lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4891191c-d1c3-6985-c2ea-1b29deb8abe1@huawei.com>
Date: Tue, 27 Jan 2026 19:34:41 +0800
From: Jinjie Ruan <ruanjinjie@...wei.com>
To: Kevin Brodsky <kevin.brodsky@....com>, Will Deacon <will@...nel.org>
CC: <catalin.marinas@....com>, <oleg@...hat.com>, <tglx@...utronix.de>,
	<peterz@...radead.org>, <luto@...nel.org>, <shuah@...nel.org>,
	<kees@...nel.org>, <wad@...omium.org>, <macro@...am.me.uk>,
	<charlie@...osinc.com>, <akpm@...ux-foundation.org>, <ldv@...ace.io>,
	<anshuman.khandual@....com>, <mark.rutland@....com>, <thuth@...hat.com>,
	<song@...nel.org>, <ryan.roberts@....com>, <ada.coupriediaz@....com>,
	<broonie@...nel.org>, <liqiang01@...inos.cn>, <pengcan@...inos.cn>,
	<kmal@...k.li>, <dvyukov@...gle.com>, <richard.weiyang@...il.com>,
	<reddybalavignesh9979@...il.com>, <linux-arm-kernel@...ts.infradead.org>,
	<linux-kernel@...r.kernel.org>, <linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH v10 05/16] arm64: ptrace: Move rseq_syscall() before
 audit_syscall_exit()



On 2026/1/27 17:44, Kevin Brodsky wrote:
> On 26/01/2026 20:02, Will Deacon wrote:
>> On Mon, Dec 22, 2025 at 07:47:26PM +0800, Jinjie Ruan wrote:
>>> [...]
>>>
>>> To make it more reasonable and in preparation for moving arm64 over to
>>> the generic entry code, move rseq_syscall() ahead before
>>> audit_syscall_exit().
>> I've been struggling a bit to see how this helps to align with the
>> generic code.
> 
> rseq_syscall(), or rather rseq_debug_syscall_return() since eaa9088d568c
> ("rseq: Use static branch for syscall exit debug when
> GENERIC_IRQ_ENTRY=y"), is called first in the generic
> syscall_exit_to_user_mode_work(), so the aim of that patch is to align
> the order of calls with generic entry.
> 
>>  I'm also concerned that rseq_debug_update_user_cs()
>> operates on instruction_pointer(regs) which is something that can be
>> chaned by ptrace.
> 
> Isn't that true regardless of where rseq_syscall() is called on the
> syscall exit path, though?

My understanding is that if instruction_pointer(regs) is hijacked and
modified via ptrace at the syscall exit (ptrace_report_syscall_exit()),
this modification will not be observed by rseq. Specifically, in the
generic entry syscall exit path, rseq_syscall() is unable to detect such
a PC modification.


Regards,
Jinjie

> 
>> So, I'm not saying this is wrong, but it feels like a user-visible
>> change that needs better justification.
> 
> This seems to hang on whether the force_sig(SIGSEGV) that rseq_syscall()
> might issue interacts in any way with the tracing calls. My feeling is
> that it doesn't, but I haven't confirmed it. Worth noting this is only
> relevant if rseq debugging is enabled, so any potential user-visible
> effect is limited.
> 
> - Kevin
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ