----- On Jun 29, 2018, at 10:17 AM, Linus Torvalds torvalds@xxxxxxxxxxxxxxxxxxxx wrote: > On Fri, Jun 29, 2018 at 7:05 AM Mathieu Desnoyers > <mathieu.desnoyers@xxxxxxxxxxxx> wrote: >> >> What I'm worried about is setting regs->ip of a compat 32-bit task to >> addresses in the range 0x100000000-0xFFFFFFFFFFFFFFFF. > > Well, they won't have anything mapped in that range, so it really > shouldn't matter. It appears that arm64 simply clears the top bits of regs->ip when returning to 32-bit compat userspace. So this would be inconsistent between 32-bit kernel and 64-bit kernel with a 32-bit compat task: a 32-bit kernel would kill the process, but a 64-bit kernel would silently clear the top bits. Considering those inconsistencies between architectures (either the task gets killed, or the top bits are silently cleared), I'm very much tempted to be restrictive in the inputs accepted by rseq, and not rely on architectures as providing consistent validation of the return IP. Thoughts ? Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
