From: Thomas Garnier <thgarnie@google.com> To: "David Howells" <dhowells@redhat.com>, "Dave Hansen" <dave.hansen@intel.com>, "Arnd Bergmann" <arnd@arndb.de>, "Al Viro" <viro@zeniv.linux.org.uk>, "René Nyffenegger" <mail@renenyffenegger.ch>, "Thomas Garnier" <thgarnie@google.com>, "Andrew Morton" <akpm@linux-foundation.org>, "Kees Cook" <keescook@chromium.org>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, "David S . Miller" <davem@davemloft.net>, "Andy Lutomirski" <luto@kernel.org>, "Ard Biesheuvel" <ard.biesheuvel@linaro.org>, "Nicolas Pitre" <nicolas.pitre@linaro.org>, "Petr Mladek" <pmladek@suse.com>, "Sebastian Andrzej Siewior" <bigeasy@linutronix.de>, "Sergey Senozhatsky" <sergey.senozhatsky@gmail.com>, "Helge Deller" <deller@gmx.de>, "Rik van Riel" <riel@redhat.com>, "Ingo Molnar" <mingo@kernel.org>, "Oleg Nesterov" <oleg@redhat.com>, "John Stultz" <john.stultz@linaro.org>, "Thomas Gleixner" <tglx@linutronix.de> Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 4/4] arm64/syscalls: Specific usage of verify_pre_usermode_state Date: Wed, 8 Mar 2017 17:24:56 -0800 [thread overview] Message-ID: <20170309012456.5631-4-thgarnie@google.com> (raw) In-Reply-To: <20170309012456.5631-1-thgarnie@google.com> Implement specific usage of verify_pre_usermode_state for user-mode returns for arm64. --- Based on next-20170308 --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/entry.S | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 896eba61e5ed..da54774838d8 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -24,6 +24,7 @@ config ARM64 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION select ARCH_WANT_FRAME_POINTERS select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE select ARM_AMBA select ARM_ARCH_TIMER select ARM_GIC diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 43512d4d7df2..eca392ae63e9 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -737,6 +737,19 @@ ENTRY(cpu_switch_to) ret ENDPROC(cpu_switch_to) +#ifdef CONFIG_BUG_ON_DATA_CORRUPTION +.macro VERIFY_PRE_USERMODE_STATE + bl verify_pre_usermode_state +.endm +#else +/* Similar to set_fs(USER_DS) in verify_pre_usermode_state without a warning. */ +.macro VERIFY_PRE_USERMODE_STATE + mov x1, #TASK_SIZE_64 + str x1, [tsk, #TSK_TI_ADDR_LIMIT] +.endm +#endif + + /* * This is the fast syscall return path. We do as little as possible here, * and this includes saving x0 back into the kernel stack. @@ -744,6 +757,7 @@ ENDPROC(cpu_switch_to) ret_fast_syscall: disable_irq // disable interrupts str x0, [sp, #S_X0] // returned x0 + VERIFY_PRE_USERMODE_STATE ldr x1, [tsk, #TSK_TI_FLAGS] // re-check for syscall tracing and x2, x1, #_TIF_SYSCALL_WORK cbnz x2, ret_fast_syscall_trace @@ -771,6 +785,7 @@ work_pending: */ ret_to_user: disable_irq // disable interrupts + VERIFY_PRE_USERMODE_STATE ldr x1, [tsk, #TSK_TI_FLAGS] and x2, x1, #_TIF_WORK_MASK cbnz x2, work_pending -- 2.12.0.246.ga2ecc84866-goog
WARNING: multiple messages have this Message-ID (diff)
From: Thomas Garnier <thgarnie@google.com> To: "David Howells" <dhowells@redhat.com>, "Dave Hansen" <dave.hansen@intel.com>, "Arnd Bergmann" <arnd@arndb.de>, "Al Viro" <viro@zeniv.linux.org.uk>, "René Nyffenegger" <mail@renenyffenegger.ch>, "Thomas Garnier" <thgarnie@google.com>, "Andrew Morton" <akpm@linux-foundation.org>, "Kees Cook" <keescook@chromium.org>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, "David S . Miller" <davem@davemloft.net>, "Andy Lutomirski" <luto@kernel.org>, "Ard Biesheuvel" <ard.biesheuvel@linaro.org>, "Nicolas Pitre" <nicolas.pitre@linaro.org>, "Petr Mladek" <pmladek@suse.com>, "Sebastian Andrzej Siewior" <bigeasy@linutronix.de>, "Sergey Senozhatsky" <sergey.senozhatsky@gmail.com>, "Helge Deller" <deller@gmx.de>, "Rik van Riel" <riel@redhat.com>, "Ingo Molnar" <mingo@kernel.org>, "Oleg Nesterov" <oleg@redhat.com>, "John Stultz" <john.stultz@linaro.org>, "Thomas Gleixner" <tglx@linutronix.de>, "Pavel Tikhomirov" <ptikhomirov@virtuozzo.com>, "Frederic Weisbecker" <fweisbec@gmail.com>, "Stephen Smalley" <sds@tycho.nsa.gov>, "Stanislav Kinsburskiy" <skinsbursky@virtuozzo.com>, "Ingo Molnar" <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, "Paolo Bonzini" <pbonzini@redhat.com>, "Borislav Petkov" <bp@alien8.de>, "Josh Poimboeuf" <jpoimboe@redhat.com>, "Brian Gerst" <brgerst@gmail.com>, "Jan Beulich" <JBeulich@suse.com>, "Christian Borntraeger" <borntraeger@de.ibm.com>, "Luis R . Rodriguez" <mcgrof@kernel.org>, "He Chen" <he.chen@linux.intel.com>, "Russell King" <linux@armlinux.org.uk>, "Will Deacon" <will.deacon@arm.com>, "Catalin Marinas" <catalin.marinas@arm.com>, "Mark Rutland" <mark.rutland@arm.com>, "James Morse" <james.morse@arm.com>, "Pratyush Anand" <panand@redhat.com>, "Vladimir Murzin" <vladimir.murzin@arm.com>, "Chris Metcalf" <cmetcalf@mellanox.com>, "Andre Przywara" <andre.przywara@arm.com> Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com Subject: [kernel-hardening] [PATCH v2 4/4] arm64/syscalls: Specific usage of verify_pre_usermode_state Date: Wed, 8 Mar 2017 17:24:56 -0800 [thread overview] Message-ID: <20170309012456.5631-4-thgarnie@google.com> (raw) In-Reply-To: <20170309012456.5631-1-thgarnie@google.com> Implement specific usage of verify_pre_usermode_state for user-mode returns for arm64. --- Based on next-20170308 --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/entry.S | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 896eba61e5ed..da54774838d8 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -24,6 +24,7 @@ config ARM64 select ARCH_WANT_COMPAT_IPC_PARSE_VERSION select ARCH_WANT_FRAME_POINTERS select ARCH_HAS_UBSAN_SANITIZE_ALL + select ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE select ARM_AMBA select ARM_ARCH_TIMER select ARM_GIC diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 43512d4d7df2..eca392ae63e9 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -737,6 +737,19 @@ ENTRY(cpu_switch_to) ret ENDPROC(cpu_switch_to) +#ifdef CONFIG_BUG_ON_DATA_CORRUPTION +.macro VERIFY_PRE_USERMODE_STATE + bl verify_pre_usermode_state +.endm +#else +/* Similar to set_fs(USER_DS) in verify_pre_usermode_state without a warning. */ +.macro VERIFY_PRE_USERMODE_STATE + mov x1, #TASK_SIZE_64 + str x1, [tsk, #TSK_TI_ADDR_LIMIT] +.endm +#endif + + /* * This is the fast syscall return path. We do as little as possible here, * and this includes saving x0 back into the kernel stack. @@ -744,6 +757,7 @@ ENDPROC(cpu_switch_to) ret_fast_syscall: disable_irq // disable interrupts str x0, [sp, #S_X0] // returned x0 + VERIFY_PRE_USERMODE_STATE ldr x1, [tsk, #TSK_TI_FLAGS] // re-check for syscall tracing and x2, x1, #_TIF_SYSCALL_WORK cbnz x2, ret_fast_syscall_trace @@ -771,6 +785,7 @@ work_pending: */ ret_to_user: disable_irq // disable interrupts + VERIFY_PRE_USERMODE_STATE ldr x1, [tsk, #TSK_TI_FLAGS] and x2, x1, #_TIF_WORK_MASK cbnz x2, work_pending -- 2.12.0.246.ga2ecc84866-goog
next prev parent reply other threads:[~2017-03-09 1:24 UTC|newest] Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-03-09 1:24 [PATCH v2 1/4] syscalls: Restore address limit after a syscall Thomas Garnier 2017-03-09 1:24 ` [kernel-hardening] " Thomas Garnier 2017-03-09 1:24 ` [PATCH v2 2/4] x86/syscalls: Specific usage of verify_pre_usermode_state Thomas Garnier 2017-03-09 1:24 ` [kernel-hardening] " Thomas Garnier 2017-03-09 1:24 ` [PATCH v2 3/4] arm/syscalls: " Thomas Garnier 2017-03-09 1:24 ` [kernel-hardening] " Thomas Garnier 2017-03-09 1:24 ` Thomas Garnier [this message] 2017-03-09 1:24 ` [kernel-hardening] [PATCH v2 4/4] arm64/syscalls: " Thomas Garnier 2017-03-09 12:23 ` Mark Rutland 2017-03-09 12:23 ` [kernel-hardening] " Mark Rutland 2017-03-09 12:23 ` Mark Rutland 2017-03-09 15:56 ` Thomas Garnier 2017-03-09 15:56 ` [kernel-hardening] " Thomas Garnier 2017-03-09 15:56 ` Thomas Garnier 2017-03-09 16:05 ` Mark Rutland 2017-03-09 16:05 ` [kernel-hardening] " Mark Rutland 2017-03-09 16:05 ` Mark Rutland 2017-03-09 16:19 ` Thomas Garnier 2017-03-09 16:19 ` [kernel-hardening] " Thomas Garnier 2017-03-09 16:19 ` Thomas Garnier 2017-03-09 16:26 ` Russell King - ARM Linux 2017-03-09 16:26 ` [kernel-hardening] " Russell King - ARM Linux 2017-03-09 16:26 ` Russell King - ARM Linux 2017-03-09 16:35 ` Thomas Garnier 2017-03-09 16:35 ` [kernel-hardening] " Thomas Garnier 2017-03-09 16:35 ` Thomas Garnier 2017-03-09 17:05 ` Russell King - ARM Linux 2017-03-09 17:05 ` [kernel-hardening] " Russell King - ARM Linux 2017-03-09 17:05 ` Russell King - ARM Linux 2017-03-09 8:42 ` [PATCH v2 1/4] syscalls: Restore address limit after a syscall Borislav Petkov 2017-03-09 8:42 ` [kernel-hardening] " Borislav Petkov 2017-03-09 8:42 ` Borislav Petkov 2017-03-09 15:48 ` Thomas Garnier 2017-03-09 15:48 ` [kernel-hardening] " Thomas Garnier 2017-03-09 15:48 ` Thomas Garnier 2017-03-09 17:27 ` Andy Lutomirski 2017-03-09 17:27 ` [kernel-hardening] " Andy Lutomirski 2017-03-09 17:41 ` Thomas Garnier 2017-03-09 17:41 ` [kernel-hardening] " Thomas Garnier 2017-03-09 10:39 ` Sergey Senozhatsky 2017-03-09 10:39 ` [kernel-hardening] " Sergey Senozhatsky 2017-03-09 12:09 ` Mark Rutland 2017-03-09 12:09 ` [kernel-hardening] " Mark Rutland 2017-03-09 12:09 ` Mark Rutland 2017-03-09 13:44 ` Russell King - ARM Linux 2017-03-09 13:44 ` [kernel-hardening] " Russell King - ARM Linux 2017-03-09 13:44 ` Russell King - ARM Linux 2017-03-09 15:21 ` Mark Rutland 2017-03-09 15:21 ` [kernel-hardening] " Mark Rutland 2017-03-09 15:21 ` Mark Rutland 2017-03-09 15:54 ` Thomas Garnier 2017-03-09 15:54 ` [kernel-hardening] " Thomas Garnier 2017-03-09 15:54 ` Thomas Garnier 2017-03-09 15:52 ` Thomas Garnier 2017-03-09 15:52 ` [kernel-hardening] " Thomas Garnier 2017-03-09 15:52 ` Thomas Garnier 2017-03-09 12:32 ` Christian Borntraeger 2017-03-09 12:32 ` [kernel-hardening] " Christian Borntraeger 2017-03-09 15:53 ` Thomas Garnier 2017-03-09 15:53 ` [kernel-hardening] " Thomas Garnier
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170309012456.5631-4-thgarnie@google.com \ --to=thgarnie@google.com \ --cc=akpm@linux-foundation.org \ --cc=ard.biesheuvel@linaro.org \ --cc=arnd@arndb.de \ --cc=bigeasy@linutronix.de \ --cc=dave.hansen@intel.com \ --cc=davem@davemloft.net \ --cc=deller@gmx.de \ --cc=dhowells@redhat.com \ --cc=john.stultz@linaro.org \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=linux-api@vger.kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mail@renenyffenegger.ch \ --cc=mingo@kernel.org \ --cc=nicolas.pitre@linaro.org \ --cc=oleg@redhat.com \ --cc=paulmck@linux.vnet.ibm.com \ --cc=pmladek@suse.com \ --cc=riel@redhat.com \ --cc=sergey.senozhatsky@gmail.com \ --cc=tglx@linutronix.de \ --cc=viro@zeniv.linux.org.uk \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.