lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 2 Feb 2021 12:32:56 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Andy Lutomirski <luto@...nel.org>
Cc:     x86@...nel.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] x86/ptrace: Clean up PTRACE_GETREGS/PTRACE_PUTREGS
 regset selection

On Thu, Jan 28, 2021 at 05:41:21PM -0800, Andy Lutomirski wrote:
> task_user_regset_view() is fundamentally broken, but it's ABI for
> PTRACE_GETREGSET and PTRACE_SETREGSET.
> 
> We shouldn't be using it for PTRACE_GETREGS or PTRACE_SETREGS,

No "We" etc pls.

> though.  A native 64-bit ptrace() call and an x32 ptrace() call
> should use the 64-bit regset views, and a 32-bit ptrace() call
> (native or compat) should use the 32-bit regset.
> task_user_regset_view() almost does this except that it will
> malfunction if a ptracer is itself ptraced and the outer ptracer
> modifies CS on entry to a ptrace() syscall.

Is that the reason why task_user_regset_view() is fundamentally broken?
It is somewhat unclear what exactly is broken.

> Hopefully that has
> never happened.  (The compat ptrace() code already hardcoded the
> 32-bit regset, so this patch has no effect on that path.)
> 
> Fix it and deobfuscate the code by hardcoding the 64-bit view in the
> x32 ptrace() and selecting the view based on the kernel config in
> the native ptrace().
> 
> Signed-off-by: Andy Lutomirski <luto@...nel.org>
> ---
> 
> Every time I look at ptrace, it grosses me out.  This makes it slightly
> more comprehensible.
> 
>  arch/x86/kernel/ptrace.c | 37 +++++++++++++++++++++++++++++--------
>  1 file changed, 29 insertions(+), 8 deletions(-)

Well, did you run the gdb testsuite on this and a bunch of other tests
we have?

I don't want us to break gdb or something else using ptrace() in some
sublte manner and then waste a bunch of time and energy chasing it, like
the DR6 thing earlier this week.

> +/*
> + * This is used by PTRACE_GETREGSET and PTRACE_SETREGSET to decide which
> + * regset format to use based on the register state of the tracee.
> + * This makes no sense whatsoever, but there appears to be existing user
> + * code that relies on it.

... because? It should use the native regset with which the kernel is
built? Please explain yourself Lutomirski!

:-)))

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ