From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Mon, 15 Jan 2018 12:24:59 +0000 From: Dave P Martin Message-ID: <20180115122458.GI12608@e103592.cambridge.arm.com> References: <1515636190-24061-1-git-send-email-keescook@chromium.org> <1515636190-24061-34-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1515636190-24061-34-git-send-email-keescook@chromium.org> Content-Transfer-Encoding: quoted-printable Subject: [kernel-hardening] Re: [PATCH 33/38] arm64: Implement thread_struct whitelist for hardened usercopy To: Kees Cook Cc: "linux-kernel@vger.kernel.org" , Catalin Marinas , Will Deacon , Christian Borntraeger , Ingo Molnar , James Morse , "Peter Zijlstra (Intel)" , zijun_hu , "linux-arm-kernel@lists.infradead.org" , Linus Torvalds , David Windsor , Alexander Viro , Andrew Morton , Andy Lutomirski , Christoph Hellwig , Christoph Lameter , "David S. Miller" , Laura Abbott , Mark Rutland , "Martin K. Petersen" , Paolo Bonzini , Christoffer Dall , Dave Kleikamp , Jan Kara , Luis de Bethencourt , Marc Zyngier , Rik van Riel , Matthew Garrett , "linux-fsdevel@vger.kernel.org" , "linux-arch@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-mm@kvack.org" , "kernel-hardening@lists.openwall.com" List-ID: On Thu, Jan 11, 2018 at 02:03:05AM +0000, Kees Cook wrote: > This whitelists the FPU register state portion of the thread_struct for > copying to userspace, instead of the default entire structure. > > Cc: Catalin Marinas > Cc: Will Deacon > Cc: Christian Borntraeger > Cc: Ingo Molnar > Cc: James Morse > Cc: "Peter Zijlstra (Intel)" > Cc: Dave Martin > Cc: zijun_hu > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook > --- > arch/arm64/Kconfig | 1 + > arch/arm64/include/asm/processor.h | 8 ++++++++ > 2 files changed, 9 insertions(+) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index a93339f5178f..c84477e6a884 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -90,6 +90,7 @@ config ARM64 > select HAVE_ARCH_MMAP_RND_BITS > select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT > select HAVE_ARCH_SECCOMP_FILTER > + select HAVE_ARCH_THREAD_STRUCT_WHITELIST > select HAVE_ARCH_TRACEHOOK > select HAVE_ARCH_TRANSPARENT_HUGEPAGE > select HAVE_ARCH_VMAP_STACK > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/= processor.h > index 023cacb946c3..e58a5864ec89 100644 > --- a/arch/arm64/include/asm/processor.h > +++ b/arch/arm64/include/asm/processor.h > @@ -113,6 +113,14 @@ struct thread_struct { > struct debug_info debug; /* debugging */ > }; > > +/* Whitelist the fpsimd_state for copying to userspace. */ > +static inline void arch_thread_struct_whitelist(unsigned long *offset, > + unsigned long *size) > +{ > + *offset =3D offsetof(struct thread_struct, fpsimd_state); > + *size =3D sizeof(struct fpsimd_state); This should be fpsimd_state.user_fpsimd (fpsimd_state.cpu is important for correctly context switching and not supposed to be user-accessible. A user copy that encompasses that is definitely a bug). Cheers ---Dave IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.