| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yh0+9cFyAfnsXqxI@kernel.org>
Date: Mon, 28 Feb 2022 23:30:29 +0200
From: Mike Rapoport <rppt@...nel.org>
To: Andy Lutomirski <luto@...nel.org>
Cc: Rick P Edgecombe <rick.p.edgecombe@...el.com>,
Cyrill Gorcunov <gorcunov@...il.com>,
Balbir Singh <bsingharora@...il.com>,
"H. Peter Anvin" <hpa@...or.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
Kees Cook <keescook@...omium.org>,
Dmitry Safonov <0x7f454c46@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
"Eranian, Stephane" <eranian@...gle.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
Adrian Reber <adrian@...as.de>,
Florian Weimer <fweimer@...hat.com>,
Nadav Amit <nadav.amit@...il.com>,
Jann Horn <jannh@...gle.com>, Andrei Vagin <avagin@...il.com>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>,
"kcc@...gle.com" <kcc@...gle.com>, Borislav Petkov <bp@...en8.de>,
Oleg Nesterov <oleg@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Pavel Machek <pavel@....cz>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
Arnd Bergmann <arnd@...db.de>,
"Moreira, Joao" <joao.moreira@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Mike Kravetz <mike.kravetz@...cle.com>,
the arch/x86 maintainers <x86@...nel.org>,
Weijiang Yang <weijiang.yang@...el.com>,
Dave Martin <Dave.Martin@....com>,
"john.allen@....com" <john.allen@....com>,
Ingo Molnar <mingo@...hat.com>,
Dave Hansen <dave.hansen@...el.com>,
Jonathan Corbet <corbet@....net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
"Shankar, Ravi V" <ravi.v.shankar@...el.com>
Subject: Re: [PATCH 00/35] Shadow stacks for userspace
On Mon, Feb 28, 2022 at 12:30:41PM -0800, Andy Lutomirski wrote:
>
>
> On Mon, Feb 28, 2022, at 12:27 PM, Mike Rapoport wrote:
> > On Wed, Feb 09, 2022 at 06:37:53PM -0800, Andy Lutomirski wrote:
> >> On 2/8/22 18:18, Edgecombe, Rick P wrote:
> >> > On Tue, 2022-02-08 at 20:02 +0300, Cyrill Gorcunov wrote:
> >> >
> >
> > Even with the current shadow stack interface Rick proposed, CRIU can restore
> > the victim using ptrace without any additional knobs, but we loose an
> > important ability to "self-cure" the victim from the parasite in case
> > anything goes wrong with criu control process.
> >
> > Moreover, the issue with backward compatibility is not with ptrace but with
> > sigreturn and it seems that criu is not its only user.
>
> So we need an ability for a tracer to cause the tracee to call a function
> and to return successfully. Apparently a gdb branch can already do this
> with shstk, and my PTRACE_CALL_FUNCTION_SIGFRAME should also do the
> trick. I don't see why we need a sigretur-but-dont-verify -- we just
> need this mechanism to create a frame such that sigreturn actually works.
If I understand correctly, PTRACE_CALL_FUNCTION_SIGFRAME() injects a frame
into the tracee and makes the tracee call sigreturn.
I.e. the tracee is stopped and this is used pretty much as PTRACE_CONT or
PTRACE_SYSCALL.
In such case this defeats the purpose of sigreturn in CRIU because it is
called asynchronously by the tracee when the tracer is about to detach or
even already detached.
For synchronous use-case PTRACE_SETREGSET will be enough, the rest of the
sigframe can be restored by other means.
And with 'criu restore' there may be even no tracer by the time sigreturn
is called.
> --Andy
--
Sincerely yours,
Mike.
Powered by blists - more mailing lists