| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jan 2021 09:35:23 -0800
From: Andy Lutomirski <luto@...nel.org>
To: David Laight <David.Laight@...lab.com>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>,
Al Viro <viro@...iv.linux.org.uk>,
Christoph Hellwig <hch@....de>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
X86 ML <x86@...nel.org>
Subject: Re: in_compat_syscall() on x86
On Tue, Jan 5, 2021 at 1:53 AM David Laight <David.Laight@...lab.com> wrote:
>
> From: Andy Lutomirski
> > Sent: 04 January 2021 23:04
> ...
> > >> The x32 system calls have their own system call table and it would be
> > >> trivial to set a flag like TS_COMPAT when looking up a system call from
> > >> that table. I expect such a change would be purely in the noise.
> > >
> > > Certainly a write of 0/1/2 into a dirtied cache line of 'current'
> > > could easily cost absolutely nothing.
> > > Especially if current has already been read.
> > >
> > > I also wondered about resetting it to zero when an x32 system call
> > > exits (rather than entry to a 64bit one).
> > >
> > > For ia32 the flag is set (with |=) on every syscall entry.
> > > Even though I'm pretty sure it can only change during exec.
> >
> > It can change for every syscall. I have tests that do this.
>
> Do they still work?
They seem to.
> I don't think the ia32 flag is cleared anywhere.
It's hiding in arch_exit_to_user_mode_prepare().
--Andy
Powered by blists - more mailing lists