On Fri, Jun 29, 2018 at 12:48 PM, Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> wrote: > There are two aspects I'm concerned about here: > > 1) security: we don't want 32-bit user-space to feed a 64-bit value over 4GB > as abort_ip that may end up causing OOPSes on architectures that would > lack proper validation of those values on return to userspace. I'm not too worried about this. As long as you're doing it from signal-delivery context (which you are AFAICT) you're fine. But I re-read the code and I think I have a really straightforward solution. Two choices: (1) Change instruction_pointer_set() to return an error code if the address passed in is garbage in a way that could cause unexpected behavior (like >=2^32 on x86_64 if regs->cs is 32-bit). It has very very few callers. (2) Add instruction_pointer_validate() to go along with instruction_pointer_set(). That should be enough to solve the problem, right? -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
