Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Sep 2017 08:54:33 -0700
From: Dave Hansen <dave.hansen@...ux.intel.com>
To: Eric Biggers <ebiggers3@...il.com>, x86@...nel.org
Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
 Andy Lutomirski <luto@...nel.org>, Dmitry Vyukov <dvyukov@...gle.com>,
 Fenghua Yu <fenghua.yu@...el.com>, Ingo Molnar <mingo@...nel.org>,
 Kevin Hao <haokexin@...il.com>, Oleg Nesterov <oleg@...hat.com>,
 Wanpeng Li <wanpeng.li@...mail.com>, Yu-cheng Yu <yu-cheng.yu@...el.com>,
 Michael Halcrow <mhalcrow@...gle.com>, Eric Biggers <ebiggers@...gle.com>
Subject: Re: [PATCH v2 2/3] x86/fpu: tighten validation of user-supplied
 xstate_header

On 09/19/2017 05:44 PM, Eric Biggers wrote:
> +static inline int validate_xstate_header(const struct xstate_header *hdr)
> +{
> +	/* No unknown or supervisor features may be set */
> +	if (hdr->xfeatures & (~xfeatures_mask | XFEATURE_MASK_SUPERVISOR))
> +		return -EINVAL;
> +
> +	/* Userspace must use the uncompacted format */
> +	if (hdr->xcomp_bv)
> +		return -EINVAL;
> +
> +	/* No reserved bits may be set */
> +	if (memchr_inv(hdr->reserved, 0, sizeof(hdr->reserved)))
> +		return -EINVAL;
> +
> +	return 0;
> +}

BTW, the whole series looks pretty sane to me.  Tou're definitely
leaving the code better than you found it.  Feel free to add my acked-by
on all 3 patches.

One nit about this validate function, though.  Let's say we go and
change 'struct xstate_header' and shrink ->reserved because we add a new
field.  This validator will silently break.

Could we add a

	BUILD_BUG_ON(sizeof(hdr->reserved) != 48);

That way, the next hapless kernel developer can't miss updating this.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.