lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20250901-nios2-implement-clone3-v2-1-53fcf5577d57@siemens-energy.com>
Date: Mon, 01 Sep 2025 15:09:50 +0200
From: Simon Schuster via B4 Relay <devnull+schuster.simon.siemens-energy.com@...nel.org>
To: Dinh Nguyen <dinguyen@...nel.org>, 
 Christian Brauner <brauner@...nel.org>, Arnd Bergmann <arnd@...db.de>, 
 Andrew Morton <akpm@...ux-foundation.org>, 
 David Hildenbrand <david@...hat.com>, 
 Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, 
 "Liam R. Howlett" <Liam.Howlett@...cle.com>, 
 Vlastimil Babka <vbabka@...e.cz>, Mike Rapoport <rppt@...nel.org>, 
 Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko <mhocko@...e.com>, 
 Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>, 
 Juri Lelli <juri.lelli@...hat.com>, 
 Vincent Guittot <vincent.guittot@...aro.org>, 
 Dietmar Eggemann <dietmar.eggemann@....com>, 
 Steven Rostedt <rostedt@...dmis.org>, Ben Segall <bsegall@...gle.com>, 
 Mel Gorman <mgorman@...e.de>, Valentin Schneider <vschneid@...hat.com>, 
 Kees Cook <kees@...nel.org>, Paul Walmsley <paul.walmsley@...ive.com>, 
 Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, 
 Alexandre Ghiti <alex@...ti.fr>, Guo Ren <guoren@...nel.org>, 
 Oleg Nesterov <oleg@...hat.com>, Jens Axboe <axboe@...nel.dk>, 
 Alexander Viro <viro@...iv.linux.org.uk>, Jan Kara <jack@...e.cz>, 
 Tejun Heo <tj@...nel.org>, Johannes Weiner <hannes@...xchg.org>, 
 Michal Koutný <mkoutny@...e.com>, 
 Paul Moore <paul@...l-moore.com>, Serge Hallyn <sergeh@...nel.org>, 
 James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, 
 Anna-Maria Behnsen <anna-maria@...utronix.de>, 
 Frederic Weisbecker <frederic@...nel.org>, 
 Thomas Gleixner <tglx@...utronix.de>, 
 Masami Hiramatsu <mhiramat@...nel.org>, 
 "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
 Simon Horman <horms@...nel.org>, 
 Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, 
 Arnaldo Carvalho de Melo <acme@...nel.org>, 
 Namhyung Kim <namhyung@...nel.org>, Mark Rutland <mark.rutland@....com>, 
 Alexander Shishkin <alexander.shishkin@...ux.intel.com>, 
 Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>, 
 Adrian Hunter <adrian.hunter@...el.com>, 
 John Johansen <john.johansen@...onical.com>, 
 Stephen Smalley <stephen.smalley.work@...il.com>, 
 Ondrej Mosnacek <omosnace@...hat.com>, 
 Kentaro Takeda <takedakn@...data.co.jp>, 
 Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>, 
 Richard Henderson <richard.henderson@...aro.org>, 
 Matt Turner <mattst88@...il.com>, Vineet Gupta <vgupta@...nel.org>, 
 Russell King <linux@...linux.org.uk>, 
 Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, 
 Brian Cain <bcain@...nel.org>, Huacai Chen <chenhuacai@...nel.org>, 
 WANG Xuerui <kernel@...0n.name>, Geert Uytterhoeven <geert@...ux-m68k.org>, 
 Michal Simek <monstr@...str.eu>, 
 Thomas Bogendoerfer <tsbogend@...ha.franken.de>, 
 Jonas Bonn <jonas@...thpole.se>, 
 Stefan Kristiansson <stefan.kristiansson@...nalahti.fi>, 
 Stafford Horne <shorne@...il.com>, 
 "James E.J. Bottomley" <James.Bottomley@...senPartnership.com>, 
 Helge Deller <deller@....de>, Madhavan Srinivasan <maddy@...ux.ibm.com>, 
 Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, 
 Christophe Leroy <christophe.leroy@...roup.eu>, 
 Heiko Carstens <hca@...ux.ibm.com>, Vasily Gorbik <gor@...ux.ibm.com>, 
 Alexander Gordeev <agordeev@...ux.ibm.com>, 
 Christian Borntraeger <borntraeger@...ux.ibm.com>, 
 Sven Schnelle <svens@...ux.ibm.com>, 
 Yoshinori Sato <ysato@...rs.sourceforge.jp>, Rich Felker <dalias@...c.org>, 
 John Paul Adrian Glaubitz <glaubitz@...sik.fu-berlin.de>, 
 Andreas Larsson <andreas@...sler.com>, Richard Weinberger <richard@....at>, 
 Anton Ivanov <anton.ivanov@...bridgegreys.com>, 
 Johannes Berg <johannes@...solutions.net>, Borislav Petkov <bp@...en8.de>, 
 Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
 "H. Peter Anvin" <hpa@...or.com>, Chris Zankel <chris@...kel.net>, 
 Max Filippov <jcmvbkbc@...il.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org, 
 linux-riscv@...ts.infradead.org, linux-csky@...r.kernel.org, 
 linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org, 
 cgroups@...r.kernel.org, linux-security-module@...r.kernel.org, 
 linux-trace-kernel@...r.kernel.org, netdev@...r.kernel.org, 
 linux-perf-users@...r.kernel.org, apparmor@...ts.ubuntu.com, 
 selinux@...r.kernel.org, linux-alpha@...r.kernel.org, 
 linux-snps-arc@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org, 
 linux-hexagon@...r.kernel.org, loongarch@...ts.linux.dev, 
 linux-m68k@...ts.linux-m68k.org, linux-mips@...r.kernel.org, 
 linux-openrisc@...r.kernel.org, linux-parisc@...r.kernel.org, 
 linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org, 
 linux-sh@...r.kernel.org, sparclinux@...r.kernel.org, 
 linux-um@...ts.infradead.org, 
 Simon Schuster <schuster.simon@...mens-energy.com>, stable@...r.kernel.org
Subject: [PATCH v2 1/4] copy_sighand: Handle architectures where
 sizeof(unsigned long) < sizeof(u64)

From: Simon Schuster <schuster.simon@...mens-energy.com>

With the introduction of clone3 in commit 7f192e3cd316 ("fork: add
clone3") the effective bit width of clone_flags on all architectures was
increased from 32-bit to 64-bit. However, the signature of the copy_*
helper functions (e.g., copy_sighand) used by copy_process was not
adapted.

As such, they truncate the flags on any 32-bit architectures that
supports clone3 (arc, arm, csky, m68k, microblaze, mips32, openrisc,
parisc32, powerpc32, riscv32, x86-32 and xtensa).

For copy_sighand with CLONE_CLEAR_SIGHAND being an actual u64
constant, this triggers an observable bug in kernel selftest
clone3_clear_sighand:

        if (clone_flags & CLONE_CLEAR_SIGHAND)

in function copy_sighand within fork.c will always fail given:

        unsigned long /* == uint32_t */ clone_flags
        #define CLONE_CLEAR_SIGHAND 0x100000000ULL

This commit fixes the bug by always passing clone_flags to copy_sighand
via their declared u64 type, invariant of architecture-dependent integer
sizes.

Fixes: b612e5df4587 ("clone3: add CLONE_CLEAR_SIGHAND")
Cc: stable@...r.kernel.org # linux-5.5+
Signed-off-by: Simon Schuster <schuster.simon@...mens-energy.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
---
 kernel/fork.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/fork.c b/kernel/fork.c
index 5115be549234..82f5d52fecf1 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1599,7 +1599,7 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk,
 	return 0;
 }
 
-static int copy_sighand(unsigned long clone_flags, struct task_struct *tsk)
+static int copy_sighand(u64 clone_flags, struct task_struct *tsk)
 {
 	struct sighand_struct *sig;
 

-- 
2.39.5



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ