lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMuHMdURykHCL1KEvgK=yC5sW-DAkEo+C+bbOBMUsbhD8aPSMw@mail.gmail.com>
Date: Sat, 10 Aug 2024 16:54:53 +0200
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Finn Thain <fthain@...ux-m68k.org>
Cc: Christian Brauner <brauner@...nel.org>, Greg Ungerer <gerg@...ux-m68k.org>, 
	Stan Johnson <userm57@...oo.com>, linux-m68k@...ts.linux-m68k.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] m68k: Fix kernel_clone_args.flags in m68k_clone()

Hi Finn,

On Sat, Aug 10, 2024 at 9:14 AM Finn Thain <fthain@...ux-m68k.org> wrote:
> Stan Johnson recently reported a failure from the 'dump' command:
>
>   DUMP: Date of this level 0 dump: Fri Aug  9 23:37:15 2024
>   DUMP: Dumping /dev/sda (an unlisted file system) to /dev/null
>   DUMP: Label: none
>   DUMP: Writing 10 Kilobyte records
>   DUMP: mapping (Pass I) [regular files]
>   DUMP: mapping (Pass II) [directories]
>   DUMP: estimated 3595695 blocks.
>   DUMP: Context save fork fails in parent 671
>
> The dump program uses the clone syscall with the CLONE_IO flag, that is,
> flags == 0x80000000. When that value is cast from long int to u64 by
> m68k_clone(), it undergoes sign-extension. The new value includes
> CLONE_INTO_CGROUP so the validation in cgroup_css_set_fork() fails and
> the syscall returns -EBADFD.
>
> Avoid sign-extension by adopting the idiom used in kernel/fork.c when
> casting clone flags.
>
> Cc: Stan Johnson <userm57@...oo.com>
> Reported-by: Stan Johnson <userm57@...oo.com>
> Closes: https://lists.debian.org/debian-68k/2024/08/msg00000.html
> Fixes: 6aabc1facdb2 ("m68k: Implement copy_thread_tls()")
> Signed-off-by: Finn Thain <fthain@...ux-m68k.org>

Thanks for your patch!

> --- a/arch/m68k/kernel/process.c
> +++ b/arch/m68k/kernel/process.c
> @@ -117,7 +117,7 @@ asmlinkage int m68k_clone(struct pt_regs *regs)
>  {
>         /* regs will be equal to current_pt_regs() */
>         struct kernel_clone_args args = {
> -               .flags          = regs->d1 & ~CSIGNAL,
> +               .flags          = (lower_32_bits(regs->d1) & ~CSIGNAL),

While other architectures (nios2, sparc, generic code) do use
lower_32_bits() in similar code[*], IMHO this is misleading here, as
regs->d1 is never 64-bit.  What you really want is to avoid the sign
extension in the promotion from signed 32-bit to unsigned 64-bit.
So I think a cast to u32 makes more sense?

>                 .pidfd          = (int __user *)regs->d3,
>                 .child_tid      = (int __user *)regs->d4,
>                 .parent_tid     = (int __user *)regs->d3,

[*] The shared sparc32/64 code uses lower_32_bits on unsigned long,
    which is 64-bit on sparc64. Likewise for the generic code in kernel/fork.c.
    The nios2 code is a bit moot, as clone_flags is already unsigned, and
    unsigned long is always 32-bit on nios2.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ