Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Mar 2017 09:29:28 -0700
From: Thomas Garnier <>
To: Andy Lutomirski <>
Cc: "H. Peter Anvin" <>, Ingo Molnar <>, 
	Martin Schwidefsky <>, Heiko Carstens <>, 
	David Howells <>, Arnd Bergmann <>, Al Viro <>, 
	Dave Hansen <>, René Nyffenegger <>, 
	Andrew Morton <>, Kees Cook <>, 
	"Paul E . McKenney" <>, Andy Lutomirski <>, 
	Ard Biesheuvel <>, Nicolas Pitre <>, 
	Petr Mladek <>, Sebastian Andrzej Siewior <>, 
	Sergey Senozhatsky <>, Helge Deller <>, 
	Rik van Riel <>, John Stultz <>, 
	Thomas Gleixner <>, Oleg Nesterov <>, 
	Stephen Smalley <>, Pavel Tikhomirov <>, 
	Frederic Weisbecker <>, Stanislav Kinsburskiy <>, 
	Ingo Molnar <>, Paolo Bonzini <>, 
	Dmitry Safonov <>, Borislav Petkov <>, 
	Josh Poimboeuf <>, Brian Gerst <>, Jan Beulich <>, 
	Christian Borntraeger <>, Fenghua Yu <>, 
	He Chen <>, Russell King <>, 
	Vladimir Murzin <>, Will Deacon <>, 
	Catalin Marinas <>, Mark Rutland <>, 
	James Morse <>, "David A . Long" <>, 
	Pratyush Anand <>, Laura Abbott <>, 
	Andre Przywara <>, Chris Metcalf <>, 
	linux-s390 <>, LKML <>, 
	Linux API <>, "the arch/x86 maintainers" <>, 
	"" <>, 
	Kernel Hardening <>
Subject: Re: [PATCH v3 2/4] x86/syscalls: Specific usage of verify_pre_usermode_state

On Tue, Mar 14, 2017 at 8:39 AM, Andy Lutomirski <> wrote:
> Even though my name isn't Ingo, Linus keeps trying to get me to be the
> actual maintainer of this file.  :)  How about (sorry about whitespace
> damage):


>        movq    PER_CPU_VAR(current_task), %rax
>        bt $63, TASK_addr_limit(%rax)
>        jc     syscall_return_slowpath
> #endif
> Now the kernel is totally unchanged if the config option is off and
> it's fast and simple if the option is on.

I like using bt for fast comparison.

We want to enforce the address limit by default, not only when
CONFIG_BUG_ON_DATA_CORRUPTION is enabled. I tested this one:

/* Check user-mode state on fast path return. */
movq PER_CPU_VAR(current_task), %rax
btq $63, TASK_addr_limit(%rax)
jnc 1f
call syscall_return_slowpath
jmp return_from_SYSCALL_64
movq $TASK_SIZE_MAX, %rcx
movq %rcx, TASK_addr_limit(%rax)

I saw that syscall_return_slowpath is supposed to be called not jumped
to. I could just call verify_pre_usermode_state that would be about
the same.

If we want to avoid if/def then I guess this one is the best I can think of:

/* Check user-mode state on fast path return. */
movq PER_CPU_VAR(current_task), %rax
btq $63, TASK_addr_limit(%rax)
jnc 1f
call verify_pre_usermode_state

The check is fast and the call will happen only on corruption.

What do you think?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.