| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 May 2021 20:53:18 +0000
From: "Bae, Chang Seok" <chang.seok.bae@...el.com>
To: David Laight <David.Laight@...LAB.COM>
CC: "bp@...e.de" <bp@...e.de>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...nel.org" <mingo@...nel.org>,
"luto@...nel.org" <luto@...nel.org>,
"x86@...nel.org" <x86@...nel.org>,
"Brown, Len" <len.brown@...el.com>,
"Hansen, Dave" <dave.hansen@...el.com>,
"hjl.tools@...il.com" <hjl.tools@...il.com>,
"Dave.Martin@....com" <Dave.Martin@....com>,
"jannh@...gle.com" <jannh@...gle.com>,
"mpe@...erman.id.au" <mpe@...erman.id.au>,
"carlos@...hat.com" <carlos@...hat.com>,
"Luck, Tony" <tony.luck@...el.com>,
"Shankar, Ravi V" <ravi.v.shankar@...el.com>,
"libc-alpha@...rceware.org" <libc-alpha@...rceware.org>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>,
"linux-api@...r.kernel.org" <linux-api@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v8 5/6] x86/signal: Detect and prevent an alternate signal
stack overflow
On Apr 22, 2021, at 15:04, David Laight <David.Laight@...LAB.COM> wrote:
> From: Bae, Chang Seok Sent: 22 April 2021 17:31
>>
>> On Apr 22, 2021, at 01:46, David Laight <David.Laight@...LAB.COM> wrote:
>>> From: Chang S. Bae Sent: 22 April 2021 05:49
>>>>
>>>>
>>>> diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h
>>>> index 3f6a0fcaa10c..ae60f838ebb9 100644
>>>> --- a/include/linux/sched/signal.h
>>>> +++ b/include/linux/sched/signal.h
>>>> @@ -537,6 +537,17 @@ static inline int kill_cad_pid(int sig, int priv)
>>>> #define SEND_SIG_NOINFO ((struct kernel_siginfo *) 0)
>>>> #define SEND_SIG_PRIV ((struct kernel_siginfo *) 1)
>>>>
>>>> +static inline int __on_sig_stack(unsigned long sp)
>>>> +{
>>>> +#ifdef CONFIG_STACK_GROWSUP
>>>> + return sp >= current->sas_ss_sp &&
>>>> + sp - current->sas_ss_sp < current->sas_ss_size;
>>>> +#else
>>>> + return sp > current->sas_ss_sp &&
>>>> + sp - current->sas_ss_sp <= current->sas_ss_size;
>>>> +#endif
>>>> +}
>>>> +
>>>
>>> Those don't look different enough.
>>
>> The difference is on the SS_AUTODISARM flag check. This refactoring was
>> suggested as on_sig_stack() brought confusion [3].
>
> I was just confused by the #ifdef.
> Whether %sp points to the last item or the next space is actually
> independent of the stack direction.
> A stack might usually use pre-decrement and post-increment but it
> doesn't have to.
> The stack pointer can't be right at one end of the alt-stack
> area (because that is the address you'd use when you switch to it),
> and if you are any where near the other end you are hosed.
> So a common test:
> return (unsigned long)(sp - current->sas_ss_sp) < current->sas_ss_size;
> will always work.
>
> It isn't as though the stack pointer should be anywhere else
> other than the 'real' thread stack.
Thanks for the suggestion. Yes, this hunk can be made better like that. But I
would make this change as pure refactoring. Perhaps, follow up after this
series.
Chang
Powered by blists - more mailing lists