From: Arnd Bergmann <arnd@arndb.de>
To: Joseph Myers <joseph@codesourcery.com>
Cc: Yury Norov <ynorov@caviumnetworks.com>,
libc-alpha@sourceware.org, linux-kernel@vger.kernel.org,
catalin.marinas@arm.com, marcus.shawcroft@arm.com, philb@gnu.org,
davem@davemloft.net, szabolcs.nagy@arm.com,
maxim.kuvyrkov@linaro.org, pinskia@gmail.com
Subject: Re: [PATCH 23/27] [AARCH64] delouse input arguments in system functions
Date: Tue, 21 Jun 2016 17:42:39 +0200 [thread overview]
Message-ID: <4477439.hqSlFvdEBH@wuerfel> (raw)
In-Reply-To: <alpine.DEB.2.20.1606211035510.4526@digraph.polyomino.org.uk>
On Tuesday, June 21, 2016 10:36:53 AM CEST Joseph Myers wrote:
> On Tue, 21 Jun 2016, Yury Norov wrote:
>
> > Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>
>
> You're missing a patch description. What does "delouse" even mean? What
> is the ABI peculiarity that means there are ABI-conforming arguments to
> these functions that need such a manipulation?
>
This is the term the kernel uses for making sure that no system call
from user space passes data in the upper bits of the argument registers,
which could end up being used in an exploit when the calling conventions
between functions assume that the upper bits contain zeroes.
I don't think there is any point in doing this in glibc though: we
can safely assume that any application calling into glibc follows
the documented calling conventions (it would otherwise be a bug),
but the kernel still has to zero those registers because malicious
user space code would simply execute the system call instruction
directly instead of calling into glibc...
Arnd
next prev parent reply other threads:[~2016-06-21 15:40 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-21 5:06 [RFC PATCH 00/27] ARM64: support ILP32 Yury Norov
2016-06-21 5:06 ` [PATCH 01/27] [AARCH64] Fix utmp struct for compatibility reasons Yury Norov
2016-06-21 10:14 ` Szabolcs Nagy
2016-06-23 4:35 ` Yury Norov
2016-06-23 5:07 ` Andrew Pinski
2016-06-23 7:32 ` Andreas Schwab
2016-06-23 7:36 ` Yury Norov
2016-06-23 7:37 ` Andrew Pinski
2016-06-24 11:33 ` Florian Weimer
2016-06-23 7:36 ` Andrew Pinski
2016-06-23 7:56 ` Andreas Schwab
2016-06-24 11:38 ` Florian Weimer
2016-06-25 23:26 ` Andrew Pinski
2016-06-26 6:13 ` Yury Norov
2016-06-21 10:24 ` Joseph Myers
2016-06-21 5:06 ` [PATCH] no wrappers Yury Norov
2016-06-21 6:04 ` Yury Norov
2016-06-21 5:06 ` [PATCH 02/27] [AARCH64] Add header guards to sysdep.h headers Yury Norov
2016-06-21 10:23 ` Szabolcs Nagy
2016-06-21 5:06 ` [PATCH 03/27] Add dynamic ILP32 AARCH64 relocations to elf.h Yury Norov
2016-06-21 10:26 ` Joseph Myers
2016-06-21 5:06 ` [PATCH 04/27] [AARCH64] Add PTR_REG, PTR_LOG_SIZE, and PTR_SIZE. Use it in LDST_PCREL and LDST_GLOBAL Yury Norov
2016-06-21 7:54 ` Andreas Schwab
2016-06-21 8:36 ` Yury Norov
2016-06-21 9:13 ` Andreas Schwab
2016-06-21 5:06 ` [PATCH 05/27] [AARCH64] Use PTR_REG in crti.S Yury Norov
2016-06-21 10:28 ` Joseph Myers
2016-06-22 6:02 ` Yury Norov
2016-06-22 7:45 ` Andreas Schwab
2016-06-22 10:37 ` Joseph Myers
2016-06-21 5:06 ` [PATCH 06/27] [AARCH64] Use PTR_REG/PTR_SIZE/PTR_SIZE_LOG in dl-tlsesc.S Yury Norov
2016-06-21 8:05 ` Andreas Schwab
2016-06-21 5:06 ` [PATCH 07/27] [AARCH64] Use PTR_* macros in dl-trampoline.S Yury Norov
2016-06-21 5:06 ` [PATCH 08/27] [AARCH64] Use PTR_* in start.S Yury Norov
2016-06-21 5:06 ` [PATCH 09/27] [AARCH64] Use PTR_REG in getcontext.S Yury Norov
2016-06-21 5:06 ` [PATCH 10/27] [AARCH64] Detect ILP32 in configure scripts Yury Norov
2016-06-21 8:01 ` Andreas Schwab
2016-06-21 10:30 ` Joseph Myers
2016-06-21 5:06 ` [PATCH 11/27] [AARCH64] Syscalls for ILP32 are passed always via 64bit values Yury Norov
2016-06-21 7:56 ` Andreas Schwab
2016-06-21 11:42 ` Zhangjian (Bamvor)
2016-06-21 11:54 ` Andreas Schwab
2016-06-21 11:57 ` Zhangjian (Bamvor)
2016-06-22 15:49 ` Catalin Marinas
2016-06-23 6:32 ` Yury Norov
2016-06-21 5:06 ` [PATCH 12/27] [AARCH64] Add ILP32 support to elf_machine_load_address Yury Norov
2016-06-21 5:06 ` [PATCH 13/27] [AARCH64] Set up wordsize for ILP32 Yury Norov
2016-06-21 5:06 ` [PATCH 14/27] [AARCH64] Add ILP32 to makefiles Yury Norov
2016-06-21 5:06 ` [PATCH 15/27] [AARCH64] Add support to ldconfig for ILP32 and libilp32 Yury Norov
2016-06-21 7:59 ` Andreas Schwab
2016-06-21 5:07 ` [PATCH 16/27] [AARCH64] Add ILP32 ld.so to the known interpreter names Yury Norov
2016-06-21 5:07 ` [PATCH 17/27] [AARCH64] Add ldd-rewrite.sed so that ilp32 ld.so can be found Yury Norov
2016-06-21 5:07 ` [PATCH 18/27] [AARCH64] Add kernel_sigaction.h for AARCH64 ILP32 Yury Norov
2016-06-21 7:45 ` Andreas Schwab
2016-06-21 7:52 ` Zhangjian (Bamvor)
2016-06-21 5:07 ` [PATCH 19/27] [AARCH64] Add typesizes.h for ILP32 Yury Norov
2016-06-21 7:58 ` Andreas Schwab
2016-06-21 11:59 ` Zhangjian (Bamvor)
2016-06-23 4:54 ` Yury Norov
2016-06-21 5:07 ` [PATCH 20/27] [AARCH64] Make lp64 and ilp32 directories Yury Norov
2016-06-21 8:12 ` Andreas Schwab
2016-06-21 10:44 ` Joseph Myers
2016-06-27 7:56 ` Andreas Schwab
2016-06-27 8:03 ` Arnd Bergmann
2016-06-21 5:07 ` [PATCH 21/27] [AARCH64] ILP32: introduce syscalls that pass off_t Yury Norov
2016-06-21 10:35 ` Joseph Myers
2016-06-23 5:57 ` Yury Norov
2016-06-23 11:57 ` Joseph Myers
2016-06-21 5:07 ` [PATCH 22/27] [AARCH64] ILP32: support stat syscall family Yury Norov
2016-06-21 8:38 ` Andreas Schwab
2016-06-21 10:46 ` Joseph Myers
2016-06-27 7:51 ` Andreas Schwab
2016-06-21 5:07 ` [PATCH 23/27] [AARCH64] delouse input arguments in system functions Yury Norov
2016-06-21 8:08 ` Andreas Schwab
2016-06-21 10:36 ` Joseph Myers
2016-06-21 15:42 ` Arnd Bergmann [this message]
2016-06-21 16:37 ` Andrew Pinski
2016-06-21 5:07 ` [PATCH 24/27] Add support for AT_ARM64_MIDR Yury Norov
2016-06-21 8:09 ` Andreas Schwab
2016-06-21 5:07 ` [PATCH 25/27] [AARCH64] Fix ILP32 warning Yury Norov
2016-06-21 10:44 ` Joseph Myers
2016-06-21 5:07 ` [PATCH 26/27] [AARCH64] Change type of __align to long long Yury Norov
2016-06-21 8:10 ` Andreas Schwab
2016-06-21 10:57 ` Zhangjian (Bamvor)
2016-07-06 10:36 ` Andreas Schwab
2016-06-21 5:07 ` [PATCH 27/27] Fix PTRDIFF_MIN/PTRDIFF_MIN and PTRDIFF_MIN for ILP32 Yury Norov
2016-06-21 10:32 ` Joseph Myers
2016-06-21 10:23 ` [RFC PATCH 00/27] ARM64: support ILP32 Joseph Myers
2016-06-21 12:06 ` Zhangjian (Bamvor)
2016-06-22 2:04 ` Yury Norov
2016-06-28 15:26 ` Yury Norov
2016-06-21 15:10 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4477439.hqSlFvdEBH@wuerfel \
--to=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=davem@davemloft.net \
--cc=joseph@codesourcery.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcus.shawcroft@arm.com \
--cc=maxim.kuvyrkov@linaro.org \
--cc=philb@gnu.org \
--cc=pinskia@gmail.com \
--cc=szabolcs.nagy@arm.com \
--cc=ynorov@caviumnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).