| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2195976.7Z3S40VBb9@basin> Date: Sat, 23 Nov 2024 19:24:21 -0500 From: Mikel Rychliski <mikel@...elr.com> To: David Laight <David.Laight@...lab.com>, Linus Torvalds <torvalds@...ux-foundation.org> Cc: Andrew Cooper <andrew.cooper3@...rix.com>, "bp@...en8.de" <bp@...en8.de>, Josh Poimboeuf <jpoimboe@...nel.org>, "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Arnd Bergmann <arnd@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com> Subject: Re: [PATCH] x86: Allow user accesses to the base of the guard page On Saturday, November 23, 2024 6:44:34 P.M. EST you wrote: > There's a difference between "valid" and "we care". > > This is way past that case. The only possible reason for that > zero-byte thing at the end of the address space is somebody actively > looking for some edge case, not a real use. access_ok() for x86_64 checks the validity of the byte one past the end of the requested buffer, even if that buffer is non-zero. I ran into this in kernels that include 86e6b1547b3d0 with a BPF program that grabs the bottom of the user stack in PAGE_SIZE chunks. Reading the final page of user space returns -EFAULT now because the access_ok() check fails. I've been working around with this: https://lore.kernel.org/lkml/20241109210313.440495-1-mikel@mikelr.com/
Powered by blists - more mailing lists