| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87bk2wu627.fsf@linaro.org>
Date: Tue, 16 Jul 2024 23:05:04 -0300
From: Thiago Jung Bauermann <thiago.bauermann@...aro.org>
To: Mark Brown <broonie@...nel.org>
Cc: Catalin Marinas <catalin.marinas@....com>, Will Deacon
<will@...nel.org>, Jonathan Corbet <corbet@....net>, Andrew Morton
<akpm@...ux-foundation.org>, Marc Zyngier <maz@...nel.org>, Oliver Upton
<oliver.upton@...ux.dev>, James Morse <james.morse@....com>, Suzuki K
Poulose <suzuki.poulose@....com>, Arnd Bergmann <arnd@...db.de>, Oleg
Nesterov <oleg@...hat.com>, Eric Biederman <ebiederm@...ssion.com>,
Shuah Khan <shuah@...nel.org>, "Rick P. Edgecombe"
<rick.p.edgecombe@...el.com>, Deepak Gupta <debug@...osinc.com>, Ard
Biesheuvel <ardb@...nel.org>, Szabolcs Nagy <Szabolcs.Nagy@....com>,
Kees Cook <kees@...nel.org>, "H.J. Lu" <hjl.tools@...il.com>, Paul
Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>,
Albert Ou <aou@...s.berkeley.edu>, Florian Weimer <fweimer@...hat.com>,
Christian Brauner <brauner@...nel.org>, Ross Burton
<ross.burton@....com>, linux-arm-kernel@...ts.infradead.org,
linux-doc@...r.kernel.org, kvmarm@...ts.linux.dev,
linux-fsdevel@...r.kernel.org, linux-arch@...r.kernel.org,
linux-mm@...ck.org, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org
Subject: Re: [PATCH v9 20/39] arm64/gcs: Ensure that new threads have a GCS
Mark Brown <broonie@...nel.org> writes:
> diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
> index b0a67efc522b..4a3ce8e3bdfb 100644
> --- a/arch/arm64/mm/gcs.c
> +++ b/arch/arm64/mm/gcs.c
> @@ -8,6 +8,139 @@
> #include <asm/cpufeature.h>
> #include <asm/page.h>
>
> +static unsigned long alloc_gcs(unsigned long addr, unsigned long size,
> + unsigned long token_offset, bool set_res_tok)
The token_offset and set_res_tok arguments aren't used in this function,
so they can be removed.
> +{
> + int flags = MAP_ANONYMOUS | MAP_PRIVATE;
> + struct mm_struct *mm = current->mm;
> + unsigned long mapped_addr, unused;
> +
> + if (addr)
> + flags |= MAP_FIXED_NOREPLACE;
> +
> + mmap_write_lock(mm);
> + mapped_addr = do_mmap(NULL, addr, size, PROT_READ | PROT_WRITE, flags,
> + VM_SHADOW_STACK, 0, &unused, NULL);
> + mmap_write_unlock(mm);
> +
> + return mapped_addr;
> +}
> +
> +static unsigned long gcs_size(unsigned long size)
> +{
> + if (size)
> + return PAGE_ALIGN(size);
> +
> + /* Allocate RLIMIT_STACK/2 with limits of PAGE_SIZE..2G */
> + size = PAGE_ALIGN(min_t(unsigned long long,
> + rlimit(RLIMIT_STACK) / 2, SZ_2G));
> + return max(PAGE_SIZE, size);
> +}
> +
> +static bool gcs_consume_token(struct mm_struct *mm, unsigned long user_addr)
> +{
> + u64 expected = GCS_CAP(user_addr);
> + u64 val;
> + int ret;
> +
> + /* This should really be an atomic cpmxchg. It is not. */
s/cpmxchg/cmpxchg/
The same typo is also in arch/x86/kernel/shstk.c, from the "fork:
Support shadow stacks in clone3()" patch series.
> + ret = access_remote_vm(mm, user_addr, &val, sizeof(val),
> + FOLL_FORCE);
> + if (ret != sizeof(val))
> + return false;
> +
> + if (val != expected)
> + return false;
> +
> + val = 0;
> + ret = access_remote_vm(mm, user_addr, &val, sizeof(val),
> + FOLL_FORCE | FOLL_WRITE);
> + if (ret != sizeof(val))
> + return false;
> +
> + return true;
> +}
--
Thiago
Powered by blists - more mailing lists