Follow @Openwall on Twitter for new release announcements and other news
[<prev] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Apr 2022 20:21:50 +0200
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: pCFI  false positive

Hi Li,

Thanks for the informaiton. Would you be able to submit PR for this changes?

Thanks,
Adam

On Thu, Apr 14, 2022 at 06:08:53PM +0800, 李诚(允诚) wrote:
> 
> 
> Hi,all
>      I tested lkrg-0.9.2 on an ARM64 board, and met a pCFI false positive issue about 
> "Stack pointer corruption (ROP?)" for  the security_capable() function.
> 
>    I found that sometimes the security_capable() may be called in the interrupt context , 
> then the p_ed_enforce_pcfi() would warn about the stack pointer mismatch and kill the 
> victim process.
> 
>   Maybe the p_ed_enforce_pcfi() should use (unsigned long)p_task->stack if it finds that
> p_regs_get_sp(p_regs) belongs to the irq_stack ?
> 
> thanks and best regards,
> 
> Li Cheng

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.