From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH] arm64: fault: Don't populate ESR context for user fault on kernel VA
Date: Mon, 5 Mar 2018 17:24:19 +0000 [thread overview]
Message-ID: <20180305172418.GD12869@arm.com> (raw)
In-Reply-To: <20180305140506.GJ32331@e103592.cambridge.arm.com>
On Mon, Mar 05, 2018 at 02:05:06PM +0000, Dave Martin wrote:
> On Mon, Mar 05, 2018 at 10:31:15AM +0000, Will Deacon wrote:
> > User faults on kernel addresses are a good sign that the faulting task
> > is either up to no good or is in deep trouble. In such situations,
> > exposing the optional ESR context on the sigframe as part of the
> > delivered signal is only useful to attackers who are using information
> > about underlying hardware fault (e.g. translation vs permission) as a
> > mechanism to defeat KASLR.
> >
> > Remove the ESR context from the sigframe for user faults on kernel
> > addresses.
>
> As this wording suggests, this change causes esr_context to disappear
> entirely from the signal frame. Previously, I think user code could
> have relied on its being present for certain signals.
>
> Does Debian's codesearch throw up any nontrivial users of esr_context?
The main one seems to be ASAN, which uses the RnW bit to report "READ",
"WRITE" or "UNKNOWN". So with this change, the access will be treated as
UNKNOWN for kernel addresses.
Whilst I can see how that might cause a testsuite regression, I'm struggling
to see how it could sensible impact ASAN given that userspace never has
permission to access these addresses and so the fault should be treated as
fatal regardless of whether or not it's a read or a write.
Will
next prev parent reply other threads:[~2018-03-05 17:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-05 10:31 [RFC PATCH] arm64: fault: Don't populate ESR context for user fault on kernel VA Will Deacon
2018-03-05 13:27 ` Robin Murphy
2018-03-05 15:56 ` Will Deacon
2018-03-05 14:05 ` Dave Martin
2018-03-05 17:24 ` Will Deacon [this message]
2018-03-06 15:59 ` Peter Maydell
2018-03-06 16:05 ` Dave Martin
2018-03-06 17:54 ` Will Deacon
2018-03-07 10:50 ` Dave P Martin
2018-03-06 17:59 ` James Morse
2018-03-06 18:16 ` James Morse
2018-03-06 14:49 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180305172418.GD12869@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).