Re: [RFC PATCH for 4.18 1/2] rseq: validate rseq_cs fields are < TASK_SIZE

From: Linus Torvalds
Date: Thu Jun 28 2018 - 20:18:40 EST

Next message: Stanley Chu: "[PATCH v4 4/5] clocksource/drivers/timer-mediatek: Convert the driver to timer-of"
Previous message: Stanley Chu: "[PATCH v4 2/5] clocksource/drivers/timer-mediatek: Rename mtk_timer to timer-mediatek"
In reply to: Andy Lutomirski: "Re: [RFC PATCH for 4.18 1/2] rseq: validate rseq_cs fields are < TASK_SIZE"
Next in thread: Mathieu Desnoyers: "Re: [RFC PATCH for 4.18 1/2] rseq: validate rseq_cs fields are < TASK_SIZE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 28, 2018 at 4:30 PM Andy Lutomirski <luto@xxxxxxxxxx> wrote:
>
> The idea is that, if someone screws up and sticks a number like
> 0xbaadf00d00045678 into their rseq abort_ip in a 32-bit x86 program
> (when they actually mean 0x00045678), we want to something consistent.

I think the "something consistent" is perfectly fine with just "it won't work".

Make it do

if (rseq_cs->abort_ip != (unsigned long)rseq_cs->abort_ip)
return -EINVAL;

at abort time.

Done.

If it's a 32-bit kernel, the above will reject the thing, and if it's
a 64-bit kernel, it will be a no-op, but the abort won't work in a
32-bit caller.

Problem solved.

Linus

Next message: Stanley Chu: "[PATCH v4 4/5] clocksource/drivers/timer-mediatek: Convert the driver to timer-of"
Previous message: Stanley Chu: "[PATCH v4 2/5] clocksource/drivers/timer-mediatek: Rename mtk_timer to timer-mediatek"
In reply to: Andy Lutomirski: "Re: [RFC PATCH for 4.18 1/2] rseq: validate rseq_cs fields are < TASK_SIZE"
Next in thread: Mathieu Desnoyers: "Re: [RFC PATCH for 4.18 1/2] rseq: validate rseq_cs fields are < TASK_SIZE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]