From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751512AbdIMIAS (ORCPT ); Wed, 13 Sep 2017 04:00:18 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:36532 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751031AbdIMIAP (ORCPT ); Wed, 13 Sep 2017 04:00:15 -0400 X-Google-Smtp-Source: AOwi7QDK1fs4oZse6aA/rC7yd1VZ11b2M//GCYVKaXaqdcYU0rkwZdRwBvCytRZOgGatgYLmgdNm4w== Date: Wed, 13 Sep 2017 10:00:11 +0200 From: Ingo Molnar To: Kees Cook Cc: Will Deacon , Thomas Garnier , Thomas Gleixner , Russell King , Catalin Marinas , Andy Lutomirski , Will Drewry , Al Viro , Dave Martin , Pratyush Anand , Dave Hansen , Arnd Bergmann , David Howells , Yonghong Song , "linux-arm-kernel@lists.infradead.org" , Linux API , LKML Subject: Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop Message-ID: <20170913080011.cxydu4ptal53okzm@gmail.com> References: <1504798247-48833-1-git-send-email-keescook@chromium.org> <1504798247-48833-5-git-send-email-keescook@chromium.org> <20170912182727.GB27652@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Kees Cook wrote: > On Tue, Sep 12, 2017 at 11:27 AM, Will Deacon wrote: > > Hi Kees, > > > > On Thu, Sep 07, 2017 at 08:30:47AM -0700, Kees Cook wrote: > >> From: Thomas Garnier > >> > >> A bug was reported on ARM where set_fs might be called after it was > >> checked on the work pending function. ARM64 is not affected by this bug > >> but has a similar construct. In order to avoid any similar problems in > >> the future, the addr_limit_user_check function is moved at the beginning > >> of the loop. > >> > >> Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode return") > >> Reported-by: Leonard Crestez > >> Signed-off-by: Thomas Garnier > >> Signed-off-by: Kees Cook > >> --- > >> arch/arm64/kernel/signal.c | 6 +++--- > >> 1 file changed, 3 insertions(+), 3 deletions(-) > > > > What's the plan for this series? It looks like somehow an old v2 of the > > original series made it into mainline, so I'd like to see these fixes get > > in ASAP. I'm still slightly nervous about pathological setting of the > > FSCHECK flag due to e.g. a PMU IRQ causing a livelock in do_notify_resume, > > but that's at least less likely with this fix :/ > > Hi! I resent this to Ingo to pick up for -tip. I think he's waiting > for -rc1, IIUC. Ingo, can you comment on timing for this getting sent > to Linus? Will accelerate them - didn't realize the urgency. Thanks, Ingo From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ingo Molnar Subject: Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop Date: Wed, 13 Sep 2017 10:00:11 +0200 Message-ID: <20170913080011.cxydu4ptal53okzm@gmail.com> References: <1504798247-48833-1-git-send-email-keescook@chromium.org> <1504798247-48833-5-git-send-email-keescook@chromium.org> <20170912182727.GB27652@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Kees Cook Cc: Will Deacon , Thomas Garnier , Thomas Gleixner , Russell King , Catalin Marinas , Andy Lutomirski , Will Drewry , Al Viro , Dave Martin , Pratyush Anand , Dave Hansen , Arnd Bergmann , David Howells , Yonghong Song , "linux-arm-kernel@lists.infradead.org" , Linux API , LKML List-Id: linux-api@vger.kernel.org * Kees Cook wrote: > On Tue, Sep 12, 2017 at 11:27 AM, Will Deacon wrote: > > Hi Kees, > > > > On Thu, Sep 07, 2017 at 08:30:47AM -0700, Kees Cook wrote: > >> From: Thomas Garnier > >> > >> A bug was reported on ARM where set_fs might be called after it was > >> checked on the work pending function. ARM64 is not affected by this bug > >> but has a similar construct. In order to avoid any similar problems in > >> the future, the addr_limit_user_check function is moved at the beginning > >> of the loop. > >> > >> Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode return") > >> Reported-by: Leonard Crestez > >> Signed-off-by: Thomas Garnier > >> Signed-off-by: Kees Cook > >> --- > >> arch/arm64/kernel/signal.c | 6 +++--- > >> 1 file changed, 3 insertions(+), 3 deletions(-) > > > > What's the plan for this series? It looks like somehow an old v2 of the > > original series made it into mainline, so I'd like to see these fixes get > > in ASAP. I'm still slightly nervous about pathological setting of the > > FSCHECK flag due to e.g. a PMU IRQ causing a livelock in do_notify_resume, > > but that's at least less likely with this fix :/ > > Hi! I resent this to Ingo to pick up for -tip. I think he's waiting > for -rc1, IIUC. Ingo, can you comment on timing for this getting sent > to Linus? Will accelerate them - didn't realize the urgency. Thanks, Ingo From mboxrd@z Thu Jan 1 00:00:00 1970 From: mingo@kernel.org (Ingo Molnar) Date: Wed, 13 Sep 2017 10:00:11 +0200 Subject: [PATCH 4/4] arm64/syscalls: Move address limit check in loop In-Reply-To: References: <1504798247-48833-1-git-send-email-keescook@chromium.org> <1504798247-48833-5-git-send-email-keescook@chromium.org> <20170912182727.GB27652@arm.com> Message-ID: <20170913080011.cxydu4ptal53okzm@gmail.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org * Kees Cook wrote: > On Tue, Sep 12, 2017 at 11:27 AM, Will Deacon wrote: > > Hi Kees, > > > > On Thu, Sep 07, 2017 at 08:30:47AM -0700, Kees Cook wrote: > >> From: Thomas Garnier > >> > >> A bug was reported on ARM where set_fs might be called after it was > >> checked on the work pending function. ARM64 is not affected by this bug > >> but has a similar construct. In order to avoid any similar problems in > >> the future, the addr_limit_user_check function is moved at the beginning > >> of the loop. > >> > >> Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode return") > >> Reported-by: Leonard Crestez > >> Signed-off-by: Thomas Garnier > >> Signed-off-by: Kees Cook > >> --- > >> arch/arm64/kernel/signal.c | 6 +++--- > >> 1 file changed, 3 insertions(+), 3 deletions(-) > > > > What's the plan for this series? It looks like somehow an old v2 of the > > original series made it into mainline, so I'd like to see these fixes get > > in ASAP. I'm still slightly nervous about pathological setting of the > > FSCHECK flag due to e.g. a PMU IRQ causing a livelock in do_notify_resume, > > but that's at least less likely with this fix :/ > > Hi! I resent this to Ingo to pick up for -tip. I think he's waiting > for -rc1, IIUC. Ingo, can you comment on timing for this getting sent > to Linus? Will accelerate them - didn't realize the urgency. Thanks, Ingo