Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752298AbeAJUGQ (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 10 Jan 2018 15:06:16 -0500
Received: from mail.kernel.org ([198.145.29.99]:46684 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751002AbeAJUGP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Jan 2018 15:06:15 -0500
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C151E21745
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org
X-Google-Smtp-Source: ACJfBovw+27ANNccpg5fcBsEzpsSPHTsduLzMVzzjn9L7B/O1WNXPf9qfJ12Z7qVr2I36gUpDiawlm691CMIxPDCFpw=
MIME-Version: 1.0
In-Reply-To: <20180110043751.GK6718@tassilo.jf.intel.com>
References: <20180110010328.22163-1-andi@firstfloor.org> <20180110010328.22163-7-andi@firstfloor.org>
 <CEE66310-5B09-4375-8B9F-23D9798C8295@amacapital.net> <20180110043751.GK6718@tassilo.jf.intel.com>
From: Andy Lutomirski <luto@kernel.org>
Date: Wed, 10 Jan 2018 12:05:53 -0800
X-Gmail-Original-Message-ID: <CALCETrXzXO1bPjoqRgjGCp+2Bq_rUiRRrYQeuj9FaC-oKJNr-A@mail.gmail.com>
Message-ID: <CALCETrXzXO1bPjoqRgjGCp+2Bq_rUiRRrYQeuj9FaC-oKJNr-A@mail.gmail.com>
Subject: Re: [PATCH v1 6/8] x86/entry/clearregs: Add number of arguments to
 syscall tables
To: Andi Kleen <ak@linux.intel.com>
Cc: Andi Kleen <andi@firstfloor.org>,
        Thomas Gleixner <tglx@linutronix.de>, X86 ML <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Paul Turner <pjt@google.com>,
        Andrew Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        gregkh@linux-foundation.org, Dave Hansen <dave.hansen@intel.com>,
        Jiri Kosina <jikos@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Tue, Jan 9, 2018 at 8:37 PM, Andi Kleen <ak@linux.intel.com> wrote:
> On Tue, Jan 09, 2018 at 05:26:43PM -0800, Andy Lutomirski wrote:
>>
>>
>> > On Jan 9, 2018, at 5:03 PM, Andi Kleen <andi@firstfloor.org> wrote:
>> >
>> > From: Andi Kleen <ak@linux.intel.com>
>> >
>> > In order to sanitize the system call arguments properly
>> > we need to know the number of syscall arguments for each
>> > syscall. Add a new column to the 32bit and 64bit syscall
>> > tables to list the number of arguments.
>> >
>>
>> Surely we can do this in the SYSCALL_DEFINE macros.  Or at least statically check it.
>
> Possibly. The assembler would be much uglier as inline assembler though.
> And adding the number shouldn't be a big burden when adding a system call.
>
> I don't know how to check statically.
>

Somehow parse out the SYSCALL_DEFINE() macros at build time and check
the numbers.  Or munge the number into the SyS_ wrapper so we'd have
SyS0_fork but SyS3_read.

>>
>> Also, what attack are we protecting against anyway?
>
> There's no specific attack here.
>
> But the idea is to make it harder to inject values into the kernel to abuse
> with speculation.

I think a bit stronger justification would be good here.