From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2210 invoked by alias); 20 Jun 2011 22:50:15 -0000 Received: (qmail 2202 invoked by uid 22791); 20 Jun 2011 22:50:15 -0000 X-SWARE-Spam-Status: No, hits=-6.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 20 Jun 2011 22:49:57 +0000 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p5KMnTia007493 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 20 Jun 2011 18:49:29 -0400 Received: from pebble.twiddle.home (vpn-239-71.phx2.redhat.com [10.3.239.71]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p5KMnS4o029793; Mon, 20 Jun 2011 18:49:28 -0400 Message-ID: <4DFFCE63.3090209@redhat.com> Date: Mon, 20 Jun 2011 22:58:00 -0000 From: Richard Henderson User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Thunderbird/3.1.10 MIME-Version: 1.0 To: "H. Peter Anvin" CC: "H.J. Lu" , Bernd Schmidt , gcc-patches@gcc.gnu.org, Eric Botcazou Subject: Re: [x32] PATCH: Remove ix86_promote_function_mode References: <20110620135115.GA11874@lucon.org> <4DFF50E0.8030404@codesourcery.com> <4DFF5A40.8000903@zytor.com> In-Reply-To: <4DFF5A40.8000903@zytor.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org X-SW-Source: 2011-06/txt/msg01544.txt.bz2 On 06/20/2011 07:33 AM, H. Peter Anvin wrote: > On 06/20/2011 07:01 AM, H.J. Lu wrote: >> On Mon, Jun 20, 2011 at 6:53 AM, Bernd Schmidt wrote: >>> On 06/20/2011 03:51 PM, H.J. Lu wrote: >>>> Promote pointers to Pmode when passing/returning in registers is >>>> a security concern. > > No. Promoting *NON*-pointers (or rather, requiring non-pointers to > having already been zero extended) is a security concern. I thought I'd > made that point clear already. This is a hideously critical distinction. > >> Peter, do you think it is safe to assume upper 32bits are zero in >> user space for x32? Kernel isn't a problem since pointer is 64bit >> in kernel and we don't pass pointers on stack to kernel. > > As I have already stated, if we *cannot* require pointers to be > zero-extended on entry to the kernel, we're going to have to have > special entry points for all the x32 system calls except the ones that > don't take pointers. If it's a security concern, surely you have to do it in the kernel anyway, lest someone call into the kernel via their own assembly rather than something controlled by the compiler... r~