernel/signal.c
>> +++ b/arch/x86/kernel/signal.c
>> @@ -251,8 +251,13 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size,
>> 
>>        /* This is the X/Open sanctioned signal stack switching.  */
>>        if (ka->sa.sa_flags & SA_ONSTACK) {
>> -               if (sas_ss_flags(sp) == 0)
>> +               if (sas_ss_flags(sp) == 0) {
>> +                       /* If the altstack might overflow, die with SIGSEGV: */
>> +                       if (!altstack_size_ok(current))
>> +                               return (void __user *)-1L;
>> +
>>                        sp = current->sas_ss_sp + current->sas_ss_size;
>> +               }
> 
> A couple lines further down, we have this (since commit 14fc9fbc700d):
> 
>        /*
>         * If we are on the alternate signal stack and would overflow it, don't.
>         * Return an always-bogus address instead so we will die with SIGSEGV.
>         */
>        if (onsigstack && !likely(on_sig_stack(sp)))
>                return (void __user *)-1L;
> 
> Is that not working?

onsigstack is set at the beginning here. If a signal hits under normal stack,
this flag is not set. Then it will miss the overflow.

The added check allows to detect the sigaltstack overflow (always).

Thanks,
Chang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ