| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Sep 2021 12:39:27 +0800
From: Jiashuo Liang <liangjs@....edu.cn>
To: dave.hansen@...el.com, bp@...en8.de, dave.hansen@...ux.intel.com,
hpa@...or.com, linux-kernel@...r.kernel.org, luto@...nel.org,
mingo@...hat.com, peterz@...radead.org, tglx@...utronix.de,
x86@...nel.org
Cc: liangjs@....edu.cn
Subject: Re: [PATCH v2] x86/fault: Fix wrong signal when vsyscall fails with
pkey
On Mon, 2021-08-23 at 07:55 -0700, Dave Hansen wrote:
> On 7/29/21 8:01 PM, Jiashuo Liang wrote:
>> The function __bad_area_nosemaphore() calls kernelmode_fixup_or_oops() with
>> parameter "signal" being "pkey", which will send a signal numbered "pkey".
>>
>> This bug appears when the kernel fail to access user-given memory pages
>> that are protected by pkey, so it can go through the do_user_addr_fault()
>> path and pass the !user_mode() check in __bad_area_nosemaphore(). Most
>> cases will simply run the kernel fixup code to make an -EFAULT. But when
>> another condition current->thread.sig_on_uaccess_err is met, which is
>> only used to emulate vsyscall, we will generate the wrong signal.
>>
>> A new parameter "pkey" is added to kernelmode_fixup_or_oops() to fix it.
>>
>> Fixes: 5042d40a264c ("x86/fault: Bypass no_context() for implicit kernel faults from usermode")
>> Signed-off-by: Jiashuo Liang <liangjs@....edu.cn>
>
> This is pretty obscure, only affecting vsyscall emulation, but:
>
> Acked-by: Dave Hansen <dave.hansen@...ux.intel.com>
Ping... Is there anyone reviewing/committing this patch?
Thanks!
Powered by blists - more mailing lists