From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752119AbbCSBdt (ORCPT <rfc822;w@1wt.eu>);
	Wed, 18 Mar 2015 21:33:49 -0400
Received: from mail.kernel.org ([198.145.29.136]:52214 "EHLO mail.kernel.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751492AbbCSBdm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 18 Mar 2015 21:33:42 -0400
From: Andy Lutomirski <luto@kernel.org>
To: x86@kernel.org, linux-kernel@vger.kernel.org
Cc: Brad Spengler <spender@grsecurity.net>,
        Denys Vlasenko <dvlasenk@redhat.com>,
        Andy Lutomirski <luto@kernel.org>
Subject: [PATCH 3/9] x86: Add user_mode_ignore_vm86
Date: Wed, 18 Mar 2015 18:33:29 -0700
Message-Id: <202c56ca63823c338af8e2e54948dbe222da6343.1426728647.git.luto@kernel.org>
X-Mailer: git-send-email 2.3.0
In-Reply-To: <cover.1426728647.git.luto@kernel.org>
References: <cover.1426728647.git.luto@kernel.org>
In-Reply-To: <cover.1426728647.git.luto@kernel.org>
References: <cover.1426728647.git.luto@kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

user_mode is dangerous and user_mode_vm has a confusing name.  Add
user_mode_ignore_vm86 (equivalent to current user_mode).  We'll
change the small number of legitimate users of user_mode to
user_mode_ignore_vm86.

Inspired by grsec, although this works rather differently.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 arch/x86/include/asm/ptrace.h | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index 74bb2e0f3030..a60c59e977cc 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -121,6 +121,23 @@ static inline int user_mode_vm(struct pt_regs *regs)
 #endif
 }
 
+/*
+ * This is the fastest way to check whether regs come from user space.
+ * It is unsafe if regs might come from vm86 mode, though -- in vm86
+ * mode, all bits of CS and SS are completely under the user's control.
+ * The CPU considers vm86 mode to be CPL 3 regardless of CS and SS.
+ *
+ * Do NOT use this function unless you have already ruled out the
+ * possibility that regs came from vm86 mode.
+ *
+ * We check for RPL != 0 instead of RPL == 3 because we don't use rings
+ * 1 or 2 and this is more efficient.
+ */
+static inline int user_mode_ignore_vm86(struct pt_regs *regs)
+{
+	return (regs->cs & SEGMENT_RPL_MASK) != 0;
+}
+
 static inline int v8086_mode(struct pt_regs *regs)
 {
 #ifdef CONFIG_X86_32
-- 
2.3.0