Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

* Thomas Garnier wrote: > Ensure that a syscall does not return to user-mode with a kernel address > limit. If that happens, a process can corrupt kernel-mode memory and > elevate privileges [1]. > > The CONFIG_ADDR_LIMIT_CHECK option disables the generic check so each >

Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

* Thomas Garnier wrote: > Ensure that a syscall does not return to user-mode with a kernel address > limit. If that happens, a process can corrupt kernel-mode memory and > elevate privileges [1]. > > The CONFIG_ADDR_LIMIT_CHECK option disables the generic check so each > architecture can

Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

* Thomas Garnier wrote: > > BTW., a further simplification would be: > > > > #ifndef ADDR_LIMIT_CHECK_PRE > > # define ADDR_LIMIT_CHECK_PRE ... > > #endif > > > > This way architectures could override this generic functionality simply by > > defining the helpers.

Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

* Thomas Garnier wrote: > > BTW., a further simplification would be: > > > > #ifndef ADDR_LIMIT_CHECK_PRE > > # define ADDR_LIMIT_CHECK_PRE ... > > #endif > > > > This way architectures could override this generic functionality simply by > > defining the helpers. Architectures that don't do

[PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

Ensure that a syscall does not return to user-mode with a kernel address limit. If that happens, a process can corrupt kernel-mode memory and elevate privileges [1]. The CONFIG_ADDR_LIMIT_CHECK option disables the generic check so each architecture can create optimized versions. [1]

[PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

Ensure that a syscall does not return to user-mode with a kernel address limit. If that happens, a process can corrupt kernel-mode memory and elevate privileges [1]. The CONFIG_ADDR_LIMIT_CHECK option disables the generic check so each architecture can create optimized versions. [1]

Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

On Wed, Apr 26, 2017 at 11:49 PM, Ingo Molnar wrote: > > * Thomas Garnier wrote: > >> + >> +/* >> + * Called before coming back to user-mode. Returning to user-mode with an >> + * address limit different than USER_DS can allow to overwrite kernel >>

Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

On Wed, Apr 26, 2017 at 11:49 PM, Ingo Molnar wrote: > > * Thomas Garnier wrote: > >> + >> +/* >> + * Called before coming back to user-mode. Returning to user-mode with an >> + * address limit different than USER_DS can allow to overwrite kernel >> memory. >> + */ >> +static inline void

Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

* Thomas Garnier wrote: > + > +/* > + * Called before coming back to user-mode. Returning to user-mode with an > + * address limit different than USER_DS can allow to overwrite kernel memory. > + */ > +static inline void addr_limit_check_syscall(void) > +{ > +

Re: [PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

* Thomas Garnier wrote: > + > +/* > + * Called before coming back to user-mode. Returning to user-mode with an > + * address limit different than USER_DS can allow to overwrite kernel memory. > + */ > +static inline void addr_limit_check_syscall(void) > +{ > + BUG_ON(!segment_eq(get_fs(),

[PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

Ensure that a syscall does not return to user-mode with a kernel address limit. If that happens, a process can corrupt kernel-mode memory and elevate privileges [1]. The CONFIG_ADDR_LIMIT_CHECK option disables the generic check so each architecture can create optimized versions. [1]

[PATCH v8 1/4] syscalls: Verify address limit before returning to user-mode

Ensure that a syscall does not return to user-mode with a kernel address limit. If that happens, a process can corrupt kernel-mode memory and elevate privileges [1]. The CONFIG_ADDR_LIMIT_CHECK option disables the generic check so each architecture can create optimized versions. [1]