----- On Jun 28, 2018, at 8:18 PM, Linus Torvalds torva...@linux-foundation.org wrote:
> On Thu, Jun 28, 2018 at 4:30 PM Andy Lutomirski <l...@kernel.org> wrote: >> >> The idea is that, if someone screws up and sticks a number like >> 0xbaadf00d00045678 into their rseq abort_ip in a 32-bit x86 program >> (when they actually mean 0x00045678), we want to something consistent. > > I think the "something consistent" is perfectly fine with just "it won't > work". > > Make it do > > if (rseq_cs->abort_ip != (unsigned long)rseq_cs->abort_ip) > return -EINVAL; > > at abort time. > > Done. > > If it's a 32-bit kernel, the above will reject the thing, and if it's > a 64-bit kernel, it will be a no-op, but the abort won't work in a > 32-bit caller. > > Problem solved. This assumes a 64-bit kernel returning to a 32-bit compat task with garbage it the upper 32 bits of regs->ip behaves correctly (e.g. kill the offending process rather than crash the kernel) on all architectures. Is this something we can rely on ? Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com
