From: Dave Hansen <dave@sr71.net>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>, X86 ML <x86@kernel.org>
Subject: Re: [RFC][PATCH 0/8] x86, mpx: Support 32-bit binaries on 64-bit kernels
Date: Sat, 13 Dec 2014 07:50:53 -0800 [thread overview]
Message-ID: <548C605D.2040106@sr71.net> (raw)
In-Reply-To: <CALCETrXt4yi6GC1f-gRYRYHuOue0-RfCWhQqJL0XK0hdUurDxA@mail.gmail.com>
On 12/12/2014 05:45 PM, Andy Lutomirski wrote:
> I was thinking of this:
>
> + if (is_64bit_mm(mm)) {
> + vaddr_space_size = 1ULL << __VIRTUAL_MASK_SHIFT;
> + bd_entry_virt_space = vaddr_space_size / MPX_BD_NR_ENTRIES_64;
> + /*
> + * __VIRTUAL_MASK takes the 64-bit addressing hole
> + * in to accout. This is a noop on 32-bit.
> + */
> + addr &= __VIRTUAL_MASK;
> + return addr / bd_entry_virt_space;
> + } else {
> + vaddr_space_size = (1ULL << 32);
> + bd_entry_virt_space = vaddr_space_size / MPX_BD_NR_ENTRIES_32;
> + return addr / bd_entry_virt_space;
> + }
>
> Is there a scenario in which the return value ends up being insanely
> high? If so, does it matter?
Yes, it will be insanely high for a 32-bit process. The kernel could go
looking for the bounds directory entry at some bonkers virtual address
that makes no sense on 32-bit.
But, that bonkers address is still treated as coming from userspace.
The kernel will go and dereference it via a get_user(), fault, notice
the bad address and kill the process.
next prev parent reply other threads:[~2014-12-13 15:50 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-12 19:12 [RFC][PATCH 0/8] x86, mpx: Support 32-bit binaries on 64-bit kernels Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 1/8] x86: make is_64bit_mm() widely available Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 2/8] x86: make __VIRTUAL_MASK safe to use on 32 bit Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 3/8] x86, mpx: we do not allocate the bounds directory Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 4/8] x86, mpx: remove redundant MPX_BNDCFG_ADDR_MASK Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 5/8] x86, mpx: Add temporary variable to reduce masking Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 6/8] x86, mpx: new directory entry to addr helper Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 7/8] x86, mpx: do 32-bit-only cmpxchg for 32-bit apps Dave Hansen
2014-12-12 19:12 ` [RFC][PATCH 8/8] x86, mpx: support 32bit binaries on 64bit kernel Dave Hansen
2014-12-12 20:22 ` [RFC][PATCH 0/8] x86, mpx: Support 32-bit binaries on 64-bit kernels Andy Lutomirski
2014-12-12 20:27 ` Dave Hansen
2014-12-12 20:48 ` Andy Lutomirski
2014-12-12 21:41 ` Dave Hansen
2014-12-12 23:04 ` Andy Lutomirski
2014-12-12 23:16 ` Dave Hansen
2014-12-13 0:11 ` Andy Lutomirski
2014-12-13 0:23 ` Dave Hansen
2014-12-13 1:45 ` Andy Lutomirski
2014-12-13 15:50 ` Dave Hansen [this message]
2014-12-12 20:27 ` Andy Lutomirski
2014-12-12 20:35 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=548C605D.2040106@sr71.net \
--to=dave@sr71.net \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.