From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755949AbdGXRHt (ORCPT ); Mon, 24 Jul 2017 13:07:49 -0400 Received: from mail-qt0-f178.google.com ([209.85.216.178]:36812 "EHLO mail-qt0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755920AbdGXRHL (ORCPT ); Mon, 24 Jul 2017 13:07:11 -0400 MIME-Version: 1.0 In-Reply-To: <20170719175900.124074-1-thgarnie@google.com> References: <20170719175900.124074-1-thgarnie@google.com> From: Thomas Garnier Date: Mon, 24 Jul 2017 10:07:09 -0700 Message-ID: Subject: Re: [PATCH 1/3] arm/syscalls: Move address limit check in loop To: Russell King , Thomas Garnier , Thomas Gleixner , Catalin Marinas , Will Deacon , Dave Martin , Chris Metcalf , Pratyush Anand , Leonard Crestez Cc: linux-arm-kernel@lists.infradead.org, LKML , Kernel Hardening Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 19, 2017 at 10:58 AM, Thomas Garnier wrote: > The work pending loop can call set_fs after addr_limit_user_check > removed the _TIF_FSCHECK flag. To prevent the infinite loop, move > the addr_limit_user_check call at the beginning of the loop. > > Fixes: 73ac5d6a2b6a ("arm/syscalls: Check address limit on user-mode return") > Reported-by: Leonard Crestez > Signed-off-by: Thomas Garnier Any comments on this patch set? > --- > arch/arm/kernel/signal.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c > index 3a48b54c6405..f4574287d14b 100644 > --- a/arch/arm/kernel/signal.c > +++ b/arch/arm/kernel/signal.c > @@ -573,10 +573,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) > */ > trace_hardirqs_off(); > > - /* Check valid user FS if needed */ > - addr_limit_user_check(); > - > do { > + /* Check valid user FS if needed */ > + addr_limit_user_check(); > + > if (likely(thread_flags & _TIF_NEED_RESCHED)) { > schedule(); > } else { > -- > 2.14.0.rc0.284.gd933b75aa4-goog > -- Thomas From mboxrd@z Thu Jan 1 00:00:00 1970 From: thgarnie@google.com (Thomas Garnier) Date: Mon, 24 Jul 2017 10:07:09 -0700 Subject: [PATCH 1/3] arm/syscalls: Move address limit check in loop In-Reply-To: <20170719175900.124074-1-thgarnie@google.com> References: <20170719175900.124074-1-thgarnie@google.com> Message-ID: To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Wed, Jul 19, 2017 at 10:58 AM, Thomas Garnier wrote: > The work pending loop can call set_fs after addr_limit_user_check > removed the _TIF_FSCHECK flag. To prevent the infinite loop, move > the addr_limit_user_check call at the beginning of the loop. > > Fixes: 73ac5d6a2b6a ("arm/syscalls: Check address limit on user-mode return") > Reported-by: Leonard Crestez > Signed-off-by: Thomas Garnier Any comments on this patch set? > --- > arch/arm/kernel/signal.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c > index 3a48b54c6405..f4574287d14b 100644 > --- a/arch/arm/kernel/signal.c > +++ b/arch/arm/kernel/signal.c > @@ -573,10 +573,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) > */ > trace_hardirqs_off(); > > - /* Check valid user FS if needed */ > - addr_limit_user_check(); > - > do { > + /* Check valid user FS if needed */ > + addr_limit_user_check(); > + > if (likely(thread_flags & _TIF_NEED_RESCHED)) { > schedule(); > } else { > -- > 2.14.0.rc0.284.gd933b75aa4-goog > -- Thomas From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <20170719175900.124074-1-thgarnie@google.com> References: <20170719175900.124074-1-thgarnie@google.com> From: Thomas Garnier Date: Mon, 24 Jul 2017 10:07:09 -0700 Message-ID: Content-Type: text/plain; charset="UTF-8" Subject: [kernel-hardening] Re: [PATCH 1/3] arm/syscalls: Move address limit check in loop To: Russell King , Thomas Garnier , Thomas Gleixner , Catalin Marinas , Will Deacon , Dave Martin , Chris Metcalf , Pratyush Anand , Leonard Crestez Cc: linux-arm-kernel@lists.infradead.org, LKML , Kernel Hardening List-ID: On Wed, Jul 19, 2017 at 10:58 AM, Thomas Garnier wrote: > The work pending loop can call set_fs after addr_limit_user_check > removed the _TIF_FSCHECK flag. To prevent the infinite loop, move > the addr_limit_user_check call at the beginning of the loop. > > Fixes: 73ac5d6a2b6a ("arm/syscalls: Check address limit on user-mode return") > Reported-by: Leonard Crestez > Signed-off-by: Thomas Garnier Any comments on this patch set? > --- > arch/arm/kernel/signal.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c > index 3a48b54c6405..f4574287d14b 100644 > --- a/arch/arm/kernel/signal.c > +++ b/arch/arm/kernel/signal.c > @@ -573,10 +573,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) > */ > trace_hardirqs_off(); > > - /* Check valid user FS if needed */ > - addr_limit_user_check(); > - > do { > + /* Check valid user FS if needed */ > + addr_limit_user_check(); > + > if (likely(thread_flags & _TIF_NEED_RESCHED)) { > schedule(); > } else { > -- > 2.14.0.rc0.284.gd933b75aa4-goog > -- Thomas