From: Thomas Garnier <thgarnie@google.com>
To: "David Howells" <dhowells@redhat.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"René Nyffenegger" <mail@renenyffenegger.ch>,
"Thomas Garnier" <thgarnie@google.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Kees Cook" <keescook@chromium.org>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
"David S . Miller" <davem@davemloft.net>,
"Andy Lutomirski" <luto@kernel.org>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Nicolas Pitre" <nicolas.pitre@linaro.org>,
"Petr Mladek" <pmladek@suse.com>,
"Sebastian Andrzej Siewior" <bigeasy@linutronix.de>,
"Sergey Senozhatsky" <sergey.senozhatsky@gmail.com>,
"Helge Deller" <deller@gmx.de>, "Rik van Riel" <riel@redhat.com>,
"Ingo Molnar" <mingo@kernel.org>,
"Oleg Nesterov" <oleg@redhat.com>,
"John Stultz" <john.stultz@linaro.org>,
"Thomas Gleixner" <tglx@linutronix.de>
Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, linux-arm-kernel@lists.infradead.org,
kernel-hardening@lists.openwall.com
Subject: [PATCH v2 4/4] arm64/syscalls: Specific usage of verify_pre_usermode_state
Date: Wed, 8 Mar 2017 17:24:56 -0800 [thread overview]
Message-ID: <20170309012456.5631-4-thgarnie@google.com> (raw)
In-Reply-To: <20170309012456.5631-1-thgarnie@google.com>
Implement specific usage of verify_pre_usermode_state for user-mode
returns for arm64.
---
Based on next-20170308
---
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/entry.S | 15 +++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 896eba61e5ed..da54774838d8 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -24,6 +24,7 @@ config ARM64
select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
select ARCH_WANT_FRAME_POINTERS
select ARCH_HAS_UBSAN_SANITIZE_ALL
+ select ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE
select ARM_AMBA
select ARM_ARCH_TIMER
select ARM_GIC
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 43512d4d7df2..eca392ae63e9 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -737,6 +737,19 @@ ENTRY(cpu_switch_to)
ret
ENDPROC(cpu_switch_to)
+#ifdef CONFIG_BUG_ON_DATA_CORRUPTION
+.macro VERIFY_PRE_USERMODE_STATE
+ bl verify_pre_usermode_state
+.endm
+#else
+/* Similar to set_fs(USER_DS) in verify_pre_usermode_state without a warning. */
+.macro VERIFY_PRE_USERMODE_STATE
+ mov x1, #TASK_SIZE_64
+ str x1, [tsk, #TSK_TI_ADDR_LIMIT]
+.endm
+#endif
+
+
/*
* This is the fast syscall return path. We do as little as possible here,
* and this includes saving x0 back into the kernel stack.
@@ -744,6 +757,7 @@ ENDPROC(cpu_switch_to)
ret_fast_syscall:
disable_irq // disable interrupts
str x0, [sp, #S_X0] // returned x0
+ VERIFY_PRE_USERMODE_STATE
ldr x1, [tsk, #TSK_TI_FLAGS] // re-check for syscall tracing
and x2, x1, #_TIF_SYSCALL_WORK
cbnz x2, ret_fast_syscall_trace
@@ -771,6 +785,7 @@ work_pending:
*/
ret_to_user:
disable_irq // disable interrupts
+ VERIFY_PRE_USERMODE_STATE
ldr x1, [tsk, #TSK_TI_FLAGS]
and x2, x1, #_TIF_WORK_MASK
cbnz x2, work_pending
--
2.12.0.246.ga2ecc84866-goog
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Garnier <thgarnie@google.com>
To: "David Howells" <dhowells@redhat.com>,
"Dave Hansen" <dave.hansen@intel.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"René Nyffenegger" <mail@renenyffenegger.ch>,
"Thomas Garnier" <thgarnie@google.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Kees Cook" <keescook@chromium.org>,
"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,
"David S . Miller" <davem@davemloft.net>,
"Andy Lutomirski" <luto@kernel.org>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Nicolas Pitre" <nicolas.pitre@linaro.org>,
"Petr Mladek" <pmladek@suse.com>,
"Sebastian Andrzej Siewior" <bigeasy@linutronix.de>,
"Sergey Senozhatsky" <sergey.senozhatsky@gmail.com>,
"Helge Deller" <deller@gmx.de>, "Rik van Riel" <riel@redhat.com>,
"Ingo Molnar" <mingo@kernel.org>,
"Oleg Nesterov" <oleg@redhat.com>,
"John Stultz" <john.stultz@linaro.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Pavel Tikhomirov" <ptikhomirov@virtuozzo.com>,
"Frederic Weisbecker" <fweisbec@gmail.com>,
"Stephen Smalley" <sds@tycho.nsa.gov>,
"Stanislav Kinsburskiy" <skinsbursky@virtuozzo.com>,
"Ingo Molnar" <mingo@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Jan Beulich" <JBeulich@suse.com>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
"He Chen" <he.chen@linux.intel.com>,
"Russell King" <linux@armlinux.org.uk>,
"Will Deacon" <will.deacon@arm.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Mark Rutland" <mark.rutland@arm.com>,
"James Morse" <james.morse@arm.com>,
"Pratyush Anand" <panand@redhat.com>,
"Vladimir Murzin" <vladimir.murzin@arm.com>,
"Chris Metcalf" <cmetcalf@mellanox.com>,
"Andre Przywara" <andre.przywara@arm.com>
Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, linux-arm-kernel@lists.infradead.org,
kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] [PATCH v2 4/4] arm64/syscalls: Specific usage of verify_pre_usermode_state
Date: Wed, 8 Mar 2017 17:24:56 -0800 [thread overview]
Message-ID: <20170309012456.5631-4-thgarnie@google.com> (raw)
In-Reply-To: <20170309012456.5631-1-thgarnie@google.com>
Implement specific usage of verify_pre_usermode_state for user-mode
returns for arm64.
---
Based on next-20170308
---
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/entry.S | 15 +++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 896eba61e5ed..da54774838d8 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -24,6 +24,7 @@ config ARM64
select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
select ARCH_WANT_FRAME_POINTERS
select ARCH_HAS_UBSAN_SANITIZE_ALL
+ select ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE
select ARM_AMBA
select ARM_ARCH_TIMER
select ARM_GIC
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index 43512d4d7df2..eca392ae63e9 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -737,6 +737,19 @@ ENTRY(cpu_switch_to)
ret
ENDPROC(cpu_switch_to)
+#ifdef CONFIG_BUG_ON_DATA_CORRUPTION
+.macro VERIFY_PRE_USERMODE_STATE
+ bl verify_pre_usermode_state
+.endm
+#else
+/* Similar to set_fs(USER_DS) in verify_pre_usermode_state without a warning. */
+.macro VERIFY_PRE_USERMODE_STATE
+ mov x1, #TASK_SIZE_64
+ str x1, [tsk, #TSK_TI_ADDR_LIMIT]
+.endm
+#endif
+
+
/*
* This is the fast syscall return path. We do as little as possible here,
* and this includes saving x0 back into the kernel stack.
@@ -744,6 +757,7 @@ ENDPROC(cpu_switch_to)
ret_fast_syscall:
disable_irq // disable interrupts
str x0, [sp, #S_X0] // returned x0
+ VERIFY_PRE_USERMODE_STATE
ldr x1, [tsk, #TSK_TI_FLAGS] // re-check for syscall tracing
and x2, x1, #_TIF_SYSCALL_WORK
cbnz x2, ret_fast_syscall_trace
@@ -771,6 +785,7 @@ work_pending:
*/
ret_to_user:
disable_irq // disable interrupts
+ VERIFY_PRE_USERMODE_STATE
ldr x1, [tsk, #TSK_TI_FLAGS]
and x2, x1, #_TIF_WORK_MASK
cbnz x2, work_pending
--
2.12.0.246.ga2ecc84866-goog
next prev parent reply other threads:[~2017-03-09 1:24 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-09 1:24 [PATCH v2 1/4] syscalls: Restore address limit after a syscall Thomas Garnier
2017-03-09 1:24 ` [kernel-hardening] " Thomas Garnier
2017-03-09 1:24 ` [PATCH v2 2/4] x86/syscalls: Specific usage of verify_pre_usermode_state Thomas Garnier
2017-03-09 1:24 ` [kernel-hardening] " Thomas Garnier
2017-03-09 1:24 ` [PATCH v2 3/4] arm/syscalls: " Thomas Garnier
2017-03-09 1:24 ` [kernel-hardening] " Thomas Garnier
2017-03-09 1:24 ` Thomas Garnier [this message]
2017-03-09 1:24 ` [kernel-hardening] [PATCH v2 4/4] arm64/syscalls: " Thomas Garnier
2017-03-09 12:23 ` Mark Rutland
2017-03-09 12:23 ` [kernel-hardening] " Mark Rutland
2017-03-09 12:23 ` Mark Rutland
2017-03-09 15:56 ` Thomas Garnier
2017-03-09 15:56 ` [kernel-hardening] " Thomas Garnier
2017-03-09 15:56 ` Thomas Garnier
2017-03-09 16:05 ` Mark Rutland
2017-03-09 16:05 ` [kernel-hardening] " Mark Rutland
2017-03-09 16:05 ` Mark Rutland
2017-03-09 16:19 ` Thomas Garnier
2017-03-09 16:19 ` [kernel-hardening] " Thomas Garnier
2017-03-09 16:19 ` Thomas Garnier
2017-03-09 16:26 ` Russell King - ARM Linux
2017-03-09 16:26 ` [kernel-hardening] " Russell King - ARM Linux
2017-03-09 16:26 ` Russell King - ARM Linux
2017-03-09 16:35 ` Thomas Garnier
2017-03-09 16:35 ` [kernel-hardening] " Thomas Garnier
2017-03-09 16:35 ` Thomas Garnier
2017-03-09 17:05 ` Russell King - ARM Linux
2017-03-09 17:05 ` [kernel-hardening] " Russell King - ARM Linux
2017-03-09 17:05 ` Russell King - ARM Linux
2017-03-09 8:42 ` [PATCH v2 1/4] syscalls: Restore address limit after a syscall Borislav Petkov
2017-03-09 8:42 ` [kernel-hardening] " Borislav Petkov
2017-03-09 8:42 ` Borislav Petkov
2017-03-09 15:48 ` Thomas Garnier
2017-03-09 15:48 ` [kernel-hardening] " Thomas Garnier
2017-03-09 15:48 ` Thomas Garnier
2017-03-09 17:27 ` Andy Lutomirski
2017-03-09 17:27 ` [kernel-hardening] " Andy Lutomirski
2017-03-09 17:41 ` Thomas Garnier
2017-03-09 17:41 ` [kernel-hardening] " Thomas Garnier
2017-03-09 10:39 ` Sergey Senozhatsky
2017-03-09 10:39 ` [kernel-hardening] " Sergey Senozhatsky
2017-03-09 12:09 ` Mark Rutland
2017-03-09 12:09 ` [kernel-hardening] " Mark Rutland
2017-03-09 12:09 ` Mark Rutland
2017-03-09 13:44 ` Russell King - ARM Linux
2017-03-09 13:44 ` [kernel-hardening] " Russell King - ARM Linux
2017-03-09 13:44 ` Russell King - ARM Linux
2017-03-09 15:21 ` Mark Rutland
2017-03-09 15:21 ` [kernel-hardening] " Mark Rutland
2017-03-09 15:21 ` Mark Rutland
2017-03-09 15:54 ` Thomas Garnier
2017-03-09 15:54 ` [kernel-hardening] " Thomas Garnier
2017-03-09 15:54 ` Thomas Garnier
2017-03-09 15:52 ` Thomas Garnier
2017-03-09 15:52 ` [kernel-hardening] " Thomas Garnier
2017-03-09 15:52 ` Thomas Garnier
2017-03-09 12:32 ` Christian Borntraeger
2017-03-09 12:32 ` [kernel-hardening] " Christian Borntraeger
2017-03-09 15:53 ` Thomas Garnier
2017-03-09 15:53 ` [kernel-hardening] " Thomas Garnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170309012456.5631-4-thgarnie@google.com \
--to=thgarnie@google.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=bigeasy@linutronix.de \
--cc=dave.hansen@intel.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=dhowells@redhat.com \
--cc=john.stultz@linaro.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mail@renenyffenegger.ch \
--cc=mingo@kernel.org \
--cc=nicolas.pitre@linaro.org \
--cc=oleg@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=pmladek@suse.com \
--cc=riel@redhat.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.