Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2177104ybi; Sun, 28 Jul 2019 03:36:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqzMjUKEwOIUbrAMz51C5jHclUYyHyll2uyHtyb+9rc+Er+XBeUtfGfmb9Ww1Vp1AnWFDL8Y X-Received: by 2002:aa7:9dcd:: with SMTP id g13mr31755129pfq.204.1564310199549; Sun, 28 Jul 2019 03:36:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564310199; cv=none; d=google.com; s=arc-20160816; b=jeMHmB8XhXv0BSpmmeq9eaO5hukxwgAfMnrh1CzTKwP03sFJqcPsrkeDGUbGXJl7XW xaU2Aq8o8Yg86y361/5k2OJ9BccMnrbX1jZWVf9cwJ+oMMHjmEE92GMJC7NCDmB6j5ox SKkIIB4Y2vvfYW2lRsPjcrzux3WCiPg0qNTx+ulP+9Vo22mdGIk5wDXl12UX90/RlSSa mhgpReJqcQ+pGqEJHIyX7pL6dMvBkSmiXEeUDgNRdtNbxcIXi2eLK3QmmamAjI/xsV2x 5nIAt9Q2GEfihJ5mIKCIuEHePncOayg4Cbtp7m/zQtLi5QwtC0Ji/G95r5qLXxHR3X9c c+tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=skZY3IOXPjzYqib8lq48wJ+HSPe63k18lsKDvftzYuY=; b=LMvDF9zuVK+CJipxjreqWYhMEUF2D0h7MXYWhSrF5it/yyh5mfruN0KFsa4dAPjvrb eyI0S7kdLP4cZOwXhhebv8D+2TtsHFxjpALgUEEIZ+NFldQdm79ioSeaEfFZOo8EMy22 CXItCKrhfjDisc7Jutqh0fRxT2zrFFK2C92n2NTVoJvDGyDLFtMiJ3ifS8RKPsQxBqiq WGNQWN0gnf/rCjEN0QuJ21HSwDq7nNPHGv6LzkxlqeQTbib+LvhDSox7skgNsfY9zXcR 6nT/l53roYqTqQ1/zFOxGrocEl5rUhMcfEC8zXy/0M/KyNUZMfDuKCxd5VYkt9IfxPnk aSfQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j185si24259295pge.91.2019.07.28.03.35.45; Sun, 28 Jul 2019 03:36:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726004AbfG1KaT (ORCPT + 99 others); Sun, 28 Jul 2019 06:30:19 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:51543 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725961AbfG1KaT (ORCPT ); Sun, 28 Jul 2019 06:30:19 -0400 Received: from pd9ef1cb8.dip0.t-ipconnect.de ([217.239.28.184] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hrgRN-0001VN-4d; Sun, 28 Jul 2019 12:30:09 +0200 Date: Sun, 28 Jul 2019 12:30:08 +0200 (CEST) From: Thomas Gleixner To: Arnd Bergmann cc: Andy Lutomirski , Sean Christopherson , Kees Cook , Vincenzo Frascino , X86 ML , LKML , Paul Bolle Subject: Re: [5.2 REGRESSION] Generic vDSO breaks seccomp-enabled userspace on i386 In-Reply-To: Message-ID: References: <201907221012.41504DCD@keescook> <201907221135.2C2D262D8@keescook> <201907221620.F31B9A082@keescook> <201907231437.DB20BEBD3@keescook> <201907231636.AD3ED717D@keescook> <20190726180103.GE3188@linux.intel.com> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 28 Jul 2019, Arnd Bergmann wrote: > On Sat, Jul 27, 2019 at 7:53 PM Andy Lutomirski wrote: > lib/vdso/gettimeofday.c: > static __maybe_unused int > __cvdso_clock_gettime32(clockid_t clock, struct old_timespec32 *res) > { > struct __kernel_timespec ts; > int ret; > > if (res == NULL) > goto fallback; > > ret = __cvdso_clock_gettime(clock, &ts); > > if (ret == 0) { > res->tv_sec = ts.tv_sec; > res->tv_nsec = ts.tv_nsec; > } > > return ret; > > fallback: > return clock_gettime_fallback(clock, (struct __kernel_timespec *)res); > } > > So we get an 'old_timespec32' pointer from user space, and cast > it to __kernel_timespec in order to pass it to the low-level function > that actually fills in the 64-bit structure. > > On a little-endian machine, the first four bytes are actually correct > here, but this is followed by tv_nsec=0 and 8 more bytes that overwrite > whatever comes after the user space 'timespec'. [I missed the > typecast as an indication of a bug during my review, sorry about > that]. Which is totally irrelevant because res is NULL and that NULL pointer check should simply return -EFAULT, which is what the syscall fallback returns because the pointer is NULL. But that NULL pointer check is inconsistent anyway: - 64 bit does not have it and never had - the vdso is not capable of handling faults properly anyway. If the pointer is not valid, then it will segfault. So just preventing the segfault for NULL is silly. I'm going to just remove it. Thanks, tglx