On Sat, Dec 09, 2023 at 12:15:22AM -0300, Thiago Jung Bauermann wrote: > Mark Brown <broonie@xxxxxxxxxx> writes: > > + /* The cap must have the low bits set to a token value */ > > + if (GCS_CAP_TOKEN(val) != 0) > > + return false; > I found the comment above a little confusing, since the if condition > actually checks that low bits aren't set at all. Perhaps reword to > something like "The token value of a signal cap must be 0"? Right, that's bitrot from the previous token format. > I'm still not proficient enough in GCS to know how exactly this could be > abused (e.g., somehow writing the desired return location right above > one of these inactive caps and arranging for GCSPR to point to the cap > before returning from a signal) but to be safe or paranoid, perhaps zero > the location of the cap before returning? Right, ideally we'd be doing a compare and exchange here to substitute in a zero.
Attachment:
signature.asc
Description: PGP signature
