* [bug report] x86: Add PTRACE interface for shadow stack
@ 2023-03-25 11:08 Dan Carpenter
2023-03-25 19:41 ` Edgecombe, Rick P
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2023-03-25 11:08 UTC (permalink / raw)
To: rick.p.edgecombe; +Cc: kernel-janitors
Hello Rick Edgecombe,
The patch d84e6ee122e5: "x86: Add PTRACE interface for shadow stack"
from Mar 18, 2023, leads to the following Smatch static checker
warning:
arch/x86/kernel/fpu/regset.c:234 ssp_set()
error: uninitialized symbol 'user_ssp'.
arch/x86/kernel/fpu/regset.c
212 int ssp_set(struct task_struct *target, const struct user_regset *regset,
213 unsigned int pos, unsigned int count,
214 const void *kbuf, const void __user *ubuf)
215 {
216 struct fpu *fpu = &target->thread.fpu;
217 struct xregs_state *xsave = &fpu->fpstate->regs.xsave;
218 struct cet_user_state *cetregs;
219 unsigned long user_ssp;
220 int r;
221
222 if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK) ||
223 !ssp_active(target, regset))
224 return -ENODEV;
225
226 r = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_ssp, 0, -1);
^^^^^
"count" can be zero. It comes from the user in ptrace_request().
ptrace_request()
-> ptrace_regset()
-> copy_regset_from_user()
-> ssp_set()
227 if (r)
228 return r;
229
230 /*
231 * Some kernel instructions (IRET, etc) can cause exceptions in the case
232 * of disallowed CET register values. Just prevent invalid values.
233 */
--> 234 if (user_ssp >= TASK_SIZE_MAX || !IS_ALIGNED(user_ssp, 8))
^^^^^^^^
Leading to an uninitialized variable here.
235 return -EINVAL;
236
237 fpu_force_restore(fpu);
238
239 cetregs = get_xsave_addr(xsave, XFEATURE_CET_USER);
240 if (WARN_ON(!cetregs)) {
241 /*
242 * This shouldn't ever be NULL because shadow stack was
243 * verified to be enabled above. This means
244 * MSR_IA32_U_CET.CET_SHSTK_EN should be 1 and so
245 * XFEATURE_CET_USER should not be in the init state.
246 */
247 return -ENODEV;
248 }
249
250 cetregs->user_ssp = user_ssp;
251 return 0;
252 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug report] x86: Add PTRACE interface for shadow stack
2023-03-25 11:08 [bug report] x86: Add PTRACE interface for shadow stack Dan Carpenter
@ 2023-03-25 19:41 ` Edgecombe, Rick P
0 siblings, 0 replies; 2+ messages in thread
From: Edgecombe, Rick P @ 2023-03-25 19:41 UTC (permalink / raw)
To: error27; +Cc: kernel-janitors
On Sat, 2023-03-25 at 14:08 +0300, Dan Carpenter wrote:
> Hello Rick Edgecombe,
>
> The patch d84e6ee122e5: "x86: Add PTRACE interface for shadow stack"
> from Mar 18, 2023, leads to the following Smatch static checker
> warning:
>
> arch/x86/kernel/fpu/regset.c:234 ssp_set()
> error: uninitialized symbol 'user_ssp'.
Thanks for the report! I posted a fix here:
https://lore.kernel.org/lkml/20230325193349.31893-1-rick.p.edgecombe@intel.com/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-25 19:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-25 11:08 [bug report] x86: Add PTRACE interface for shadow stack Dan Carpenter
2023-03-25 19:41 ` Edgecombe, Rick P
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.