From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933165AbcFTRSE (ORCPT <rfc822;w@1wt.eu>);
	Mon, 20 Jun 2016 13:18:04 -0400
Received: from mx1.redhat.com ([209.132.183.28]:32947 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756155AbcFTRR3 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 20 Jun 2016 13:17:29 -0400
Date: Mon, 20 Jun 2016 18:14:10 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Pedro Alves <pedro@palves.net>, Kees Cook <keescook@chromium.org>,
        Borislav Petkov <bp@alien8.de>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        X86 ML <x86@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] x86/ptrace: Remove questionable TS_COMPAT usage in
	ptrace
Message-ID: <20160620161409.GA29851@redhat.com>
References: <94bda8cd5f326ae5591c80fb5d7c1c22624accec.1466244711.git.luto@kernel.org> <b9f316ca-5f79-91f5-1d19-773679778357@palves.net> <CALCETrW9guyn4-SqKaPPvcr7cQ5DskwVSKu+WZhMkG5NZHciAg@mail.gmail.com> <CALCETrUBSGtvbnokoFWMW_CNmz-9R+ry85hd3NGkH8vMQtUdjw@mail.gmail.com> <20160620152424.GA28057@redhat.com> <CALCETrUTJkGHWZ=3yKa-myVhKrNuoJhtingKv4B+YbUu5ZX=2g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALCETrUTJkGHWZ=3yKa-myVhKrNuoJhtingKv4B+YbUu5ZX=2g@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 20 Jun 2016 17:16:53 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 06/20, Andy Lutomirski wrote:
>
> On Mon, Jun 20, 2016 at 8:24 AM, Oleg Nesterov <oleg@redhat.com> wrote:
> >
> > How about the simple change below for now? IIRC 32-bit task can't use
> > "syscall" so if syscall_get_nr() >= 0 then even the wrong TS_COMPAT is
> > not that bad, even if it "leaks" to user-mode.
>
> Hmm.  That should fix the minor security issue, but it will even
> further break cross-arch tracing: now a 32-bit tracer tracing a 64-bit
> task that does int $0x80 will malfunction even more than it would
> have.

This is broken in any case. I mean, a 32-bit debugger can't really
debug a 64-bit task.

I don't think this change makes the things really worse.

> Also, it relies on bizarre arch details IMO.

Heh,  it looks as if your patch do not ;)

> I think I prefer my version, coming momentarily.

I disagree... I don't really understand why do we need the additional
complications for the minimal fix which doesn't look very nice anyway.

But I won't argue, and your patch looks correct to me.

Oleg.