Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp1540522pxx; Fri, 30 Oct 2020 12:25:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyOYOcZ/gmYLOQ3qvxjs/dJ6yctIH83iVyO7epbB7r9/yOZfcQE+rTS0eo2/YhyK6fR6j/j X-Received: by 2002:a17:906:66d2:: with SMTP id k18mr3924899ejp.113.1604085929773; Fri, 30 Oct 2020 12:25:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1604085929; cv=none; d=google.com; s=arc-20160816; b=e6vPjQKU2PQhLc7DVdhDPtfXj2j8RAfU3I+r1lDZuZZvy4GKL73jBCPwAf13Lw7lOz sdcmv9IW55PEzjH5kSkJ+TiruAhXPWrCD+br3sDqZIRHq9CHNis082/Yfvy60P2heGlw PFVV/ur/GSqxq5TzF3oX6ileKlgeXH7dtbUp8KJvSrDZeaCUAKRdoPwRdzP2bzbxQihQ DzSgG3jopVwaErTVQkv2GJEu59JNXlMQ0DjamFsDKBQgPc8rg+9U3xehOFGANeFCtiNh zKyHh9fcmYxPs97HZj2kevctCGEtmBpVvi6zCeHbOcl2va+XyoKPbLXc0fvD/4n/s6Ld vlEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=IE0MVk7EQc0SlC+5nlJcr3By1j+rEqWin4sBQ/kMK1w=; b=i49NibjLJ4hE9FHneLdJez+7Lsls+cGe06fOfyonwD1OGY+5ZC7FwRo5Sgl2tBwO4I s6h6kuaCrs+IpLh4iS1WzFulCpnpCyHNtbK7DMIU7cxeGUtDKFWODvuJEc7cPEX5HmTU JnC6cgkzz+rZi6Tz74rMOLBtwg8VvXIm9615jSU1LwDjAxvIYAIba2jd7oheN+qeoSN+ 5QlsIKIolsJmeL+PPrMQ/neoMZtsUenWrilcuJPHy2wMTwsLCIHu7zy432GrWkdB/R5w SzPAFgoO9nkReMBlyCBs0jG4IvIVJgZ6jn1wdyEF+3nRDOZ8Dr6qOYdNRrhKGzlI30eT zRHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@jrtc27.com header.s=gmail.jrtc27.user header.b=WbIyGOe9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w13si4877922ejz.76.2020.10.30.12.25.07; Fri, 30 Oct 2020 12:25:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@jrtc27.com header.s=gmail.jrtc27.user header.b=WbIyGOe9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727614AbgJ3TWs (ORCPT + 99 others); Fri, 30 Oct 2020 15:22:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727620AbgJ3TVH (ORCPT ); Fri, 30 Oct 2020 15:21:07 -0400 Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDFAEC0613CF for ; Fri, 30 Oct 2020 12:21:06 -0700 (PDT) Received: by mail-wr1-x442.google.com with SMTP id g12so7617400wrp.10 for ; Fri, 30 Oct 2020 12:21:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jrtc27.com; s=gmail.jrtc27.user; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IE0MVk7EQc0SlC+5nlJcr3By1j+rEqWin4sBQ/kMK1w=; b=WbIyGOe9UOMKjTTFKXttYo+9ZcHHcvG1eBzu3LM8HHS+Er8yFUh+M6p2MxN4/cmQ0q AWwcLhC2mrACVhSwMCPt5nf6VjMy9EG2QZ8mZyOs92TO0qO5FpsY3FJSunFSe0y8knxt im5yJfsBs3nzoeOmt+7oTuK2XcMOruClj7UDHnO6f3I61IttoiknbVT/KOQeoOs4GT06 8sPh3fovXB+IMYYHspNljyiKeSVC7c0Ur/8cPRZYx2xBzxdw4OyyBbI7LKKNskPd5kJ9 bVptsQkvjDq2se/d0XcgtMzzk/WbwGPa0Uiuggev+s5grwQNDOwdmayKTFfHcBEnFvmj k0yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IE0MVk7EQc0SlC+5nlJcr3By1j+rEqWin4sBQ/kMK1w=; b=Up0+xBnqPmen8XUtAbg6BMhwhJF8XylfvLmWfcUq/whR2KnGlYzXR9TPIjpY+fKjEt avY1mjfxNhBTDF1bWb840YTtffk5DdF3PkQ8x8QIRE7WCoHJifQYL25wzBt9GMe6Vqqp adOql2MkTbtZf8X0pzvY3dZk878XIzcdDzR6126W6WyjdvY8ZJ9hnEy4a8OPOOQUWqkA EA8jxcF7Ks0fhyXXuGT2JVMHdpfBpQqdEs7izMDniXABFWytqMh5dw28RKiNjdafIF+K KS0wrym4szdSQMFAFrQXO1qVRGO0uqPQFaPAS4EDHV01mHDGckjE5/1qKEGsxGRwzGsC tvdA== X-Gm-Message-State: AOAM531vRQrBSBG/fM1gqEUsmoclYJBlbiHiLuD6p2+cPEnudxMo4Mxr XBK/hvfASvUM8RXQKfyu4ENspzbUAe0slA== X-Received: by 2002:a5d:4b51:: with SMTP id w17mr5185570wrs.156.1604085665716; Fri, 30 Oct 2020 12:21:05 -0700 (PDT) Received: from [192.168.149.251] (trinity-students-nat.trin.cam.ac.uk. [131.111.193.104]) by smtp.gmail.com with ESMTPSA id z191sm6007104wme.30.2020.10.30.12.21.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Oct 2020 12:21:05 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: [PATCH v2] x86: Fix x32 System V message queue syscalls From: Jessica Clarke In-Reply-To: <20201012134444.1905-1-jrtc27@jrtc27.com> Date: Fri, 30 Oct 2020 19:21:03 +0000 Cc: Andy Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: <159B3D01-132C-4F56-ABF0-72A8D5958A29@jrtc27.com> References: <1156938F-A9A3-4EE9-B059-2294A0B9FBFE@jrtc27.com> <20201012134444.1905-1-jrtc27@jrtc27.com> To: linux-x86_64@vger.kernel.org X-Mailer: Apple Mail (2.3608.120.23.2.4) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On 12 Oct 2020, at 14:44, Jessica Clarke wrote: >=20 > POSIX specifies that the first field of the supplied msgp, namely = mtype, > is a long, not a __kernel_long_t, and it's a user-defined struct due = to > the variable-length mtext field so we can't even bend the spec and = make > it a __kernel_long_t even if we wanted to. Thus we must use the compat > syscalls on x32 to avoid buffer overreads and overflows in msgsnd and > msgrcv respectively. >=20 > Due to erroneously including the first 4 bytes of mtext in the mtype > this would previously also cause non-zero msgtyp arguments for msgrcv = to > search for the wrong messages, and if sharing message queues between = x32 > and non-x32 (i386 or x86_64) processes this would previously cause = mtext > to "move" and, depending on the direction and ABI combination, lose = the > first 4 bytes. >=20 > Signed-off-by: Jessica Clarke > --- Ping? Jess >=20 > I have verified that the test at the end of [1] now gives the correct > result on x32 ("PAYL" not "PAY" as I erroneously claimed it should be = in > the above email) and that both i386 and amd64 give the same output = with > that test as before. >=20 > [1] <1156938F-A9A3-4EE9-B059-2294A0B9FBFE@jrtc27.com> >=20 > Changes since v1: > * Uses the same syscall numbers for x32 as amd64 and the current x32 > rather than (further) breaking ABI by allocating new ones from the > legacy x32 range >=20 > arch/x86/entry/syscalls/syscall_64.tbl | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/arch/x86/entry/syscalls/syscall_64.tbl = b/arch/x86/entry/syscalls/syscall_64.tbl > index f30d6ae9a..f462123f3 100644 > --- a/arch/x86/entry/syscalls/syscall_64.tbl > +++ b/arch/x86/entry/syscalls/syscall_64.tbl > @@ -77,8 +77,10 @@ > 66 common semctl sys_semctl > 67 common shmdt sys_shmdt > 68 common msgget sys_msgget > -69 common msgsnd sys_msgsnd > -70 common msgrcv sys_msgrcv > +69 64 msgsnd sys_msgsnd > +69 x32 msgsnd compat_sys_msgsnd > +70 64 msgrcv sys_msgrcv > +70 x32 msgrcv compat_sys_msgrcv > 71 common msgctl sys_msgctl > 72 common fcntl sys_fcntl > 73 common flock sys_flock > --=20 > 2.28.0 >=20