| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Feb 2022 08:56:49 +0100
From: David Engraf <david.engraf@...go.com>
To: Mark Brown <broonie@...nel.org>
Cc: suzuki.poulose@....com, catalin.marinas@....com, will@...nel.org,
mark.rutland@....com, elver@...gle.com, ebiederm@...ssion.com,
seanjc@...gle.com, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64: signal: nofpsimd: Do not allocate fp/simd context
when not available
On 25.02.22 18:57, Mark Brown wrote:
> On Fri, Feb 25, 2022 at 11:40:08AM +0100, David Engraf wrote:
>> Commit 6d502b6ba1b2 ("arm64: signal: nofpsimd: Handle fp/simd context for
>> signal frames") introduced saving the fp/simd context for signal handling
>> only when support is available. But setup_sigframe_layout() always
>> reserves memory for fp/simd context. The additional memory is not touched
>> because preserve_fpsimd_context() is not called and thus the magic is
>> invalid.
>>
>> This may lead to an error when parse_user_sigframe() checks the fp/simd
>> area and does not find a valid magic number.
>
> How did you spot this - do you have a system that can reproduce this?
> It'd be good to have coverage if there's testing but there's no easily
> obtainable userspace that I'm aware of.
I'm using a hypervisor which reports no fp/simd support. The user space
was a busybox with init and shell. The shell gets a SIGSEGV because
parse_user_sigframe() returns -EINVAL (bad magic).
user->sigframe in get_sigframe() uses the user stack pointer and the
area was not zeroed. Thus the magic at fpsimd_offset is invalid.
Best regards
- David
Powered by blists - more mailing lists