From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752508AbcFUPk4 (ORCPT ); Tue, 21 Jun 2016 11:40:56 -0400 Received: from mout.kundenserver.de ([212.227.126.135]:55045 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752450AbcFUPkz (ORCPT ); Tue, 21 Jun 2016 11:40:55 -0400 From: Arnd Bergmann To: Joseph Myers Cc: Yury Norov , libc-alpha@sourceware.org, linux-kernel@vger.kernel.org, catalin.marinas@arm.com, marcus.shawcroft@arm.com, philb@gnu.org, davem@davemloft.net, szabolcs.nagy@arm.com, maxim.kuvyrkov@linaro.org, pinskia@gmail.com Subject: Re: [PATCH 23/27] [AARCH64] delouse input arguments in system functions Date: Tue, 21 Jun 2016 17:42:39 +0200 Message-ID: <4477439.hqSlFvdEBH@wuerfel> User-Agent: KMail/5.1.3 (Linux/4.4.0-22-generic; KDE/5.18.0; x86_64; ; ) In-Reply-To: References: <1466485631-3532-1-git-send-email-ynorov@caviumnetworks.com> <1466485631-3532-25-git-send-email-ynorov@caviumnetworks.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Provags-ID: V03:K0:Wi2KgKAFZwX0BnHsP3RL3EDMywE+7O38/lsTv+VoMps+9/410KE eb33ci1nbnZpEXJmrqhPp6GJPQCo86/QKaJkiNZa70om1Y2J3aTUmfARVAREmCrxbH4xmhc KK4V/VSYHNpIRpJxId6ciCTubZfJjrYughm0Dzu1fyXtncoKIb6CXeY1Jb4MqhSW8hpa1B6 xpT9JnM/09nX67wZ+hfdA== X-UI-Out-Filterresults: notjunk:1;V01:K0:9lyGWP5Y+Gw=:T65ttYTnnyOy4hi/iFBazs tt424OZyoXo2CGcuqz9UXNrLdCvNb28Q2xLizZgYshVt6uh/joHxg0mGUn8NbrxgNZo4hgMvf DPukONeNHQbZM+kx1vnDBcpydzBycF93/p6ZaHq0VwKQt2URtMDSYSG5NuybT/2gQHnsrHAC9 WnPlVCRYr/eqwF8EVydOSJD5Ku4pvn+NnrlvAc/bb7Ki8fWS97bd9YhvWWq4czLAWHAbusoa7 VTGOCYWCbm/TPbBGZ6eRNfA+/14IwuYgw6yB3WqC+H5w0SGi6Gh77HnLVs0vhOr7Q81OtjH27 NCf5/AM0GZBaSEQW5dO2slra/IPWyt4YRRBYJHGLyCcBjo03VSjKNqiHL7wkH4NrczqlL0pMI QVgsmE/UGG9/xAuj1ywNbq+AN7ATL/0UXRjkvJzDufZQ7vzphZSXBq4b6PsgcogaAHOyCoS6F hBZNHzsc00WRml7CB0TSy1eVNnBENKcXaZnVrs5apFh5N4yxmAjurUIGtzRue98pkcfk0pn0i FV+fqOydzI94q/kWNrcLlnaicrK5mz9oezwhXfiDa8RxFHx0vWyJv76VhFJTOKazUwPTRbgQm RfOQFz07a+kgn8jEPGfYgWgbOmkiTWmNkvd/dvrqxAu+wflBfHGo36UkjAPSEtsu1OUb1Bdte sDwm+hDkgKpi79543mamKxZH2Tq16R7N9HTZOX6xkEFa/GVkc41n5zDzMa7eCnUTZYnBQxJSi BQFg6rdqSUJBZfyx Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tuesday, June 21, 2016 10:36:53 AM CEST Joseph Myers wrote: > On Tue, 21 Jun 2016, Yury Norov wrote: > > > Signed-off-by: Yury Norov > > You're missing a patch description. What does "delouse" even mean? What > is the ABI peculiarity that means there are ABI-conforming arguments to > these functions that need such a manipulation? > This is the term the kernel uses for making sure that no system call from user space passes data in the upper bits of the argument registers, which could end up being used in an exploit when the calling conventions between functions assume that the upper bits contain zeroes. I don't think there is any point in doing this in glibc though: we can safely assume that any application calling into glibc follows the documented calling conventions (it would otherwise be a bug), but the kernel still has to zero those registers because malicious user space code would simply execute the system call instruction directly instead of calling into glibc... Arnd