[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Jan 2020 07:58:16 +0100
From: Christophe Leroy <christophe.leroy@....fr>
To: Russell Currey <ruscur@...sell.cc>, keescook@...omium.org,
mpe@...erman.id.au
Cc: linux-kernel@...r.kernel.org, dja@...ens.net,
kernel-hardening@...ts.openwall.com, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH] lkdtm: Test KUAP directional user access unlocks on
powerpc
Le 31/01/2020 à 07:53, Russell Currey a écrit :
> On Fri, 2020-01-31 at 07:44 +0100, Christophe Leroy wrote:
>>
>> Le 31/01/2020 à 06:31, Russell Currey a écrit :
>>> + pr_info("attempting bad read at %px with write allowed\n",
>>> ptr);
>>> + tmp = *ptr;
>>> + tmp += 0xc0dec0de;
>>> + prevent_write_to_user(ptr, sizeof(unsigned long));
>>
>> Does it work ? I would have thought that if the read fails the
>> process
>> will die and the following test won't be performed.
>
> Correct, the ACCESS_USERSPACE test does the same thing. Splitting this
> into separate R and W tests makes sense, even if it is unlikely that
> one would be broken without the other.
>
Or once we are using user_access_begin() stuff, we can use
unsafe_put_user() and unsafe_get_user() which should return an error
instead of killing the caller.
Christophe
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
