Re: [RFC] syscalls: Restore address limit after a syscall

2017-02-10 Thread Russell King - ARM Linux
On Fri, Feb 10, 2017 at 12:49:34PM -0800, Kees Cook wrote: > On Fri, Feb 10, 2017 at 11:22 AM, Russell King - ARM Linux > wrote: > > On Thu, Feb 09, 2017 at 06:42:34PM -0800, Andy Lutomirski wrote: > >> On Thu, Feb 9, 2017 at 3:41 PM, Thomas Garnier wrote: > >> > So by default it is in the wrappe

Re: [RFC] syscalls: Restore address limit after a syscall

2017-02-10 Thread Kees Cook
On Fri, Feb 10, 2017 at 11:22 AM, Russell King - ARM Linux wrote: > On Thu, Feb 09, 2017 at 06:42:34PM -0800, Andy Lutomirski wrote: >> On Thu, Feb 9, 2017 at 3:41 PM, Thomas Garnier wrote: >> > So by default it is in the wrapper. If selected, an architecture can >> > disable the wrapper put it i

Re: [RFC] syscalls: Restore address limit after a syscall

2017-02-10 Thread Russell King - ARM Linux
On Thu, Feb 09, 2017 at 06:42:34PM -0800, Andy Lutomirski wrote: > On Thu, Feb 9, 2017 at 3:41 PM, Thomas Garnier wrote: > > So by default it is in the wrapper. If selected, an architecture can > > disable the wrapper put it in the best places. Understood correctly? > > Sounds good to me. > > Pr

Re: [RFC] syscalls: Restore address limit after a syscall

2017-02-09 Thread Andy Lutomirski
On Thu, Feb 9, 2017 at 3:41 PM, Thomas Garnier wrote: > On Thu, Feb 9, 2017 at 3:05 PM, Andy Lutomirski wrote: >> On Thu, Feb 9, 2017 at 11:31 AM, Kees Cook wrote: >>> On Thu, Feb 9, 2017 at 10:33 AM, Thomas Garnier wrote: This patch prevents a syscall to modify the address limit of the >>

Re: [RFC] syscalls: Restore address limit after a syscall

2017-02-09 Thread Thomas Garnier
On Thu, Feb 9, 2017 at 3:05 PM, Andy Lutomirski wrote: > On Thu, Feb 9, 2017 at 11:31 AM, Kees Cook wrote: >> On Thu, Feb 9, 2017 at 10:33 AM, Thomas Garnier wrote: >>> This patch prevents a syscall to modify the address limit of the >>> caller. The address limit is kept by the syscall wrapper a

Re: [RFC] syscalls: Restore address limit after a syscall

2017-02-09 Thread Andy Lutomirski
On Thu, Feb 9, 2017 at 11:31 AM, Kees Cook wrote: > On Thu, Feb 9, 2017 at 10:33 AM, Thomas Garnier wrote: >> This patch prevents a syscall to modify the address limit of the >> caller. The address limit is kept by the syscall wrapper and restored >> just after the syscall ends. >> >> For example

Re: [RFC] syscalls: Restore address limit after a syscall

2017-02-09 Thread Kees Cook
On Thu, Feb 9, 2017 at 10:33 AM, Thomas Garnier wrote: > This patch prevents a syscall to modify the address limit of the > caller. The address limit is kept by the syscall wrapper and restored > just after the syscall ends. > > For example, it would mitigation this bug: > > - https://bugs.chromiu

[RFC] syscalls: Restore address limit after a syscall

2017-02-09 Thread Thomas Garnier
This patch prevents a syscall to modify the address limit of the caller. The address limit is kept by the syscall wrapper and restored just after the syscall ends. For example, it would mitigation this bug: - https://bugs.chromium.org/p/project-zero/issues/detail?id=990 Signed-off-by: Thomas Gar