| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8768a6fbb4023fe1d0b98c83dffcc5d471a454bb.camel@intel.com>
Date: Wed, 27 Aug 2025 17:58:43 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "dietmar.eggemann@....com" <dietmar.eggemann@....com>,
"broonie@...nel.org" <broonie@...nel.org>, "Szabolcs.Nagy@....com"
<Szabolcs.Nagy@....com>, "brauner@...nel.org" <brauner@...nel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"debug@...osinc.com" <debug@...osinc.com>, "mgorman@...e.de"
<mgorman@...e.de>, "vincent.guittot@...aro.org" <vincent.guittot@...aro.org>,
"fweimer@...hat.com" <fweimer@...hat.com>, "mingo@...hat.com"
<mingo@...hat.com>, "rostedt@...dmis.org" <rostedt@...dmis.org>,
"hjl.tools@...il.com" <hjl.tools@...il.com>, "tglx@...utronix.de"
<tglx@...utronix.de>, "vschneid@...hat.com" <vschneid@...hat.com>,
"shuah@...nel.org" <shuah@...nel.org>, "hpa@...or.com" <hpa@...or.com>,
"peterz@...radead.org" <peterz@...radead.org>, "bp@...en8.de" <bp@...en8.de>,
"bsegall@...gle.com" <bsegall@...gle.com>, "x86@...nel.org" <x86@...nel.org>,
"juri.lelli@...hat.com" <juri.lelli@...hat.com>
CC: "yury.khrustalev@....com" <yury.khrustalev@....com>,
"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "jannh@...gle.com"
<jannh@...gle.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "catalin.marinas@....com"
<catalin.marinas@....com>, "will@...nel.org" <will@...nel.org>,
"wilco.dijkstra@....com" <wilco.dijkstra@....com>, "kees@...nel.org"
<kees@...nel.org>, "linux-api@...r.kernel.org" <linux-api@...r.kernel.org>
Subject: Re: [PATCH v19 4/8] fork: Add shadow stack support to clone3()
On Tue, 2025-08-19 at 17:21 +0100, Mark Brown wrote:
> +int arch_shstk_validate_clone(struct task_struct *t,
> + struct vm_area_struct *vma,
> + struct page *page,
> + struct kernel_clone_args *args)
> +{
> + /*
> + * SSP is aligned, so reserved bits and mode bit are a zero, just mark
> + * the token 64-bit.
> + */
What is this comment doing here? It doesn't make sense. It looks copied from
create_rstor_token()?
> + void *maddr = page_address(page);
> + unsigned long token;
> + int offset;
> + u64 expected;
> +
> + token = args->shadow_stack_token;
> + expected = (token + SS_FRAME_SIZE) | BIT(0);
Instead of the above comment, I think the important thing to say is that args-
>shadow_stack_token is 8 byte aligned, so offset can't overflow out of the page.
Maybe?
/* kernel_clone_args verification assures token address is 8 byte aligned */
> + offset = offset_in_page(token);
> +
> + if (!cmpxchg_to_user_page(vma, page, token, (unsigned long *)(maddr + offset),
> + expected, 0))
> + return -EINVAL;
> + set_page_dirty_lock(page);
> +
> + return 0;
> +}
> +
With those changes, for the series:
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@...el.com>
Powered by blists - more mailing lists