| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6va3r22jkgpk2kah7d3au7euiqrdeuooegezaguk4j4djfydop@3dpbdrl7akrp>
Date: Wed, 30 Oct 2024 14:31:51 +0200
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH] selftests/lam: Test get_user() LAM pointer handling
On Tue, Oct 29, 2024 at 03:14:20PM +0100, Maciej Wieczor-Retman wrote:
> Recent change in how get_user() handles pointers [1] has a specific case
> for LAM. It assigns a different bitmask that's later used to check
> whether a pointer comes from userland in get_user().
>
> While currently commented out (until LASS [2] is merged into the kernel)
> it's worth making changes to the LAM selftest ahead of time.
>
> Add test case to LAM that utilizes a ioctl (FIOASYNC) syscall which uses
> get_user() in its implementation. Execute the syscall with differently
> tagged pointers to verify that valid user pointers are passing through
> and invalid kernel/non-canonical pointers are not.
>
> Code was tested on a Sierra Forest Xeon machine that's LAM capable. The
> test was ran without issues with both the LAM lines from [1] untouched
> and commented out. The test was also ran without issues with LAM_SUP
> both enabled and disabled.
>
> [1] https://lore.kernel.org/all/20241024013214.129639-1-torvalds@linux-foundation.org/
> [2] https://lore.kernel.org/all/20240710160655.3402786-1-alexander.shishkin@linux.intel.com/
>
> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
> ---
> tools/testing/selftests/x86/lam.c | 85 +++++++++++++++++++++++++++++++
> 1 file changed, 85 insertions(+)
>
> diff --git a/tools/testing/selftests/x86/lam.c b/tools/testing/selftests/x86/lam.c
> index 0ea4f6813930..3c53d4b7aa61 100644
> --- a/tools/testing/selftests/x86/lam.c
> +++ b/tools/testing/selftests/x86/lam.c
> @@ -4,6 +4,7 @@
> #include <stdlib.h>
> #include <string.h>
> #include <sys/syscall.h>
> +#include <sys/ioctl.h>
> #include <time.h>
> #include <signal.h>
> #include <setjmp.h>
> @@ -43,10 +44,19 @@
> #define FUNC_INHERITE 0x20
> #define FUNC_PASID 0x40
>
> +/* get_user() pointer test cases */
> +#define GET_USER_USER 0
> +#define GET_USER_KERNEL_TOP 1
> +#define GET_USER_KERNEL_BOT 2
> +#define GET_USER_KERNEL 3
> +
> #define TEST_MASK 0x7f
> +#define L5_SIGN_EXT_MASK (0xFFUL << 56)
> +#define L4_SIGN_EXT_MASK (0x1FFFFUL << 47)
>
> #define LOW_ADDR (0x1UL << 30)
> #define HIGH_ADDR (0x3UL << 48)
> +#define L5_ADDR (0x1UL << 48)
>
> #define MALLOC_LEN 32
>
> @@ -370,6 +380,54 @@ static int handle_syscall(struct testcases *test)
> return ret;
> }
>
> +static int get_user_syscall(struct testcases *test)
> +{
> + int ret = 0;
> + int ptr_value = 0;
> + void *ptr = &ptr_value;
> + int fd;
> +
> + uint64_t bitmask = ((uint64_t)ptr & L5_ADDR) ? L5_SIGN_EXT_MASK :
> + L4_SIGN_EXT_MASK;
Emm. Do you expect stack to be above at the very top of address space on
5-level paging machines? It is not true. We don't allocate any memory
above 46-bit unless asked explicitly.
See tools/testing/selftests/mm/va_high_addr_switch.c
--
Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists