lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Oct 2022 17:16:36 -0400
From:   Ali Raza <aliraza@...edu>
To:     Andy Lutomirski <luto@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Cc:     Jonathan Corbet <corbet@....net>, masahiroy@...nel.org,
        michal.lkml@...kovi.net,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Kees Cook <keescook@...omium.org>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Arnd Bergmann <arnd@...db.de>, juri.lelli@...hat.com,
        vincent.guittot@...aro.org, dietmar.eggemann@....com,
        Steven Rostedt <rostedt@...dmis.org>,
        Ben Segall <bsegall@...gle.com>, mgorman@...e.de,
        bristot@...hat.com, vschneid@...hat.com,
        Paolo Bonzini <pbonzini@...hat.com>, jpoimboe@...nel.org,
        linux-doc@...r.kernel.org, linux-kbuild@...r.kernel.org,
        linux-mm@...ck.org, linux-fsdevel@...r.kernel.org,
        linux-arch@...r.kernel.org,
        the arch/x86 maintainers <x86@...nel.org>, rjones@...hat.com,
        munsoner@...edu, tommyu@...edu, drepper@...hat.com,
        lwoodman@...hat.com, mboydmcse@...il.com, okrieg@...edu,
        rmancuso@...edu
Subject: Re: [RFC UKL 05/10] x86/uaccess: Make access_ok UKL aware

On 10/4/22 13:36, Andy Lutomirski wrote:
> 
> 
> On Mon, Oct 3, 2022, at 3:21 PM, Ali Raza wrote:
>> When configured for UKL, access_ok needs to account for the unified address
>> space that is used by the kernel and the process being run. To do this,
>> they need to check the task struct field added earlier to determine where
>> the execution that is making the check is running. For a zero value, the
>> normal boundary definitions apply, but non-zero value indicates a UKL
>> thread and a shared address space should be assumed.
> 
> I think this is just wrong.  Why should a UKL process be able to read() to kernel (high-half) memory?
> 
> set_fs() is gone.  Please keep it gone.

UKL needs access to kernel memory because the UKL application is linked
with the kernel, so its data lives along with kernel data in the kernel
half of memory. So any thing which involves a check to see if user
pointer indeed lives in user part of memory would fail. For example,
anything which invokes copy_to_user or copy_from_user would involve a
call to access_ok. This would fail because the UKL user pointer will
have a kernel address.

> 
>>
>> Cc: Jonathan Corbet <corbet@....net>
>> Cc: Masahiro Yamada <masahiroy@...nel.org>
>> Cc: Michal Marek <michal.lkml@...kovi.net>
>> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
>> Cc: Thomas Gleixner <tglx@...utronix.de>
>> Cc: Ingo Molnar <mingo@...hat.com>
>> Cc: Borislav Petkov <bp@...en8.de>
>> Cc: Dave Hansen <dave.hansen@...ux.intel.com>
>> Cc: "H. Peter Anvin" <hpa@...or.com>
>> Cc: Andy Lutomirski <luto@...nel.org>
>> Cc: Eric Biederman <ebiederm@...ssion.com>
>> Cc: Kees Cook <keescook@...omium.org>
>> Cc: Peter Zijlstra <peterz@...radead.org>
>> Cc: Alexander Viro <viro@...iv.linux.org.uk>
>> Cc: Arnd Bergmann <arnd@...db.de>
>> Cc: Juri Lelli <juri.lelli@...hat.com>
>> Cc: Vincent Guittot <vincent.guittot@...aro.org>
>> Cc: Dietmar Eggemann <dietmar.eggemann@....com>
>> Cc: Steven Rostedt <rostedt@...dmis.org>
>> Cc: Ben Segall <bsegall@...gle.com>
>> Cc: Mel Gorman <mgorman@...e.de>
>> Cc: Daniel Bristot de Oliveira <bristot@...hat.com>
>> Cc: Valentin Schneider <vschneid@...hat.com>
>> Cc: Paolo Bonzini <pbonzini@...hat.com>
>> Cc: Josh Poimboeuf <jpoimboe@...nel.org>
>>
>> Signed-off-by: Ali Raza <aliraza@...edu>
>> ---
>>  arch/x86/include/asm/uaccess.h | 8 ++++++++
>>  1 file changed, 8 insertions(+)
>>
>> diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
>> index 913e593a3b45..adef521b2e59 100644
>> --- a/arch/x86/include/asm/uaccess.h
>> +++ b/arch/x86/include/asm/uaccess.h
>> @@ -37,11 +37,19 @@ static inline bool pagefault_disabled(void);
>>   * Return: true (nonzero) if the memory block may be valid, false (zero)
>>   * if it is definitely invalid.
>>   */
>> +#ifdef CONFIG_UNIKERNEL_LINUX
>> +#define access_ok(addr, size)					\
>> +({									\
>> +	WARN_ON_IN_IRQ();						\
>> +	(is_ukl_thread() ? 1 : likely(__access_ok(addr, size)));	\
>> +})
>> +#else
>>  #define access_ok(addr, size)					\
>>  ({									\
>>  	WARN_ON_IN_IRQ();						\
>>  	likely(__access_ok(addr, size));				\
>>  })
>> +#endif
>>
>>  #include <asm-generic/access_ok.h>
>>
>> -- 
>> 2.21.3

Powered by blists - more mailing lists