lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6va3r22jkgpk2kah7d3au7euiqrdeuooegezaguk4j4djfydop@3dpbdrl7akrp>
Date: Wed, 30 Oct 2024 14:31:51 +0200
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
	Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, Shuah Khan <shuah@...nel.org>, linux-kernel@...r.kernel.org, 
	linux-kselftest@...r.kernel.org
Subject: Re: [PATCH] selftests/lam: Test get_user() LAM pointer handling

On Tue, Oct 29, 2024 at 03:14:20PM +0100, Maciej Wieczor-Retman wrote:
> Recent change in how get_user() handles pointers [1] has a specific case
> for LAM. It assigns a different bitmask that's later used to check
> whether a pointer comes from userland in get_user().
> 
> While currently commented out (until LASS [2] is merged into the kernel)
> it's worth making changes to the LAM selftest ahead of time.
> 
> Add test case to LAM that utilizes a ioctl (FIOASYNC) syscall which uses
> get_user() in its implementation. Execute the syscall with differently
> tagged pointers to verify that valid user pointers are passing through
> and invalid kernel/non-canonical pointers are not.
> 
> Code was tested on a Sierra Forest Xeon machine that's LAM capable. The
> test was ran without issues with both the LAM lines from [1] untouched
> and commented out. The test was also ran without issues with LAM_SUP
> both enabled and disabled.
> 
> [1] https://lore.kernel.org/all/20241024013214.129639-1-torvalds@linux-foundation.org/
> [2] https://lore.kernel.org/all/20240710160655.3402786-1-alexander.shishkin@linux.intel.com/
> 
> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
> ---
>  tools/testing/selftests/x86/lam.c | 85 +++++++++++++++++++++++++++++++
>  1 file changed, 85 insertions(+)
> 
> diff --git a/tools/testing/selftests/x86/lam.c b/tools/testing/selftests/x86/lam.c
> index 0ea4f6813930..3c53d4b7aa61 100644
> --- a/tools/testing/selftests/x86/lam.c
> +++ b/tools/testing/selftests/x86/lam.c
> @@ -4,6 +4,7 @@
>  #include <stdlib.h>
>  #include <string.h>
>  #include <sys/syscall.h>
> +#include <sys/ioctl.h>
>  #include <time.h>
>  #include <signal.h>
>  #include <setjmp.h>
> @@ -43,10 +44,19 @@
>  #define FUNC_INHERITE           0x20
>  #define FUNC_PASID              0x40
>  
> +/* get_user() pointer test cases */
> +#define GET_USER_USER           0
> +#define GET_USER_KERNEL_TOP     1
> +#define GET_USER_KERNEL_BOT     2
> +#define GET_USER_KERNEL         3
> +
>  #define TEST_MASK               0x7f
> +#define L5_SIGN_EXT_MASK        (0xFFUL << 56)
> +#define L4_SIGN_EXT_MASK        (0x1FFFFUL << 47)
>  
>  #define LOW_ADDR                (0x1UL << 30)
>  #define HIGH_ADDR               (0x3UL << 48)
> +#define L5_ADDR                 (0x1UL << 48)
>  
>  #define MALLOC_LEN              32
>  
> @@ -370,6 +380,54 @@ static int handle_syscall(struct testcases *test)
>  	return ret;
>  }
>  
> +static int get_user_syscall(struct testcases *test)
> +{
> +	int ret = 0;
> +	int ptr_value = 0;
> +	void *ptr = &ptr_value;
> +	int fd;
> +
> +	uint64_t bitmask = ((uint64_t)ptr & L5_ADDR) ? L5_SIGN_EXT_MASK :
> +						       L4_SIGN_EXT_MASK;

Emm. Do you expect stack to be above at the very top of address space on
5-level paging machines? It is not true. We don't allocate any memory
above 46-bit unless asked explicitly.

See tools/testing/selftests/mm/va_high_addr_switch.c

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ