From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754983AbcEYPdI (ORCPT ); Wed, 25 May 2016 11:33:08 -0400 Received: from mail.skyhub.de ([78.46.96.112]:44286 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754698AbcEYPdF (ORCPT ); Wed, 25 May 2016 11:33:05 -0400 Date: Wed, 25 May 2016 17:33:01 +0200 From: Borislav Petkov To: Andy Lutomirski Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Kees Cook , Brian Gerst Subject: Re: [PATCH 7/7] x86/uaccess: OOPS or warn on a fault with KERNEL_DS and !pagefault_disabled() Message-ID: <20160525153301.GE4420@pd.tnic> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 24, 2016 at 03:48:44PM -0700, Andy Lutomirski wrote: > + if (unlikely(!is_user_ds && !pagefault_disabled())) { > + if (extra < TASK_SIZE_MAX) { > + /* > + * Accessing user address under KERNEL_DS. This is a > + * bug and should be fixed, but OOPSing is not helpful > + * for exploit mitigation. > + */ > + WARN_ONCE(1, "BUG: uaccess fault at 0x%lx with KERNEL_DS\n", WARN and BUG? Also, let's have this string and the one below differ for finding out where we are during debugging. > + extra); > + } else { > + /* > + * If a bug that allows user-controlled KERNEL_DS > + * access exists, this will prevent it from being used > + * to trivially bypass kASLR. > + */ > + pr_crit("BUG: uaccess fault at 0x%lx with KERNEL_DS\n", > + extra); -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply.