lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <F236981F-F8B5-4994-9550-730676DDE074@zytor.com>
Date:   Tue, 18 May 2021 08:04:28 -0700
From:   "H. Peter Anvin" <hpa@...or.com>
To:     Ingo Molnar <mingo@...nel.org>
CC:     Ingo Molnar <mingo@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andy Lutomirski <luto@...nel.org>,
        Borislav Petkov <bp@...en8.de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 2/4] x86/syscall: update and extend selftest syscall_numbering_64

Well, I finished the ptracer addition to the test. It was *interesting*: it turns out that ptracing system calls, *even without modifying the state in any way*, just being a passive observer, a sign-extends the system call numbers *on current kernels*.

This means that on current kernels passively tracing a process changes the syscall behavior. I think we can all agree that that is not acceptable.

I will do a couple of cleanups and add this to a v4 patchset.

On May 16, 2021 12:52:06 AM PDT, Ingo Molnar <mingo@...nel.org> wrote:
>
>* H. Peter Anvin <hpa@...or.com> wrote:
>
>> From: "H. Peter Anvin (Intel)" <hpa@...or.com>
>> 
>> Update the syscall_numbering_64 selftest to reflect that a system
>call
>> is to be extended from 32 bits. Add a mix of tests for valid and
>> invalid system calls in 64-bit and x32 space.
>> 
>> Use an explicit system call instruction, because we cannot know if
>the
>> glibc syscall() wrapper intercepts instructions, extends the system
>> call number independently, or anything similar.
>> 
>> Use long long instead of long to make it possible to compile this
>test
>> on x32 as well as 64 bits.
>> 
>> Signed-off-by: H. Peter Anvin (Intel) <hpa@...or.com>
>> ---
>>  .../testing/selftests/x86/syscall_numbering.c | 274
>++++++++++++++----
>>  1 file changed, 222 insertions(+), 52 deletions(-)
>
>Small request: I'd suggest moving this to the first place - so that we
>can 
>easily test before/after effects of (current) patch #1/4.
>
>Thanks,
>
>	Ingo

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ