Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Raise SIGSEGV instead of SIGPROT for hybrid #2145

Draft
wants to merge 3 commits into
base: dev
Choose a base branch
from
Draft

Raise SIGSEGV instead of SIGPROT for hybrid #2145

wants to merge 3 commits into from
+147 −2

Conversation

bsdjhb
Copy link
Collaborator

@bsdjhb bsdjhb commented Jul 9, 2024

  • cheribsdtest: Test signal for invalid memory accesses in hybrid
  • arm64: Raise SIGSEGV for bounds violations outside of UVA for hybrid
  • riscv: Raise SIGSEGV for bounds violations against PCC/DDC in hybrid

@bsdjhb
cheribsdtest: Test signal for invalid memory accesses in hybrid
d9f1f4d
@bsdjhb
arm64: Raise SIGSEGV for bounds violations outside of UVA for hybrid
08f5572
@bsdjhb
riscv: Raise SIGSEGV for bounds violations against PCC/DDC in hybrid
564aee1 
The signal for the DDC case isn't fully correct since the instruction
would need to be decoded to compute the effective address and access
mode (read vs write).
bsdjhb
bsdjhb commented Jul 9, 2024
View reviewed changes
bin/cheribsdtest/cheribsdtest_signal.c
.ct_flags = CT_FLAG_SIGNAL | CT_FLAG_SI_CODE | CT_FLAG_SI_TRAPNO,
.ct_signum = SIGSEGV,
.ct_si_code = SEGV_MAPERR,
.ct_si_trapno = TRAPNO_STORE_PF)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test fails on RISC-V for this series since the kernel patch always uses the load page fault cause for si_trapno.

@bsdjhb bsdjhb linked an issue Jul 9, 2024 that may be closed by this pull request
Change raised signal from SIGPROT to SIGSEGV when indexing outside the ddc bound on a hybrid binary #2143
Open
@bsdjhb
Copy link
Collaborator Author

bsdjhb commented Jul 9, 2024

The arm64 fix is straightforward since arm64 supplies FAR for a capability abort. For RISC-V it is messier and the approach here is a simple fixup. Arguably it is fine for this to be SIGPROT, but in that case we need to document it as a non-obvious side effect for hybrid binaries.

bsdjhb pushed a commit to bsdjhb/cheribsd that referenced this pull request Aug 20, 2024
@mmatuska
Update vendor/libarchive to 3.7.4
d6f77d3 
Security fixes:
 CTSRD-CHERI#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
 CTSRD-CHERI#2145 zip: Fix out of boundary access

Important bugfixes:
 CTSRD-CHERI#2131 7zip: Limit amount of properties
 CTSRD-CHERI#2110 bsdtar: Fix error handling around strtol() usages
 CTSRD-CHERI#2116 passphrase: Never allow empty passwords
 CTSRD-CHERI#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
 CTSRD-CHERI#2123 xar: Avoid infinite link loop
 CTSRD-CHERI#2108 zip: Update AppleDouble support for directories
 CTSRD-CHERI#2071 zstd: Implement core detection

Obained from:		libarchive
Libarchive commit:	313aa1fa10b657de791e3202c168a6c833bc3543
bsdjhb pushed a commit to bsdjhb/cheribsd that referenced this pull request Aug 20, 2024
@mmatuska
libarchive: merge from vendor branch
13d826f 
Libarchive 3.7.4 + three fixes from master

Security fixes:
 CTSRD-CHERI#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
 CTSRD-CHERI#2145 zip: Fix out of boundary access
 CTSRD-CHERI#2148 rar: Fix OOB in rar delta filter
 CTSRD-CHERI#2149 rar: Fix OOB in rar audio filter

Important bugfixes:
 CTSRD-CHERI#2131 7zip: Limit amount of properties
 CTSRD-CHERI#2110 bsdtar: Fix error handling around strtol() usages
 CTSRD-CHERI#2116 passphrase: Never allow empty passwords
 CTSRD-CHERI#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
 CTSRD-CHERI#2123 xar: Avoid infinite link loop
 CTSRD-CHERI#2150 xar: Fix another infinite loop and expat error handling
 CTSRD-CHERI#2108 zip: Update AppleDouble support for directories
 CTSRD-CHERI#2071 zstd: Implement core detectiongit

PR:		278588 (exp-run)
MFC after:	1 day
bsdjhb pushed a commit to bsdjhb/cheribsd that referenced this pull request Aug 20, 2024
@mmatuska @bsdjhb
libarchive: merge from vendor branch
bd055f3 
Libarchive 3.7.4 + three fixes from master

Security fixes:
 CTSRD-CHERI#2135 rar: Fix OOB in rar e8 filter (CVE-2024-26256)
 CTSRD-CHERI#2145 zip: Fix out of boundary access
 CTSRD-CHERI#2148 rar: Fix OOB in rar delta filter
 CTSRD-CHERI#2149 rar: Fix OOB in rar audio filter

Important bugfixes:
 CTSRD-CHERI#2131 7zip: Limit amount of properties
 CTSRD-CHERI#2110 bsdtar: Fix error handling around strtol() usages
 CTSRD-CHERI#2116 passphrase: Never allow empty passwords
 CTSRD-CHERI#2124 rar: Fix "File CRC Error" when extracting specific rar4 archives
 CTSRD-CHERI#2123 xar: Avoid infinite link loop
 CTSRD-CHERI#2150 xar: Fix another infinite loop and expat error handling
 CTSRD-CHERI#2108 zip: Update AppleDouble support for directories
 CTSRD-CHERI#2071 zstd: Implement core detectiongit

PR:		278588 (exp-run)
MFC after:	1 day
@bsdjhb bsdjhb mentioned this pull request Sep 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change raised signal from SIGPROT to SIGSEGV when indexing outside the ddc bound on a hybrid binary
1 participant
@bsdjhb