From: Oleg Nesterov <oleg@redhat.com>
To: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Denys Vlasenko <dvlasenk@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Jan Kratochvil <jan.kratochvil@redhat.com>,
Pedro Alves <palves@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>, X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/1] get_nr_restart_syscall() should return __NR_ia32_restart_syscall if __USER32_CS
Date: Tue, 28 Mar 2017 18:27:37 +0200 [thread overview]
Message-ID: <20170328162736.GA3983@redhat.com> (raw)
In-Reply-To: <CALCETrWgyLUae9w9HmXVfM0XmhUcP7fWo4H1Jx8jG7FdF7hURw@mail.gmail.com>
On 03/28, Andy Lutomirski wrote:
>
> On Tue, Mar 28, 2017 at 7:54 AM, Oleg Nesterov <oleg@redhat.com> wrote:
> > get_nr_restart_syscall() checks TS_I386_REGS_POKED but this bit is only
> > set if debugger is 32-bit. If a 64-bit debugger restores the registers
> > of a 32-bit debugee outside of syscall exit path get_nr_restart_syscall()
> > wrongly returns __NR_restart_syscall.
>
> I had sent a patch that introduced a new syscall nr, but it's not
> quite safe because it could break seccomp-using programs.
Ah, indeed...
> But your
> patch here is also screwy.
Yes, yes, it doesn't try to solve all possible problems, I even mentioned
this in the changelog.
> How about we store the syscall arch to be restored in task_struct
> along with restart_block?
Yes, perhaps we will have to finally do this. Not really nice too.
> the way there without heuristics as nasty as yours.
I agree it will be better, but I refuse to treat them as mine checks ;)
> P.S. __USER32_CS is the wrong check even if we used your approach.
> user_64bit_regs() is much better.
Yes, thanks. If only I understood what cs == pv_info.extra_user_64bit_cs
actually means...
OK, please ignore this patch, I'll try to make another fix.
Oleg.
next prev parent reply other threads:[~2017-03-28 16:28 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-28 14:54 [PATCH 0/1] get_nr_restart_syscall() should return __NR_ia32_restart_syscall if __USER32_CS Oleg Nesterov
2017-03-28 14:54 ` [PATCH 1/1] " Oleg Nesterov
2017-03-28 15:03 ` Andy Lutomirski
2017-03-28 16:27 ` Oleg Nesterov [this message]
2017-03-28 17:10 ` Andy Lutomirski
2017-03-29 15:05 ` Oleg Nesterov
2017-03-29 16:59 ` Andy Lutomirski
2017-03-30 15:28 ` Oleg Nesterov
2017-03-30 18:36 ` Andy Lutomirski
2017-03-29 16:33 ` syscall_get_error() && TS_ checks Oleg Nesterov
2017-03-29 16:45 ` Linus Torvalds
2017-03-29 16:55 ` Oleg Nesterov
2017-03-29 16:59 ` Linus Torvalds
2017-03-29 17:04 ` Oleg Nesterov
2017-03-29 17:16 ` Linus Torvalds
2017-03-29 18:50 ` Oleg Nesterov
2017-03-29 18:56 ` Linus Torvalds
2017-03-30 13:51 ` Oleg Nesterov
2017-03-30 15:49 ` Oleg Nesterov
2017-03-30 17:46 ` Linus Torvalds
2017-03-30 18:23 ` Andy Lutomirski
2017-03-30 18:35 ` Linus Torvalds
2017-03-30 18:59 ` Andy Lutomirski
2017-03-30 19:11 ` Linus Torvalds
2017-03-30 19:21 ` Andy Lutomirski
2017-03-30 19:29 ` Linus Torvalds
2017-03-29 16:56 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170328162736.GA3983@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=jan.kratochvil@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=palves@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.