On Thu, Nov 29, 2018 at 08:59:31AM -0800, Andy Lutomirski wrote: > > > > On Nov 29, 2018, at 8:49 AM, Peter Zijlstra <pet...@infradead.org> wrote: > > > > On Thu, Nov 29, 2018 at 10:33:42AM -0600, Josh Poimboeuf wrote: > >>> can't we 'fix' that again? The alternative is moving that IRET-frame and > >>> fixing everything up, which is going to be fragile, ugly and such > >>> things more. > > > >> This seems to work... > > > > That's almost too easy... nice! > > It is indeed too easy: you’re putting pt_regs in the wrong place for > int3 from user mode, which is probably a root hole if you arrange for > a ptraced process to do int3 and try to write to whatever register > aliases CS. > > If you make it conditional on CPL, do it for 32-bit as well, add > comments convince yourself that there isn’t a better solution
I could do that - but why subject 32-bit to it? I was going to make it conditional on CONFIG_HAVE_STATIC_CALL_INLINE which is 64-bit only. > (like pointing IP at a stub that retpolines to the target by reading > the function pointer, a la the unoptimizable version), then okay, I > guess, with only a small amount of grumbling. I tried that in v2, but Peter pointed out it's racy: https://lkml.kernel.org/r/20181126160217.gr2...@hirez.programming.kicks-ass.net -- Josh
