| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1116876795.2062.1643223596536.JavaMail.zimbra@efficios.com>
Date: Wed, 26 Jan 2022 13:59:56 -0500 (EST)
From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To: David Laight <David.Laight@...LAB.COM>
Cc: Christian Brauner <brauner@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
linux-kernel <linux-kernel@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
paulmck <paulmck@...nel.org>, Boqun Feng <boqun.feng@...il.com>,
"H. Peter Anvin" <hpa@...or.com>, Paul Turner <pjt@...gle.com>,
linux-api <linux-api@...r.kernel.org>, shuah <shuah@...nel.org>,
linux-kselftest <linux-kselftest@...r.kernel.org>,
Florian Weimer <fw@...eb.enyo.de>,
Andy Lutomirski <luto@...capital.net>,
Dave Watson <davejwatson@...com>,
Andrew Morton <akpm@...ux-foundation.org>,
Russell King <linux@....linux.org.uk>,
Andi Kleen <andi@...stfloor.org>,
Christian Brauner <christian.brauner@...ntu.com>,
Ben Maurer <bmaurer@...com>, rostedt <rostedt@...dmis.org>,
Josh Triplett <josh@...htriplett.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Michael Kerrisk <mtk.manpages@...il.com>,
Joel Fernandes <joelaf@...gle.com>
Subject: Re: [RFC PATCH 02/15] rseq: Remove broken uapi field layout on
32-bit little endian
----- On Jan 26, 2022, at 12:16 PM, David Laight David.Laight@...LAB.COM wrote:
> From: Mathieu Desnoyers
>> Sent: 25 January 2022 19:01
>>
>> ----- On Jan 25, 2022, at 9:41 AM, Mathieu Desnoyers
>> mathieu.desnoyers@...icios.com wrote:
>>
>> > ----- On Jan 25, 2022, at 7:21 AM, Christian Brauner brauner@...nel.org wrote:
>> [...]
>> >>> include/uapi/linux/rseq.h | 17 ++++-------------
>> [...]
>> >>> union {
>> >>
>> >> A bit unfortunate we seem to have to keep the union around even though
>> >> it's just one field now.
>> >
>> > Well, as far as the user-space projects that I know of which use rseq
>> > are concerned (glibc, librseq, tcmalloc), those end up with their own
>> > copy of the uapi header anyway to deal with the big/little endian field
>> > on 32-bit. So I'm very much open to remove the union if we accept that
>> > this uapi header is really just meant to express the ABI and is not
>> > expected to be used as an API by user-space.
>> >
>> > That would mean we also bring a uapi header copy into the kernel
>> > rseq selftests as well to minimize the gap between librseq and
>> > the kernel sefltests (the kernel sefltests pretty much include a
>> > copy of librseq for convenience. librseq is maintained out of tree).
>> >
>> > Thoughts ?
>>
>> Actually, if we go ahead and remove the union, and replace:
>>
>> struct rseq {
>> union {
>> __u64 ptr64;
>> } rseq_cs;
>> [...]
>> } v;
>>
>> by:
>>
>> struct rseq {
>> __u64 rseq_cs;
>> } v;
>>
>> expressions such as these are unchanged:
>>
>> - sizeof(v.rseq_cs),
>> - &v.rseq_cs,
>> - __alignof__(v.rseq_cs),
>> - offsetof(struct rseq, rseq_cs).
>>
>> So users of the uapi rseq.h (as an API) can still use rseq_abi->rseq_cs before
>> and after the change.
>
> But:
> v.rseq_cs.ptr_64 = (uintptr_t)&foo;
> is broken.
True. But v.rseq_cs.ptr (on 64-bit) and v.rseq_cs.ptr.ptr32 (on 32-bit) are also
broken with the planned field removal. So how is the v.rseq_cs_ptr64 situation
different ?
My thinking here is that it does not matter if we break compilation for some
users of the uapi as an API as long as the ABI stays the same, especially
considering that all known users implement their own copy of the header.
I suspect that as far as the API is concerned, it is nice that we have at least
one way to access the field which works both before and after the change.
Simply using "v.rseq_cs" works both before/after for all use-cases that seem
to matter here.
>
>> Based on this, I am inclined to remove the union, and just make the rseq_cs
>> field
>> a __u64.
>
> It really is a shame that you can't do:
> void *rseq_cs __attribute__((size(8)));
> and have the compiler just DTRT on 32bit systems.
Indeed, the "size" directive appears to be ignored by the compiler.
Thanks,
Mathieu
>
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT,
> UK
> Registration No: 1397386 (Wales)
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
Powered by blists - more mailing lists