From: Andy Lutomirski <luto@kernel.org>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, Brian Gerst <brgerst@gmail.com>,
Borislav Petkov <bp@alien8.de>, Jann Horn <jann@thejh.net>,
Linux API <linux-api@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Tycho Andersen <tycho.andersen@canonical.com>,
Andy Lutomirski <luto@kernel.org>
Subject: [PATCH 0/3] ABI CHANGE!!! Remove questionable remote SP reads
Date: Fri, 30 Sep 2016 10:58:55 -0700 [thread overview]
Message-ID: <cover.1475257877.git.luto@kernel.org> (raw)
Jann Horn noticed that KSTK_ESP + eager task stack freeing was a bad
combination and could crash. I could very easily fix it to not
crash, but I think that using KSTK_ESP on a remote task is
questionable in general. Therefore, I propose to get rid of the
major users for 4.9.
This series makes two ABI changes:
- /proc/PID/stat will show 0 0 instead of esp eip. I don't think
that the esp and eip fields were ever reliable unless the target
task was being ptraced by the reading task, and ptrace(2) gives a
far better interface to the same thing in this case. On the flip
side, these fields could leak kernel addresses under some
circumstances on some arches if the target task is running or was
interrupted (on a remote CPU or preempted on the local CPU) in an
inconvenient place.
I suspect it made sense when everything was single-CPU and non-
preemptible, which implied that the target task *had* to be
sleeping in something resembling normal kernel code, but that
hasn't been the case for a long time.
- /proc/PID/task/TID/maps did some interesting things to guess which
vma was the stack. This behavior is recent and IMO dangerously
racy. I'd like to get rid of it.
This is a little late so, if there is significant objection, I'll
just do the easy fix for 4.9 and resubmit for 4.10.
Andy Lutomirski (3):
proc: Stop reporting eip and esp in /proc/PID/stat
proc: Stop trying to report thread stacks
mm: Change vm_is_stack_for_task() to vm_is_stack_for_current()
Documentation/filesystems/proc.txt | 26 --------------------------
fs/proc/array.c | 9 +++++----
fs/proc/task_mmu.c | 29 ++++++++++-------------------
fs/proc/task_nommu.c | 28 ++++++++++------------------
include/linux/mm.h | 2 +-
mm/util.c | 4 +++-
security/selinux/hooks.c | 2 +-
7 files changed, 30 insertions(+), 70 deletions(-)
--
2.7.4
next reply other threads:[~2016-09-30 17:59 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-30 17:58 Andy Lutomirski [this message]
2016-09-30 17:58 ` [PATCH 1/3] proc: Stop reporting eip and esp in /proc/PID/stat Andy Lutomirski
2016-09-30 18:56 ` Jann Horn
2016-10-01 2:01 ` Andy Lutomirski
2016-10-01 4:22 ` Linus Torvalds
2016-10-01 10:37 ` Jann Horn
2016-10-14 18:25 ` Andy Lutomirski
2016-10-14 20:01 ` Tycho Andersen
2016-10-20 11:13 ` [tip:mm/urgent] fs/proc: " tip-bot for Andy Lutomirski
2016-11-01 14:36 ` [4.9-rc3] BUG: unable to handle kernel paging request at ffffc900144dfc60 Tetsuo Handa
2016-11-01 23:47 ` Linus Torvalds
2016-11-02 10:50 ` Tetsuo Handa
2016-11-02 14:05 ` Andy Lutomirski
2016-11-02 14:54 ` Linus Torvalds
2016-11-03 6:32 ` Ingo Molnar
2016-11-03 7:09 ` [tip:sched/urgent] sched/core: Fix oops in sched_show_task() tip-bot for Tetsuo Handa
2016-11-03 7:10 ` [tip:sched/urgent] sched/core: Remove pointless printout " tip-bot for Linus Torvalds
2016-09-30 17:58 ` [PATCH 2/3] proc: Stop trying to report thread stacks Andy Lutomirski
2016-10-20 11:13 ` [tip:mm/urgent] fs/proc: " tip-bot for Andy Lutomirski
2016-09-30 17:58 ` [PATCH 3/3] mm: Change vm_is_stack_for_task() to vm_is_stack_for_current() Andy Lutomirski
2016-10-20 11:14 ` [tip:mm/urgent] " tip-bot for Andy Lutomirski
2016-10-03 23:08 ` [PATCH 0/3] ABI CHANGE!!! Remove questionable remote SP reads Andy Lutomirski
2016-10-03 23:17 ` Linus Torvalds
2016-10-04 7:06 ` Raymond Jennings
2016-10-14 18:26 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1475257877.git.luto@kernel.org \
--to=luto@kernel.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=jann@thejh.net \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho.andersen@canonical.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).