lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wiB2FSWb0HxgzHGJKaDRCaJ6tGSc0OVvodAiZ_QU=05NQ@mail.gmail.com> Date: Sat, 9 Dec 2023 12:08:30 -0800 From: Linus Torvalds <torvalds@...uxfoundation.org> To: Brian Gerst <brgerst@...il.com> Cc: Michal Luczaj <mhal@...x.co>, x86@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, shuah@...nel.org, luto@...nel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 0/2] x86: UMIP emulation leaking kernel addresses On Sat, 9 Dec 2023 at 09:16, Brian Gerst <brgerst@...il.com> wrote: > > A different way to plug this is to harden ptrace (and sigreturn) to > verify that the segments are code or data type segments instead of > relying on an IRET fault. I think that is likely a good idea regardless of this particular issue. And I don't think you need to even check the segment for any kind of validity - all you need to check that it's a valid selector. And we *kind* of do that already, with the x86 ptrace code checking static inline bool invalid_selector(u16 value) { return unlikely(value != 0 && (value & SEGMENT_RPL_MASK) != USER_RPL); } but the thing is, I think we could limit that a lot more. I think the only valid GDT entries are 0-15 (that includes the default kernel segments, but they don't contain anything interesting), so we could tighten that selector check to say that it has to be either a LDT entry or a selector < 15. So add some kind of requirement for "(value & 4) || (value < 8*16)", perhaps? Linus
Powered by blists - more mailing lists