From: Andy Lutomirski <luto@amacapital.net>
To: Ingo Molnar <mingo@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>,
"security@kernel.org" <security@kernel.org>,
X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Rudolf Marek <r.marek@assembler.cz>,
Denys Vlasenko <dvlasenk@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH v3 2/7] x86/arch_prctl: Fix ARCH_GET_FS and ARCH_GET_GS
Date: Fri, 8 Apr 2016 09:03:12 -0700 [thread overview]
Message-ID: <CALCETrUjtfZDnpcAWVR94ubf3UEhPykRU-EhQDS6JSdCaZhuwQ@mail.gmail.com> (raw)
In-Reply-To: <20160408071354.GB22579@gmail.com>
On Fri, Apr 8, 2016 at 12:13 AM, Ingo Molnar <mingo@kernel.org> wrote:
>
> * Andy Lutomirski <luto@kernel.org> wrote:
>
>> ARCH_GET_FS and ARCH_GET_GS attempted to figure out the fsbase and
>> gsbase respectively from saved thread state. This was wrong: fsbase
>> and gsbase live in registers while a thread is running, not in
>> memory.
>
> So I'm wondering, the current code looks totally broken,what user-space code can
> possibly use this? I checked glibc and Wine, and neither of them does. Wine uses
> ARCH_SET_GS and glibc uses ARCH_SET_FS, but that's all - neither actually tries to
> use the ARCH_GET_* reading APIs.
>
> So for backporting purposes I'd be much happier about simply returning -EINVAL or
> -ENOSYS, and we could re-introduce this code in v4.7.
>
Let's just not backport this one. There's no security issue here. If
you like the rest of the series, can you remove the stable tag from
this patch when you apply it?
I think the old code was at least correct enough that if you did
ARCH_GET_FS after ARCH_SET_FS with no funny business in between, it
would work.
--Andy
--
Andy Lutomirski
AMA Capital Management, LLC
next prev parent reply other threads:[~2016-04-08 16:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-08 0:31 [PATCH v3 0/7] x86: Pile o' FS/GS changes Andy Lutomirski
2016-04-08 0:31 ` [PATCH v3 1/7] selftests/x86: Test the FSBASE/GSBASE API and context switching Andy Lutomirski
2016-04-13 11:28 ` [tip:x86/asm] " tip-bot for Andy Lutomirski
2016-04-08 0:31 ` [PATCH v3 5/7] x86/cpu: Move X86_BUG_ESPFIX initialization to generic_identify Andy Lutomirski
2016-04-13 11:30 ` [tip:x86/asm] x86/cpu: Move X86_BUG_ESPFIX initialization to generic_identify() tip-bot for Andy Lutomirski
2016-04-08 0:31 ` [PATCH v3 7/7] x86/entry: Make gs_change a local label Andy Lutomirski
2016-04-13 11:31 ` [tip:x86/asm] x86/entry/64: " tip-bot for Borislav Petkov
[not found] ` <aec6b2df1bfc56101d4e9e2e5d5d570bf41663c6.1460075211.git.luto@kernel.org>
2016-04-08 1:40 ` [PATCH v3 6/7] x86/cpu: Add Erratum 88 detection on AMD Andy Lutomirski
2016-04-08 9:51 ` Borislav Petkov
2016-04-13 11:30 ` [tip:x86/asm] " tip-bot for Borislav Petkov
[not found] ` <c6e7b507c72ca3bdbf6c7a8a3ceaa0334e873bd9.1460075211.git.luto@kernel.org>
2016-04-08 7:13 ` [PATCH v3 2/7] x86/arch_prctl: Fix ARCH_GET_FS and ARCH_GET_GS Ingo Molnar
2016-04-08 9:39 ` Dmitry Safonov
2016-04-08 16:03 ` Andy Lutomirski [this message]
2016-04-13 11:29 ` [tip:x86/asm] " tip-bot for Andy Lutomirski
2016-04-08 10:39 ` [PATCH v3 0/7] x86: Pile o' FS/GS changes Borislav Petkov
2016-04-08 10:40 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrUjtfZDnpcAWVR94ubf3UEhPykRU-EhQDS6JSdCaZhuwQ@mail.gmail.com \
--to=luto@amacapital.net \
--cc=bp@alien8.de \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=r.marek@assembler.cz \
--cc=security@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).