From: Dmitry Safonov <dsafonov@virtuozzo.com>
To: <hpa@zytor.com>, <linux-kernel@vger.kernel.org>
Cc: <0x7f454c46@gmail.com>, Adam Borowski <kilobyte@angband.pl>,
<linux-mm@kvack.org>, Andrei Vagin <avagin@gmail.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Borislav Petkov <bp@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
<x86@kernel.org>, Andy Lutomirski <luto@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCHv2] x86/mm: set x32 syscall bit in SET_PERSONALITY()
Date: Tue, 21 Mar 2017 20:27:58 +0300 [thread overview]
Message-ID: <588170c1-5188-d4da-b2db-8e335db98f48@virtuozzo.com> (raw)
In-Reply-To: <43DEF3C4-B248-4720-8088-415C043B74BF@zytor.com>
On 03/21/2017 08:27 PM, hpa@zytor.com wrote:
> On March 21, 2017 9:37:12 AM PDT, Dmitry Safonov <dsafonov@virtuozzo.com> wrote:
>> After my changes to mmap(), its code now relies on the bitness of
>> performing syscall. According to that, it chooses the base of
>> allocation:
>> mmap_base for 64-bit mmap() and mmap_compat_base for 32-bit syscall.
>> It was done by:
>> commit 1b028f784e8c ("x86/mm: Introduce mmap_compat_base() for
>> 32-bit mmap()").
>>
>> The code afterwards relies on in_compat_syscall() returning true for
>> 32-bit syscalls. It's usually so while we're in context of application
>> that does 32-bit syscalls. But during exec() it is not valid for x32
>> ELF.
>> The reason is that the application hasn't yet done any syscall, so x32
>> bit has not being set.
>> That results in -ENOMEM for x32 ELF files as there fired BAD_ADDR()
>> in elf_map(), that is called from do_execve()->load_elf_binary().
>> For i386 ELFs it works as SET_PERSONALITY() sets TS_COMPAT flag.
>>
>> I suggest to set x32 bit before first return to userspace, during
>> setting personality at exec(). This way we can rely on
>> in_compat_syscall() during exec().
>>
>> Fixes: commit 1b028f784e8c ("x86/mm: Introduce mmap_compat_base() for
>> 32-bit mmap()")
>> Cc: 0x7f454c46@gmail.com
>> Cc: linux-mm@kvack.org
>> Cc: Andrei Vagin <avagin@gmail.com>
>> Cc: Cyrill Gorcunov <gorcunov@openvz.org>
>> Cc: Borislav Petkov <bp@suse.de>
>> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
>> Cc: x86@kernel.org
>> Cc: H. Peter Anvin <hpa@zytor.com>
>> Cc: Andy Lutomirski <luto@kernel.org>
>> Cc: Ingo Molnar <mingo@redhat.com>
>> Cc: Thomas Gleixner <tglx@linutronix.de>
>> Reported-by: Adam Borowski <kilobyte@angband.pl>
>> Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
>> ---
>> v2:
>> - specifying mmap() allocation path which failed during exec()
>> - fix comment style
>>
>> arch/x86/kernel/process_64.c | 10 ++++++++--
>> 1 file changed, 8 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/kernel/process_64.c
>> b/arch/x86/kernel/process_64.c
>> index d6b784a5520d..d3d4d9abcaf8 100644
>> --- a/arch/x86/kernel/process_64.c
>> +++ b/arch/x86/kernel/process_64.c
>> @@ -519,8 +519,14 @@ void set_personality_ia32(bool x32)
>> if (current->mm)
>> current->mm->context.ia32_compat = TIF_X32;
>> current->personality &= ~READ_IMPLIES_EXEC;
>> - /* in_compat_syscall() uses the presence of the x32
>> - syscall bit flag to determine compat status */
>> + /*
>> + * in_compat_syscall() uses the presence of the x32
>> + * syscall bit flag to determine compat status.
>> + * On the bitness of syscall relies x86 mmap() code,
>> + * so set x32 syscall bit right here to make
>> + * in_compat_syscall() work during exec().
>> + */
>> + task_pt_regs(current)->orig_ax |= __X32_SYSCALL_BIT;
>> current->thread.status &= ~TS_COMPAT;
>> } else {
>> set_thread_flag(TIF_IA32);
>
> You also need to clear the bit for an x32 -> x86-64 exec. Otherwise it seems okay to me.
Oh, indeed!
Thanks for catching, I'll send v3 with it.
--
Dmitry
WARNING: multiple messages have this Message-ID (diff)
From: Dmitry Safonov <dsafonov@virtuozzo.com>
To: hpa@zytor.com, linux-kernel@vger.kernel.org
Cc: 0x7f454c46@gmail.com, Adam Borowski <kilobyte@angband.pl>,
linux-mm@kvack.org, Andrei Vagin <avagin@gmail.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Borislav Petkov <bp@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
x86@kernel.org, Andy Lutomirski <luto@kernel.org>,
Ingo Molnar <mingo@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCHv2] x86/mm: set x32 syscall bit in SET_PERSONALITY()
Date: Tue, 21 Mar 2017 20:27:58 +0300 [thread overview]
Message-ID: <588170c1-5188-d4da-b2db-8e335db98f48@virtuozzo.com> (raw)
In-Reply-To: <43DEF3C4-B248-4720-8088-415C043B74BF@zytor.com>
On 03/21/2017 08:27 PM, hpa@zytor.com wrote:
> On March 21, 2017 9:37:12 AM PDT, Dmitry Safonov <dsafonov@virtuozzo.com> wrote:
>> After my changes to mmap(), its code now relies on the bitness of
>> performing syscall. According to that, it chooses the base of
>> allocation:
>> mmap_base for 64-bit mmap() and mmap_compat_base for 32-bit syscall.
>> It was done by:
>> commit 1b028f784e8c ("x86/mm: Introduce mmap_compat_base() for
>> 32-bit mmap()").
>>
>> The code afterwards relies on in_compat_syscall() returning true for
>> 32-bit syscalls. It's usually so while we're in context of application
>> that does 32-bit syscalls. But during exec() it is not valid for x32
>> ELF.
>> The reason is that the application hasn't yet done any syscall, so x32
>> bit has not being set.
>> That results in -ENOMEM for x32 ELF files as there fired BAD_ADDR()
>> in elf_map(), that is called from do_execve()->load_elf_binary().
>> For i386 ELFs it works as SET_PERSONALITY() sets TS_COMPAT flag.
>>
>> I suggest to set x32 bit before first return to userspace, during
>> setting personality at exec(). This way we can rely on
>> in_compat_syscall() during exec().
>>
>> Fixes: commit 1b028f784e8c ("x86/mm: Introduce mmap_compat_base() for
>> 32-bit mmap()")
>> Cc: 0x7f454c46@gmail.com
>> Cc: linux-mm@kvack.org
>> Cc: Andrei Vagin <avagin@gmail.com>
>> Cc: Cyrill Gorcunov <gorcunov@openvz.org>
>> Cc: Borislav Petkov <bp@suse.de>
>> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
>> Cc: x86@kernel.org
>> Cc: H. Peter Anvin <hpa@zytor.com>
>> Cc: Andy Lutomirski <luto@kernel.org>
>> Cc: Ingo Molnar <mingo@redhat.com>
>> Cc: Thomas Gleixner <tglx@linutronix.de>
>> Reported-by: Adam Borowski <kilobyte@angband.pl>
>> Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
>> ---
>> v2:
>> - specifying mmap() allocation path which failed during exec()
>> - fix comment style
>>
>> arch/x86/kernel/process_64.c | 10 ++++++++--
>> 1 file changed, 8 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/kernel/process_64.c
>> b/arch/x86/kernel/process_64.c
>> index d6b784a5520d..d3d4d9abcaf8 100644
>> --- a/arch/x86/kernel/process_64.c
>> +++ b/arch/x86/kernel/process_64.c
>> @@ -519,8 +519,14 @@ void set_personality_ia32(bool x32)
>> if (current->mm)
>> current->mm->context.ia32_compat = TIF_X32;
>> current->personality &= ~READ_IMPLIES_EXEC;
>> - /* in_compat_syscall() uses the presence of the x32
>> - syscall bit flag to determine compat status */
>> + /*
>> + * in_compat_syscall() uses the presence of the x32
>> + * syscall bit flag to determine compat status.
>> + * On the bitness of syscall relies x86 mmap() code,
>> + * so set x32 syscall bit right here to make
>> + * in_compat_syscall() work during exec().
>> + */
>> + task_pt_regs(current)->orig_ax |= __X32_SYSCALL_BIT;
>> current->thread.status &= ~TS_COMPAT;
>> } else {
>> set_thread_flag(TIF_IA32);
>
> You also need to clear the bit for an x32 -> x86-64 exec. Otherwise it seems okay to me.
Oh, indeed!
Thanks for catching, I'll send v3 with it.
--
Dmitry
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-03-21 17:33 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-21 16:37 [PATCHv2] x86/mm: set x32 syscall bit in SET_PERSONALITY() Dmitry Safonov
2017-03-21 16:37 ` Dmitry Safonov
2017-03-21 17:17 ` Cyrill Gorcunov
2017-03-21 17:17 ` Cyrill Gorcunov
2017-03-21 17:45 ` Andy Lutomirski
2017-03-21 17:45 ` Andy Lutomirski
2017-03-21 18:05 ` [Q] Figuring out task mode Cyrill Gorcunov
2017-03-21 18:05 ` Cyrill Gorcunov
2017-03-21 23:54 ` Andy Lutomirski
2017-03-21 23:54 ` Andy Lutomirski
2017-03-21 18:09 ` [PATCHv2] x86/mm: set x32 syscall bit in SET_PERSONALITY() Dmitry Safonov
2017-03-21 18:09 ` Dmitry Safonov
2017-03-21 18:40 ` Cyrill Gorcunov
2017-03-21 18:40 ` Cyrill Gorcunov
2017-03-21 18:51 ` hpa
2017-03-21 18:51 ` hpa
2017-03-21 19:07 ` Cyrill Gorcunov
2017-03-21 19:07 ` Cyrill Gorcunov
2017-03-21 19:20 ` hpa
2017-03-21 19:20 ` hpa
2017-03-21 19:19 ` Dmitry Safonov
2017-03-21 19:19 ` Dmitry Safonov
2017-03-21 19:24 ` Cyrill Gorcunov
2017-03-21 19:24 ` Cyrill Gorcunov
2017-03-21 19:34 ` Dmitry Safonov
2017-03-21 19:34 ` Dmitry Safonov
2017-03-21 19:31 ` Andy Lutomirski
2017-03-21 19:31 ` Andy Lutomirski
2017-03-21 19:34 ` Cyrill Gorcunov
2017-03-21 19:34 ` Cyrill Gorcunov
2017-03-21 19:42 ` Dmitry Safonov
2017-03-21 19:42 ` Dmitry Safonov
2017-03-21 20:04 ` Dmitry Safonov
2017-03-21 20:04 ` Dmitry Safonov
2017-03-21 18:49 ` hpa
2017-03-21 18:49 ` hpa
2017-03-21 17:27 ` hpa
2017-03-21 17:27 ` hpa
2017-03-21 17:27 ` Dmitry Safonov [this message]
2017-03-21 17:27 ` Dmitry Safonov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=588170c1-5188-d4da-b2db-8e335db98f48@virtuozzo.com \
--to=dsafonov@virtuozzo.com \
--cc=0x7f454c46@gmail.com \
--cc=avagin@gmail.com \
--cc=bp@suse.de \
--cc=gorcunov@openvz.org \
--cc=hpa@zytor.com \
--cc=kilobyte@angband.pl \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.