From patchwork Fri Jun 16 19:16:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 109314 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1563449vqr; Fri, 16 Jun 2023 12:18:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ55eKz148OeODtZX+WAr7f9T9ZklZWjujAz2CdP3kX29r6HUGW6Wc5OUUkOIaUqhncc3nlv X-Received: by 2002:a17:902:8697:b0:1b4:f649:1151 with SMTP id g23-20020a170902869700b001b4f6491151mr2282430plo.2.1686943137169; Fri, 16 Jun 2023 12:18:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686943137; cv=none; d=google.com; s=arc-20160816; b=tVpxJ9aFsX3PqppJKbMYWeJWkl14GiJx9cO34mrnLREpxKnbF7Pij19iTVGm42ldvr EIuCsN3K8BOrA7XCyZyFR/aIyXGn0QXAAUQYwWkgP9Ff65k6i243CObEDioluKbBmzqH lpo+ChVLkilQBvaSOXWLDpALdlGPk63DjrR7W7TqChBFGo2aR+mRaDVihR4SuzDM+Tko eR6QeudTAMN2bnYAb9m8GvzjWTsKkNP29ncDl2qFrv2EP9wUsQ82W8Ja7YrAI/TNP9MM YVRy1YYLOk5P3+KuoXf2vtmElR3nOSlZGreeuqkYR0bwCNF3b/MGLyb+n/1Hj3q2JCJT okaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=J7Snn6U24d8xSQ9Lr7uM8UfI+4r2O+m0DUlyTmTUJKg=; b=fXPGnUhJfYFlbfQxMHTL8J4i7fEC4VgfQFbl3hTt4XLYyf2pYOPavPruKuN7F0Jpfl lHzn4vbfNQdwzseYcrr74ov1avsPZ+PsfKm+5RB9ELrI1x/fBWNT18tlug8Ad9CAjiLi VgVFXsZ3BNSEQdx/tVEYCaUTDvHlyUdkHCs26gKC0SPUjKyHw3joJUD8BZrg62H2wtf+ K8V2SRyeVk7TYlhk3eGmhs05M+EdolzhucpZ542fuQWFGyJM36fA0fTQIfRF12usmCjz 2+NLBWxEGDfq7ViW2TFyBjEml4uKgdpSqaAgw/54PY1HqYEK2shfJh8uO8qtwMZq0+iU xP4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=I9U3yMPk; dkim=neutral (no key) header.i=@linutronix.de header.b=eeUIP6kj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f18-20020a170902ce9200b001b0347b904csi16356410plg.275.2023.06.16.12.18.40; Fri, 16 Jun 2023 12:18:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=I9U3yMPk; dkim=neutral (no key) header.i=@linutronix.de header.b=eeUIP6kj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346074AbjFPTRf (ORCPT + 99 others); Fri, 16 Jun 2023 15:17:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345658AbjFPTQ5 (ORCPT ); Fri, 16 Jun 2023 15:16:57 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1CF535B3; Fri, 16 Jun 2023 12:16:56 -0700 (PDT) Date: Fri, 16 Jun 2023 19:16:54 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1686943015; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=J7Snn6U24d8xSQ9Lr7uM8UfI+4r2O+m0DUlyTmTUJKg=; b=I9U3yMPkyh7LrK2384KDH17m7hsQ0EW2I/jZGF2AT7JGKE1z47KM/uy6jfjgtRoUdJzDF4 wKfPmLYjDxa9OO+7qSLOWqU9ZmgWx0isp0U98rDQ6DNqSGGwCqORiQZ5Kn1ULZ6ZthYOrJ xlp7pcevWssxivERxSOeiA+c8LR5DG0M401hLLu4zF0WABAIjdgVdls35TaeyXydZ3VdZL IvXfQYqxuYjEAV5jOKKdGQ6CGaucDkXClHJPNzYy/y038b/q7CUJSrhdbJAHt6VJq1L9rN +X25PIDd2x01zIZ9O70Xcfprt9EXLF1vLckct5vJQKD9Qf0xOI1pHe4H071jZg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1686943015; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=J7Snn6U24d8xSQ9Lr7uM8UfI+4r2O+m0DUlyTmTUJKg=; b=eeUIP6kjndIFLeqL8cYr/t/eDG8n6b+bS1WEC3FOErZqBFJL5jbpP2Z06mZc+qX5pFTozO 7dnKeT2EnkR2UFBw== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/shstk: Check that SSP is aligned on sigreturn Cc: Rick Edgecombe , Dave Hansen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <168694301494.404.16782501347946423933.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768888086967276551?= X-GMAIL-MSGID: =?utf-8?q?1768888086967276551?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: 1d784497577b8f30374e4c0f12fbf1cb98986416 Gitweb: https://git.kernel.org/tip/1d784497577b8f30374e4c0f12fbf1cb98986416 Author: Rick Edgecombe AuthorDate: Mon, 12 Jun 2023 17:10:58 -07:00 Committer: Dave Hansen CommitterDate: Thu, 15 Jun 2023 16:31:34 -07:00 x86/shstk: Check that SSP is aligned on sigreturn The shadow stack signal frame is read by the kernel on sigreturn. It relies on shadow stack memory protections to prevent forgeries of this signal frame (which included the pre-signal SSP). It also relies on the shadow stack signal frame to have bit 63 set. Since this bit would not be set via typical shadow stack operations, so the kernel can assume it was a value it placed there. However, in order to support 32 bit shadow stack, the INCSSPD instruction can increment the shadow stack by 4 bytes. In this case SSP might be pointing to a region spanning two 8 byte shadow stack frames. It could confuse the checks described above. Since the kernel only supports shadow stack in 64 bit, just check that the SSP is 8 byte aligned in the sigreturn path. Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Link: https://lore.kernel.org/all/20230613001108.3040476-33-rick.p.edgecombe%40intel.com --- arch/x86/kernel/shstk.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/shstk.c b/arch/x86/kernel/shstk.c index f02e8ea..a8705f7 100644 --- a/arch/x86/kernel/shstk.c +++ b/arch/x86/kernel/shstk.c @@ -252,6 +252,9 @@ static int shstk_pop_sigframe(unsigned long *ssp) unsigned long token_addr; int err; + if (!IS_ALIGNED(*ssp, 8)) + return -EINVAL; + err = get_shstk_data(&token_addr, (unsigned long __user *)*ssp); if (unlikely(err)) return err;