lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240927-springen-fortpflanzen-34a303373088@brauner>
Date: Fri, 27 Sep 2024 10:50:55 +0200
From: Christian Brauner <brauner@...nel.org>
To: Mark Brown <broonie@...nel.org>
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, 
	"dietmar.eggemann@....com" <dietmar.eggemann@....com>, 
	"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>, "shuah@...nel.org" <shuah@...nel.org>, 
	"Szabolcs.Nagy@....com" <Szabolcs.Nagy@....com>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, 
	"debug@...osinc.com" <debug@...osinc.com>, "mgorman@...e.de" <mgorman@...e.de>, 
	"vincent.guittot@...aro.org" <vincent.guittot@...aro.org>, "fweimer@...hat.com" <fweimer@...hat.com>, 
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mingo@...hat.com" <mingo@...hat.com>, 
	"rostedt@...dmis.org" <rostedt@...dmis.org>, "hjl.tools@...il.com" <hjl.tools@...il.com>, 
	"tglx@...utronix.de" <tglx@...utronix.de>, "linux-api@...r.kernel.org" <linux-api@...r.kernel.org>, 
	"vschneid@...hat.com" <vschneid@...hat.com>, "kees@...nel.org" <kees@...nel.org>, 
	"will@...nel.org" <will@...nel.org>, "hpa@...or.com" <hpa@...or.com>, 
	"jannh@...gle.com" <jannh@...gle.com>, "peterz@...radead.org" <peterz@...radead.org>, 
	"yury.khrustalev@....com" <yury.khrustalev@....com>, "bp@...en8.de" <bp@...en8.de>, 
	"wilco.dijkstra@....com" <wilco.dijkstra@....com>, "catalin.marinas@....com" <catalin.marinas@....com>, 
	"bsegall@...gle.com" <bsegall@...gle.com>, "juri.lelli@...hat.com" <juri.lelli@...hat.com>, 
	"x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH RFT v9 4/8] fork: Add shadow stack support to clone3()

On Wed, Aug 21, 2024 at 06:23:18PM GMT, Mark Brown wrote:
> On Wed, Aug 21, 2024 at 03:54:49PM +0000, Edgecombe, Rick P wrote:
> > On Wed, 2024-08-21 at 13:45 +0100, Mark Brown wrote:
> 
> > > It's entirely possible it just leaked.  My own attempts to dig through
> > > the archives haven't turned up anything on the subjecti either, it seems
> > > to have been there from the get go and just gone in without comment.
> > > Equally it could just be that people felt that this was a more tasteful
> > > way of specifying stacks, or that some future use was envisioned.
> 
> > Ok, well I'm suspicious, but won't object over it. The rest seems settled from
> > my side. I may try to attract some other x86 attention to that CMPXCHG helper,
> > but otherwise.
> 
> OK, I'll post what I've got (with the current ABI) today, incorporating
> your x86 fixes and the tighter validation and we can see what people
> think.  Perhaps Christian remembers what's going on there?

The legacy clone system call had required userspace to know in which
direction the stack was growing and then pass down the stack pointer
appropriately (e.g., parisc grows upwards).

And in fact, the old clone() system call did take an additional
stack_size argument on specific architectures. For example, on
microblaze.

Also, when clone3() was done we still had ia64 in the tree which had a
separate clone2() system call that also required a stack_size argument.

So userspace ended up with code like this or worse:

     #define __STACK_SIZE (8 * 1024 * 1024)
     pid_t sys_clone(int (*fn)(void *), void *arg, int flags, int *pidfd)
     {
             pid_t ret;
             void *stack;

             stack = malloc(__STACK_SIZE);
             if (!stack)
                     return -ENOMEM;

     #ifdef __ia64__
             ret = __clone2(fn, stack, __STACK_SIZE, flags | SIGCHLD, arg, pidfd);
     #elif defined(__parisc__) /* stack grows up */
             ret = clone(fn, stack, flags | SIGCHLD, arg, pidfd);
     #else
             ret = clone(fn, stack + __STACK_SIZE, flags | SIGCHLD, arg, pidfd);
     #endif
             return ret;
     }

So we talked to the glibc folks which preferred the kernel to do all
this nonsense for them as it has that knowledge.

My preference is to keep the api consistent and require a stack_size for
shadow stacks as well.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ