From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/8448 Path: news.gmane.org!not-for-mail From: Austin S Hemmelgarn Newsgroups: gmane.linux.kernel,gmane.comp.lib.glibc.alpha,gmane.linux.lib.musl.general,gmane.comp.gcc.devel,gmane.comp.gnu.binutils Subject: Re: [musl] RFC: adding Linux vsyscall-disable and similar backwards-incompatibility flags to ELF headers? Date: Wed, 2 Sep 2015 08:48:21 -0400 Message-ID: <55E6F015.4030308@gmail.com> References: <20150902025440.GG17773@brightrain.aerifal.cx> <20150902041815.GH17773@brightrain.aerifal.cx> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms000103040503020900060004" X-Trace: ger.gmane.org 1441198181 14356 80.91.229.3 (2 Sep 2015 12:49:41 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 2 Sep 2015 12:49:41 +0000 (UTC) Cc: Kees Cook , "linux-kernel@vger.kernel.org" , libc-alpha , "musl@lists.openwall.com" , gcc@gcc.gnu.org, Binutils To: Andy Lutomirski , Rich Felker Original-X-From: linux-kernel-owner@vger.kernel.org Wed Sep 02 14:49:32 2015 Return-path: Envelope-to: glk-linux-kernel-3@plane.gmane.org Original-Received: from vger.kernel.org ([209.132.180.67]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZX7Tn-0006J9-8S for glk-linux-kernel-3@plane.gmane.org; Wed, 02 Sep 2015 14:49:31 +0200 Original-Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754721AbbIBMtU (ORCPT ); Wed, 2 Sep 2015 08:49:20 -0400 Original-Received: from mail-ig0-f182.google.com ([209.85.213.182]:33728 "EHLO mail-ig0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754426AbbIBMtT (ORCPT ); Wed, 2 Sep 2015 08:49:19 -0400 Original-Received: by igbkq10 with SMTP id kq10so24249225igb.0 for ; Wed, 02 Sep 2015 05:49:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type; bh=hIxzZm/N77VhSjqpCYg95K5nuZQ8aMW7kXfD6FNeLBo=; b=MaMWVIUvBbRAr8+3aIJ3TPmMeQMROLoefY61GSZVh4Jg9ap+h5tKP+Gotw6NA8CY3S yyr21igvdatcISK1QhbstIDhBpJYShdbE3BOVYcMqkm3YEHVCrN7pd2VPr/NohT2frV0 HOX7lx2g6iuupAeH6fpZ0qEN5VJVG4RwSyGVeVxed6KBzi3+lrX9+i4KJP5GOrnxYgmp W4NaPv1EpMy+ewDKrRvHT2m3nNzNWGIAsNLhGb87VVAHDbUabVhH1LL8Q6tEVKVOxzud 1qSS3OMBmM2AwT8PJjWj7cl4MhjlffYIHDpk+UbDuv05zLBKCZTYHP8nsdnFPNaMg4WJ jikg== X-Received: by 10.50.73.226 with SMTP id o2mr3059529igv.18.1441198158520; Wed, 02 Sep 2015 05:49:18 -0700 (PDT) Original-Received: from [127.0.0.1] (rrcs-70-62-41-24.central.biz.rr.com. [70.62.41.24]) by smtp.googlemail.com with ESMTPSA id f16sm2111812igt.5.2015.09.02.05.49.16 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Sep 2015 05:49:17 -0700 (PDT) User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 In-Reply-To: X-Antivirus: avast! (VPS 150901-0, 2015-09-01), Outbound message X-Antivirus-Status: Clean Original-Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Xref: news.gmane.org gmane.linux.kernel:2030922 gmane.comp.lib.glibc.alpha:55171 gmane.linux.lib.musl.general:8448 gmane.comp.gcc.devel:141130 gmane.comp.gnu.binutils:70942 Archived-At: This is a cryptographically signed message in MIME format. --------------ms000103040503020900060004 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-09-02 00:32, Andy Lutomirski wrote: > On Tue, Sep 1, 2015 at 9:18 PM, Rich Felker wrote: >> On Tue, Sep 01, 2015 at 08:39:27PM -0700, Andy Lutomirski wrote: >>> On Tue, Sep 1, 2015 at 7:54 PM, Rich Felker wrote: >>>> If this is not the case, I have what sounds like an elegant solution= , >>>> if it works: presumably affected versions of glibc that used this us= ed >>>> it for all syscalls, so if the process has made any normal syscalls >>>> before using the vsyscall addresses, you can assume it's a bug/attac= k >>>> and and just raise SIGSEGV. If there are corner cases this doesn't >>>> cover, maybe the approach can still be adapted to work; it's cleaner= >>>> than introducing header cruft, IMO. >>> >>> Unfortunately, I don't think this will work. It's never been possibl= e >>> to use the vsyscalls for anything other than gettimeofday, time, or >>> getcpu, so I doubt we can detect affected glibc versions that way. >> >> I thought the idea of the old vsyscall was that you always call it >> rather than using a syscall instruction and it decides whether it can >> do it in userspace or needs to make a real syscall. But if it was only= >> called from certain places, then yes, I think you're right that my >> approach doesn't work. > > No, it's actually just three separate functions, one for each of > gettimeofday, time, and getcpu. Did the old versions of glibc always use vsyscall calling for these=20 syscalls? If they did, then we could (probably) safely disable the=20 vsyscall stuff the first time we see any of these called through the=20 normal syscall paths. --------------ms000103040503020900060004 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC Brgwgga0MIIEnKADAgECAgMQblUwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN MTUwMzI1MTkzNDM4WhcNMTUwOTIxMTkzNDM4WjBjMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz ZXIxIzAhBgkqhkiG9w0BCQEWFGFoZmVycm9pbjdAZ21haWwuY29tMSIwIAYJKoZIhvcNAQkB FhNhaGVtbWVsZ0BvaGlvZ3QuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA nQ/81tq0QBQi5w316VsVNfjg6kVVIMx760TuwA1MUaNQgQ3NyUl+UyFtjhpkNwwChjgAqfGd LIMTHAdObcwGfzO5uI2o1a8MHVQna8FRsU3QGouysIOGQlX8jFYXMKPEdnlt0GoQcd+BtESr pivbGWUEkPs1CwM6WOrs+09bAJP3qzKIr0VxervFrzrC5Dg9Rf18r9WXHElBuWHg4GYHNJ2V Ab8iKc10h44FnqxZK8RDN8ts/xX93i9bIBmHnFfyNRfiOUtNVeynJbf6kVtdHP+CRBkXCNRZ qyQT7gbTGD24P92PS2UTmDfplSBcWcTn65o3xWfesbf02jF6PL3BCrVnDRI4RgYxG3zFBJuG qvMoEODLhHKSXPAyQhwZINigZNdw5G1NqjXqUw+lIqdQvoPijK9J3eijiakh9u2bjWOMaleI SMRR6XsdM2O5qun1dqOrCgRkM0XSNtBQ2JjY7CycIx+qifJWsRaYWZz0aQU4ZrtAI7gVhO9h pyNaAGjvm7PdjEBiXq57e4QcgpwzvNlv8pG1c/hnt0msfDWNJtl3b6elhQ2Pz4w/QnWifZ8E BrFEmjeeJa2dqjE3giPVWrsH+lOvQQONsYJOuVb8b0zao4vrWeGmW2q2e3pdv0Axzm/60cJQ haZUv8+JdX9ZzqxOm5w5eUQSclt84u+D+hsCAwEAAaOCAVkwggFVMAwGA1UdEwEB/wQCMAAw VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNV HSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy dC5vcmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5j cmwwNAYDVR0RBC0wK4EUYWhmZXJyb2luN0BnbWFpbC5jb22BE2FoZW1tZWxnQG9oaW9ndC5j b20wDQYJKoZIhvcNAQENBQADggIBABr5e8W+NiTER+Q/7wiA2LxWN3UdhT3eZJjqqSlP370P KL5iWqeTfxQ67Ai/mHbJcT2PgAJ+/D2Ji+aRR03UWnU/vtOwzyDLUMstqnfl0Zs+sz/CJe7x nBA5jlpjC2DKuMVfbPze7eySaen7XSGFHKE1QoVIIpQ2kVjC4nbbJQnUbAVX1Iz29WxeVGt9 XYigz3tDPf3tglN+q23E7YjQl4abTIoM7i98yV1H9gfY8lFfKZ6jREB9+n6ie2EwS3Kat2mG tl2wBx4MfRnoSQSKsLKQ5oTwhWf0JqlFwpLfl374p0Njcykej9/jnWG8Ks1V/AXTHqI4eyIP Mf5yMZkPv7n7LS9WWKdG4Nd38iv4T2EiAaWsmgu+r81qL5CJu9AyA0SBS4ttKf6k3e63w2Mv N9R45vpQ3QhAhfWyFxFhZN95APe3YECDG3+XIRJpRYPEtHuIsOyzI70ajF93gg/BidvqKsmV MM2ccktDMfqwZXea6zey7F8Geu9R7BqjXmG2HlNuXu7e/xnHOgXf5D3wPmnRLlBhXL1Ch97a w2KjaupjpAHfFjv5kGnZXN87UvvlwzIZiKXwa3vTDwK+rrKn/sHPkfDZPSiyt/ZBIK6lX83P 34H/CzGg+Kx57rHYOIHGumIvpDa5vfWp8O0sGgawb1C2Aae4sTUVIWmIjVuGI062MYIE0TCC BM0CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxBuVTANBglghkgBZQMEAgMFAKCCAiEwGAYJKoZI hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwOTAyMTI0ODIxWjBPBgkq hkiG9w0BCQQxQgRArCnDlKlK+JnPCCtZ/G4oTDxkbTcwDHDV0z9cnOjwwjz67HKtFBDL3a/H SwrzXQaLTCu1dfQU4c5b8wrcNoa73DBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UE ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy dC5vcmcCAxBuVTCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEe MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxBuVTAN BgkqhkiG9w0BAQEFAASCAgBzKJK+r1oT+t5b1fd6SeLBbUHPo7/8gbumHX+9/RKtKqMVG77u FIP30ciZgYLumrlsT0PhA+HkNG9RS1eJzgt7dcKxypqjBK1YFuLUilMVwSyESMVeoxmW6cP0 MfP12FxKi9hJNj5OvROjZSQuwIgUvvhsx06a3yq0PdWyAhfGRZq7jRdaFeSugMj8NFHcZPPl Z8Ua37e11TK+03MZZ/w72XndRGpBzlT5i5ov9ofUlSi0cQjnTQgXpH5R4dmIVt1rFybprG58 5fJyFbLTW7kPFfqQiBfKu7NG9rGFAGBnNdClMtXS17sRzINjcQeasXYfDV3IoDbova/ShzIu 5G0lACNTkku6AWhEgTqQESIVD/ArUGEvTVxNyyI+jLkgswRdbkhHZmcIOGAqbXbNlskV6PFF ktxuiptroXlb7LoL8b3DpYxWbO1Ef5VAVKQr34Vw0JP4MQ+MCasmUwJS/pCtAdDMROYAlsJP eLILpIQMYf7UMjO8+sHGcP9juKuyzvGoxp+6JoQw7Vf5TwwwhXN1Dh+Hgg+bjjueA9S4V9RT ngvaBrhV26lfHpRNGRT8Z/pspQ57r3plyt1qTY1cDktsBYYNdkRHZ2t/UvOrUke90xw+3Z9F RgVsoBG3yjNJdGNaEjnaZe/ZKSo9hvdc6DO/S81GDPYoRmxVk/kiUl6C/AAAAAAAAA== --------------ms000103040503020900060004--