From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S968223AbdIZInQ (ORCPT ); Tue, 26 Sep 2017 04:43:16 -0400 Received: from terminus.zytor.com ([65.50.211.136]:57785 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933842AbdIZInO (ORCPT ); Tue, 26 Sep 2017 04:43:14 -0400 Date: Tue, 26 Sep 2017 01:34:23 -0700 From: tip-bot for Eric Biggers Message-ID: Cc: mhalcrow@google.com, fenghua.yu@intel.com, riel@redhat.com, dave.hansen@linux.intel.com, peterz@infradead.org, ebiggers@google.com, wanpeng.li@hotmail.com, dvyukov@google.com, akpm@linux-foundation.org, mingo@kernel.org, hpa@zytor.com, oleg@redhat.com, torvalds@linux-foundation.org, luto@amacapital.net, linux-kernel@vger.kernel.org, keescook@chromium.org, luto@kernel.org, bp@alien8.de, yu-cheng.yu@intel.com, haokexin@gmail.com, tglx@linutronix.de, ebiggers3@gmail.com Reply-To: ebiggers3@gmail.com, tglx@linutronix.de, haokexin@gmail.com, yu-cheng.yu@intel.com, bp@alien8.de, luto@kernel.org, keescook@chromium.org, linux-kernel@vger.kernel.org, luto@amacapital.net, oleg@redhat.com, hpa@zytor.com, torvalds@linux-foundation.org, akpm@linux-foundation.org, mingo@kernel.org, dvyukov@google.com, wanpeng.li@hotmail.com, ebiggers@google.com, peterz@infradead.org, dave.hansen@linux.intel.com, riel@redhat.com, fenghua.yu@intel.com, mhalcrow@google.com In-Reply-To: <20170924105913.9157-2-mingo@kernel.org> References: <20170924105913.9157-2-mingo@kernel.org> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/fpu] x86/fpu: Introduce validate_xstate_header() Git-Commit-ID: e63e5d5c15c6b1dba26f7cbd1b1089a1d6155db5 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: e63e5d5c15c6b1dba26f7cbd1b1089a1d6155db5 Gitweb: http://git.kernel.org/tip/e63e5d5c15c6b1dba26f7cbd1b1089a1d6155db5 Author: Eric Biggers AuthorDate: Sun, 24 Sep 2017 12:59:04 +0200 Committer: Ingo Molnar CommitDate: Tue, 26 Sep 2017 09:43:45 +0200 x86/fpu: Introduce validate_xstate_header() Move validation of user-supplied xstate_header into a helper function, in preparation of calling it from both the ptrace and sigreturn syscall paths. The new function also considers it to be an error if *any* reserved bits are set, whereas before we were just clearing most of them silently. This should reduce the chance of bugs that fail to correctly validate user-supplied XSAVE areas. It also will expose any broken userspace programs that set the other reserved bits; this is desirable because such programs will lose compatibility with future CPUs and kernels if those bits are ever used for anything. (There shouldn't be any such programs, and in fact in the case where the compacted format is in use we were already validating xfeatures. But you never know...) Signed-off-by: Eric Biggers Cc: Andrew Morton Cc: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Dmitry Vyukov Cc: Eric Biggers Cc: Fenghua Yu Cc: Kees Cook Cc: Kevin Hao Cc: Linus Torvalds Cc: Michael Halcrow Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Cc: Wanpeng Li Cc: Yu-cheng Yu Cc: kernel-hardening@lists.openwall.com Link: http://lkml.kernel.org/r/20170924105913.9157-2-mingo@kernel.org Signed-off-by: Ingo Molnar --- arch/x86/include/asm/fpu/xstate.h | 4 ++++ arch/x86/kernel/fpu/xstate.c | 24 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h index 579ac23..83fee24 100644 --- a/arch/x86/include/asm/fpu/xstate.h +++ b/arch/x86/include/asm/fpu/xstate.h @@ -52,4 +52,8 @@ int copy_xstate_to_kernel(void *kbuf, struct xregs_state *xsave, unsigned int of int copy_xstate_to_user(void __user *ubuf, struct xregs_state *xsave, unsigned int offset, unsigned int size); int copy_kernel_to_xstate(struct xregs_state *xsave, const void *kbuf); int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf); + +/* Validate an xstate header supplied by userspace (ptrace or sigreturn) */ +extern int validate_xstate_header(const struct xstate_header *hdr); + #endif diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 703e76d..2427aee 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -483,6 +483,30 @@ int using_compacted_format(void) return boot_cpu_has(X86_FEATURE_XSAVES); } +/* Validate an xstate header supplied by userspace (ptrace or sigreturn) */ +int validate_xstate_header(const struct xstate_header *hdr) +{ + /* No unknown or supervisor features may be set */ + if (hdr->xfeatures & (~xfeatures_mask | XFEATURE_MASK_SUPERVISOR)) + return -EINVAL; + + /* Userspace must use the uncompacted format */ + if (hdr->xcomp_bv) + return -EINVAL; + + /* + * If 'reserved' is shrunken to add a new field, make sure to validate + * that new field here! + */ + BUILD_BUG_ON(sizeof(hdr->reserved) != 48); + + /* No reserved bits may be set */ + if (memchr_inv(hdr->reserved, 0, sizeof(hdr->reserved))) + return -EINVAL; + + return 0; +} + static void __xstate_dump_leaves(void) { int i;