Re: [PATCH 2/4] x86: SROP mitigation: implement signal canaries

From: Andi Kleen
Date: Thu May 15 2014 - 17:31:47 EST

Next message: Stephen Hemminger: "Re: [PATCH] net: tunnels - enable module autoloading"
Previous message: Cyrill Gorcunov: "Re: mm: NULL ptr deref handling mmaping of special mappings"
In reply to: Erik Bosman: "[PATCH 2/4] x86: SROP mitigation: implement signal canaries"
Next in thread: Erik Bosman: "Re: [PATCH 2/4] x86: SROP mitigation: implement signal canaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Erik Bosman <erik@xxxxxxxxxx> writes:

>
> diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
> index 2206757..1a9285a 100644
> --- a/arch/x86/ia32/ia32_signal.c
> +++ b/arch/x86/ia32/ia32_signal.c
> @@ -212,9 +212,18 @@ asmlinkage long sys32_sigreturn(void)
> struct sigframe_ia32 __user *frame = (struct sigframe_ia32 __user *)(regs->sp-8);
> sigset_t set;
> unsigned int ax;
> +#ifdef CONFIG_SIGNAL_CANARY
> + u32 canary;
> +#endif

Don't you completely break the ABI here? I'm sure there are programs out
there who hard code the offset into the FP state.

I think you either need to put it at the total end or somewhere
currently unused

Besides that I would remove the CONFIG_* once it works and just do it
unconditionally.

-Andi

--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Hemminger: "Re: [PATCH] net: tunnels - enable module autoloading"
Previous message: Cyrill Gorcunov: "Re: mm: NULL ptr deref handling mmaping of special mappings"
In reply to: Erik Bosman: "[PATCH 2/4] x86: SROP mitigation: implement signal canaries"
Next in thread: Erik Bosman: "Re: [PATCH 2/4] x86: SROP mitigation: implement signal canaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]