| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50a0920d-3e3d-4e96-b68a-a7a0d78c3695@sirena.org.uk>
Date: Wed, 19 Mar 2025 13:24:15 +0000
From: Mark Brown <broonie@...nel.org>
To: Jeremy Linton <jeremy.linton@....com>
Cc: linux-trace-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
mhiramat@...nel.org, oleg@...hat.com, peterz@...radead.org,
acme@...nel.org, namhyung@...nel.org, mark.rutland@....com,
alexander.shishkin@...ux.intel.com, jolsa@...nel.org,
irogers@...gle.com, adrian.hunter@...el.com,
kan.liang@...ux.intel.com, thiago.bauermann@...aro.org,
yury.khrustalev@....com, kristina.martsenko@....com,
liaochang1@...wei.com, catalin.marinas@....com, will@...nel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/7] arm64: uaccess: Add additional userspace GCS
accessors
On Tue, Mar 18, 2025 at 03:48:37PM -0500, Jeremy Linton wrote:
> +static inline u64 load_user_gcs(unsigned long __user *addr, int *err)
> +{
> + unsigned long ret;
> + u64 load;
> +
> + if (!access_ok((char __user *)addr, sizeof(load))) {
> + *err = -EFAULT;
> + return 0;
> + }
> +
> + gcsb_dsync();
> + ret = copy_from_user(&load, addr, sizeof(load));
> + if (ret != 0)
> + *err = ret;
> + return load;
> +}
A GCS load done by the hardware will verify that we are loading from GCS
memory (the accesses are marked as AccessType_GCS in the pseudocode
which is then validated in for example S1CheckPermissions()). Sadly
there's no equivalent of GCSSTR so we'd need to do the permission check
ourselves to match this behaviour.
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists