lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2020 19:31:49 +0300 From: Pavel Begunkov <asml.silence@...il.com> To: David Laight <David.Laight@...LAB.COM>, 'Arnd Bergmann' <arnd@...db.de>, Andy Lutomirski <luto@...nel.org> Cc: Matthew Wilcox <willy@...radead.org>, Al Viro <viro@...iv.linux.org.uk>, Christoph Hellwig <hch@....de>, Andrew Morton <akpm@...ux-foundation.org>, Jens Axboe <axboe@...nel.dk>, David Howells <dhowells@...hat.com>, linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>, X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>, "open list:MIPS" <linux-mips@...r.kernel.org>, Parisc List <linux-parisc@...r.kernel.org>, linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>, linux-s390 <linux-s390@...r.kernel.org>, sparclinux <sparclinux@...r.kernel.org>, linux-block <linux-block@...r.kernel.org>, Linux SCSI List <linux-scsi@...r.kernel.org>, Linux FS Devel <linux-fsdevel@...r.kernel.org>, linux-aio <linux-aio@...ck.org>, "io-uring@...r.kernel.org" <io-uring@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>, Network Development <netdev@...r.kernel.org>, "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org> Subject: Re: [PATCH 1/9] kernel: add a PF_FORCE_COMPAT flag On 21/09/2020 00:13, David Laight wrote: > From: Arnd Bergmann >> Sent: 20 September 2020 21:49 >> >> On Sun, Sep 20, 2020 at 9:28 PM Andy Lutomirski <luto@...nel.org> wrote: >>> On Sun, Sep 20, 2020 at 12:23 PM Matthew Wilcox <willy@...radead.org> wrote: >>>> >>>> On Sun, Sep 20, 2020 at 08:10:31PM +0100, Al Viro wrote: >>>>> IMO it's much saner to mark those and refuse to touch them from io_uring... >>>> >>>> Simpler solution is to remove io_uring from the 32-bit syscall list. >>>> If you're a 32-bit process, you don't get to use io_uring. Would >>>> any real users actually care about that? >>> >>> We could go one step farther and declare that we're done adding *any* >>> new compat syscalls :) >> >> Would you also stop adding system calls to native 32-bit systems then? >> >> On memory constrained systems (less than 2GB a.t.m.), there is still a >> strong demand for running 32-bit user space, but all of the recent Arm >> cores (after Cortex-A55) dropped the ability to run 32-bit kernels, so >> that compat mode may eventually become the primary way to run >> Linux on cheap embedded systems. >> >> I don't think there is any chance we can realistically take away io_uring >> from the 32-bit ABI any more now. > > Can't it just run requests from 32bit apps in a kernel thread that has > the 'in_compat_syscall' flag set? > Not that i recall seeing the code where it saves the 'compat' nature > of any requests. > > It is already completely f*cked if you try to pass the command ring > to a child process - it uses the wrong 'mm'. And how so? io_uring uses mm of a submitter. The exception is SQPOLL mode, but it requires CAP_SYS_ADMIN or CAP_SYS_NICE anyway. > I suspect there are some really horrid security holes in that area. > > David. > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK > Registration No: 1397386 (Wales) > -- Pavel Begunkov
Powered by blists - more mailing lists