Re: [PATCH v7 24/39] arm64/signal: Set up and restore the GCS context for signal handlers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Dec 09, 2023 at 12:15:22AM -0300, Thiago Jung Bauermann wrote:
> Mark Brown <broonie@xxxxxxxxxx> writes:

> > +	/* The cap must have the low bits set to a token value */
> > +	if (GCS_CAP_TOKEN(val) != 0)
> > +		return false;

> I found the comment above a little confusing, since the if condition
> actually checks that low bits aren't set at all. Perhaps reword to
> something like "The token value of a signal cap must be 0"?

Right, that's bitrot from the previous token format.

> I'm still not proficient enough in GCS to know how exactly this could be
> abused (e.g., somehow writing the desired return location right above
> one of these inactive caps and arranging for GCSPR to point to the cap
> before returning from a signal) but to be safe or paranoid, perhaps zero
> the location of the cap before returning?

Right, ideally we'd be doing a compare and exchange here to substitute
in a zero.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux