Message ID | 20240123011238.work.301-kees@kernel.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-34577-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2553:b0:103:945f:af90 with SMTP id p19csp76144dyi; Mon, 22 Jan 2024 18:11:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IGcbP56vKgzbNPLxaADyWS5WbGvxrrx5oVO/EhEYBaHclQO+/fxmmNxhxewuTaoYKDtJUL0 X-Received: by 2002:ac8:5c4e:0:b0:42a:4b71:f12c with SMTP id j14-20020ac85c4e000000b0042a4b71f12cmr205717qtj.34.1705975894066; Mon, 22 Jan 2024 18:11:34 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705975894; cv=pass; d=google.com; s=arc-20160816; b=xgJkod3waGWQ3JNrcjqzwpKt77/Tm4sKc5TuE7KW/QQd6KS2Uu29Pxrl7V2L8K1y0g fj+e1ffsunG9P+Zwp3cgFiBoXyTQkGKy0K5F/TYPeugO9UT7iCmGwMiupdfX/gL6w2x2 JCXY0D+ICbIhRvdsRh5c3mcgasM+rsBAuvpPLacMP6Qwqylgr3S3gP6gKzBjtI69v4pr roRRTxvT6iDHvDT9KQ99IRkW5o27yAQnD+/BkqRwyNohk7WpbFQ7pFlBwUg3JLMrmQ1j WtaEetp9JOcEYCqbwW4QT/TepqOryRs75+yGI4LpgFin7mRAq9J/0MB6AA7MAMgVLUux Dpjg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=n14FGfYa3N4uzTdzNZsVaNNrsg5rUFPNmizA1oZLo14=; fh=c3lwlJrFP83wK4+cxGH1oHJhTSg6sjy3N/CyyYqwLGs=; b=OiDgkZ//G2J2uFaEHlBNHqf2s/5ziaJ+uIzK1/uKOFSTcD0IT3nTSXe3t1gnURa22e AljFjtx3W1jqbgD1p6Wjg0q61zUwUAtkhRehDFeEI3tNZnnmcWumAfjpOYC6QYq3aEHf Mt83kyDYNQC90HgoSZRq3niVMJ8QOtTThQ78jJBVoqx1zTkYhqUEdnkAOXvgqqDs2hi6 sV4dN4vnRbpc06+le9V9yfdyq37PGFRvUloT/Ied42hhaqsbiETUsOeW5Y2Jer43oPwE TxfjggD8wXvWi4GFYtxRdfDViSosjBVW8eNP3bNbmaUgxIskUchie3MoVEKrqQtjPv1a +CQw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="UW/j71wi"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-34577-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34577-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id y6-20020a05622a004600b0042a3d955fdasi3834855qtw.739.2024.01.22.18.11.33 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 18:11:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34577-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="UW/j71wi"; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-34577-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34577-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2F2A41C29A5E for <ouuuleilei@gmail.com>; Tue, 23 Jan 2024 02:10:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8BA0F1E4AB; Tue, 23 Jan 2024 01:12:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="UW/j71wi" Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7ADB3290F for <linux-kernel@vger.kernel.org>; Tue, 23 Jan 2024 01:12:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705972362; cv=none; b=HROWv7GlBmU/9xI38iubSSwatON9DRTKZefZgocMRfJrf6WVFjqtnLlbFPDCZYs34tu1rj5GPqPEWJGIKrPQjY33m74CuND0iNJW2UxXJnVwNiWCLOG28/t2wZOf5hBaKeG5eMHptNOTpoVTL73mM2/ZCwL53XJNeXX3UBCjnQU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705972362; c=relaxed/simple; bh=JA+WiZ5whi3MvySX6MkJgvqaUceqzu/DBmYXunBrTeM=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=MiZbj7DtJzO+O8fTmtHTztFehyfAwPxzwy13eEUKbeHuw9e8Pab277B6Ixa/cqMTwM7nwhhU6Z3Xhg6YpL3RCELIbHs6Sy/U/kcbb35tVkPLjEh1QFVp0CXNkqVgToXUrtJjNcMCuBrO4LFcQFXT1CiyToqOLA0DQXmbqgLxjZI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=UW/j71wi; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1d7610c5f4aso7625105ad.3 for <linux-kernel@vger.kernel.org>; Mon, 22 Jan 2024 17:12:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1705972361; x=1706577161; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=n14FGfYa3N4uzTdzNZsVaNNrsg5rUFPNmizA1oZLo14=; b=UW/j71wigMdpvhBXqA3DZvGGuCrmEFUgvytoPqKQQA79nFHfP5dUwROSdUbQPAtsWl ekSmzdiFimLsVL5YiLCFSuZURuAVE3aWmtj506cdG8AnkeeWs3RJBRu+6/Nu+9olKhfA jbFRJz2EGi4j8IDy2SG3UV4oU6xa07Qi2vLQg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705972361; x=1706577161; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n14FGfYa3N4uzTdzNZsVaNNrsg5rUFPNmizA1oZLo14=; b=di3BHYaQIHFwo3vhjzYZoWN9ZCBfnBwvoYFheTbhiwCphjQOnYFyAGqZWMzZt0WqAb lQz8K7VjezksZ7QW/A3BQm6/2RY8T7ru0omaSsIc4BqbRQAYRlJYvNU04DG8HUmoEC1d vQZlYkkK35uK30A4kszVAM80QjJpxUdCKq0FDcmOgwLb8VPCaaOHLDfpmc5ZzMLDMR8s ckjhMJSwV4qT5n0jsPvU2icvol8MWtMytH9bicFfk0VF0yNMCRrMVTFtwHo6ox40gT84 AXQFPkcQoYKIwr87MbGk8mSdJoo1MugK8EP+0uAnhOhryrrV1gHS/WUyz/OA4d4C+trw czNg== X-Gm-Message-State: AOJu0YykMScHHJJNhmzy9f5NXWqyVn9+MwUNfTxsREI1bxM+TUCFkp5U rDfCUm/L3FoE7bMV7fHRZHblv7hoEsOSQDbSXF3F69Jzr9Usi2pbB+41N9fTUw== X-Received: by 2002:a17:902:e888:b0:1d7:52b5:9c50 with SMTP id w8-20020a170902e88800b001d752b59c50mr2638187plg.19.1705972360860; Mon, 22 Jan 2024 17:12:40 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id t10-20020a170902bc4a00b001d714a1530bsm6628583plz.176.2024.01.22.17.12.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 17:12:40 -0800 (PST) From: Kees Cook <keescook@chromium.org> To: Russell King <linux@armlinux.org.uk> Cc: Kees Cook <keescook@chromium.org>, Mark Brown <broonie@kernel.org>, Ard Biesheuvel <ardb@kernel.org>, Wang Kefeng <wangkefeng.wang@huawei.com>, Andrew Morton <akpm@linux-foundation.org>, Ben Hutchings <ben@decadent.org.uk>, linux-arm-kernel@lists.infradead.org, "Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>, Hugh Dickins <hughd@google.com>, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] ARM: fault: Implement copy_from_kernel_nofault_allowed() Date: Mon, 22 Jan 2024 17:12:38 -0800 Message-Id: <20240123011238.work.301-kees@kernel.org> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1287; i=keescook@chromium.org; h=from:subject:message-id; bh=JA+WiZ5whi3MvySX6MkJgvqaUceqzu/DBmYXunBrTeM=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlrxKG6tfWL5xIYFOGIds5Ts6wuSg01/DNuLeZT /o7VpD4uOiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZa8ShgAKCRCJcvTf3G3A JqFMD/4gN73mQX7mlPdaa2zdsvP6xq2yWc61Unnw6gRee5hi4n3KdF0VTHrC8u6k/Ojil81Faop CycsyD3ymi/oVbJbAN8oA1wX16KvFVSjif6WYxUTkAqDotaXT1X0Oo4qYrGHbmAGX1KsXCC4l3/ b4iewmTT2eykQn8Nwn/wGsGL/gz2InD3oulj/Uiphv4kWPU8JWMycGeVd/j8LMsEHeSzhlNzEK2 lcMLvN0UFl7LeIIwjfJ4fx6lS5k475b9MelfqCneOEOIWZt5OO8wBCPyFoOHrnbQWtVgg3MqfMS TgvdVKBpb+9UKdvp63vpHvr1nEoOFh7VvIevfFgIu7E5wQ5y7LdMw0Tu7oBG5I1J89ds5umUE8D xEOHPot/UYDCpt3RwJq5Kc7OkK7WzJU+Ox/lC0cyJwzJda/kDmWoykk059C2ttsuF8J805nAWHK 2CXdOVvNRApGTU4Y49k/dPvNX8LAQkCUNUEYIFQdl2Sj8Y/Ky41W9FCh/K6Vw/NIXRrisU6lwLB HnqAAkL9cUJsNRqHAk44p4Gmt6hBD8uD9ag3Y6pGYEs76kE50YOnZkmZENzJyIVz5Bt+L5QjZSA mlW5Ku2TXKPToAGEKdO7YRa9frphpW+u4qRUNagx9DbbLO70ghNmfr+Qu/c+32TtrN7Wev1UXPC jgHeNF1 3TOXn3dw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788845379317904233 X-GMAIL-MSGID: 1788845379317904233 |
Series |
ARM: fault: Implement copy_from_kernel_nofault_allowed()
|
|
Commit Message
Kees Cook
Jan. 23, 2024, 1:12 a.m. UTC
Under PAN emulation when dumping backtraces from things like the
LKDTM EXEC_USERSPACE test[1], a double fault (which would hang a CPU)
would happen because of dump_instr() attempting to read a userspace
address. Make sure copy_from_kernel_nofault() does not attempt this
any more.
Reported-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/all/202401181125.D48DCB4C@keescook/ [1]
Suggested-by: "Russell King (Oracle)" <linux@armlinux.org.uk>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Wang Kefeng <wangkefeng.wang@huawei.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/mm/fault.c | 7 +++++++
1 file changed, 7 insertions(+)
Comments
On Tue, 23 Jan 2024 at 02:12, Kees Cook <keescook@chromium.org> wrote: > > Under PAN emulation when dumping backtraces from things like the > LKDTM EXEC_USERSPACE test[1], a double fault (which would hang a CPU) > would happen because of dump_instr() attempting to read a userspace > address. Make sure copy_from_kernel_nofault() does not attempt this > any more. > > Reported-by: Mark Brown <broonie@kernel.org> > Link: https://lore.kernel.org/all/202401181125.D48DCB4C@keescook/ [1] > Suggested-by: "Russell King (Oracle)" <linux@armlinux.org.uk> > Cc: Russell King <linux@armlinux.org.uk> > Cc: Ard Biesheuvel <ardb@kernel.org> > Cc: Wang Kefeng <wangkefeng.wang@huawei.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Ben Hutchings <ben@decadent.org.uk> > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> > --- > arch/arm/mm/fault.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c > index e804432e905e..bc5b959b6f90 100644 > --- a/arch/arm/mm/fault.c > +++ b/arch/arm/mm/fault.c > @@ -25,6 +25,13 @@ > > #include "fault.h" > > +bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) > +{ > + unsigned long addr = (unsigned long)unsafe_src; > + > + return addr >= TASK_SIZE && ULONG_MAX - addr >= size; > +} > + > #ifdef CONFIG_MMU > > /* > -- > 2.34.1 >
On Mon, Jan 22, 2024 at 05:12:38PM -0800, Kees Cook wrote: > Under PAN emulation when dumping backtraces from things like the > LKDTM EXEC_USERSPACE test[1], a double fault (which would hang a CPU) > would happen because of dump_instr() attempting to read a userspace > address. Make sure copy_from_kernel_nofault() does not attempt this > any more. This appears to fix the original issue: https://lava.sirena.org.uk/scheduler/job/497571 (though so did your earlier patch) so: Tested-by: Mark Brown <broonie@kernel.org>
On Mon, Jan 22, 2024 at 05:12:38PM -0800, Kees Cook wrote: > Under PAN emulation when dumping backtraces from things like the > LKDTM EXEC_USERSPACE test[1], a double fault (which would hang a CPU) > would happen because of dump_instr() attempting to read a userspace > address. Make sure copy_from_kernel_nofault() does not attempt this > any more. > > Reported-by: Mark Brown <broonie@kernel.org> > Link: https://lore.kernel.org/all/202401181125.D48DCB4C@keescook/ [1] > Suggested-by: "Russell King (Oracle)" <linux@armlinux.org.uk> > Cc: Russell King <linux@armlinux.org.uk> > Cc: Ard Biesheuvel <ardb@kernel.org> > Cc: Wang Kefeng <wangkefeng.wang@huawei.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Ben Hutchings <ben@decadent.org.uk> > Cc: linux-arm-kernel@lists.infradead.org > Signed-off-by: Kees Cook <keescook@chromium.org> Russell, do you mind if I carry in my tree the 3 ARM patches I sent? They're mostly pretty trivial, and they've been in "Incoming"[1] for 2 weeks but haven't shown up in -next yet. I'd really like them to get some soak time, and for them to reach the v6.9 merge window in time. Please let me know what you think. :) Thanks! -Kees [1] https://www.arm.linux.org.uk/developer/patches/section.php?section=0
On Tue, Feb 20, 2024 at 10:39:15PM -0800, Kees Cook wrote: > On Mon, Jan 22, 2024 at 05:12:38PM -0800, Kees Cook wrote: > > Under PAN emulation when dumping backtraces from things like the > > LKDTM EXEC_USERSPACE test[1], a double fault (which would hang a CPU) > > would happen because of dump_instr() attempting to read a userspace > > address. Make sure copy_from_kernel_nofault() does not attempt this > > any more. > > > > Reported-by: Mark Brown <broonie@kernel.org> > > Link: https://lore.kernel.org/all/202401181125.D48DCB4C@keescook/ [1] > > Suggested-by: "Russell King (Oracle)" <linux@armlinux.org.uk> > > Cc: Russell King <linux@armlinux.org.uk> > > Cc: Ard Biesheuvel <ardb@kernel.org> > > Cc: Wang Kefeng <wangkefeng.wang@huawei.com> > > Cc: Andrew Morton <akpm@linux-foundation.org> > > Cc: Ben Hutchings <ben@decadent.org.uk> > > Cc: linux-arm-kernel@lists.infradead.org > > Signed-off-by: Kees Cook <keescook@chromium.org> > > Russell, do you mind if I carry in my tree the 3 ARM patches I sent? > They're mostly pretty trivial, and they've been in "Incoming"[1] for 2 > weeks but haven't shown up in -next yet. I'd really like them to get > some soak time, and for them to reach the v6.9 merge window in time. They can't show up in -next at the moment because the machine that hosts my git tree is being moved between data centres. This was originally flagged as a same-day (Tuesday) move, then next day, then it'll be back online on Saturday. That's the last update that we've had. As I don't believe my GPG key has the necessary signatures on, I don't believe I can get a kernel.org account. I'm not even sure whether my gpg key is even correct for that - and at the moment I just glaze over reading the kernel.org gpg documentation.
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index e804432e905e..bc5b959b6f90 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,13 @@ #include "fault.h" +bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) +{ + unsigned long addr = (unsigned long)unsafe_src; + + return addr >= TASK_SIZE && ULONG_MAX - addr >= size; +} + #ifdef CONFIG_MMU /*