From patchwork Tue Sep 19 16:52:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 142011 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp3562344vqi; Tue, 19 Sep 2023 10:34:06 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFQ1iJQfNezuiKICUD95Xj/xtAWlxmansnp5uhFqxXqog8X4xDSe/6vWbrt5sdD/FORFDYB X-Received: by 2002:a05:6a20:158b:b0:133:38cb:2b93 with SMTP id h11-20020a056a20158b00b0013338cb2b93mr433756pzj.9.1695144845627; Tue, 19 Sep 2023 10:34:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695144845; cv=none; d=google.com; s=arc-20160816; b=YUr3TfpZuVucdmf68WYd3dPZKmiEr2IDsBlZF8WukS5w6l3qlgyV22P7gdt//9rgux hBPSCErI8nF0zKClakIgJpX+q2+P5P1tuAssS5LfMtWVtlKnh6dyXSmUqoL9ToMufh02 R0RZWTsLZXXYFasIVfKB2i4Be3aACeui+7J9Axa/ub8PuWFyJCZQ202LIeogrU2kT8rX Rr/MRH+bos1hIqavbqpzg7OuXdijG1azp2ghdwvP6ikjuxIXhVKqDaoL509kUMxO4Cfr AvEYng3HILkmg0WNBspybV0Aq3+Ljed9wuG1JixizTrTxd/X8mRwaRx5XP13jMsCx8pd myrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=a0eDSd4cSDghjb6mnbsI8z3gtL7oCcCNLtmkgwwpC3I=; fh=/RxRH6gs73pFrnq5QWPTqmLSwpaf43otSRmToAos3ak=; b=gjJxk8JGp1htMdFp+i8H8VkoIwXMfXmV6NLa410yaS74RyJ1L8AjP/gj07dBcMOVWo tRpadPy4EbuaSzBKA1vsKnz/+R0X1GEmQlQrJcLO+4MVve4VNdX4UiFRD6a2t5QDFgxD 5ygeaI5rwpTbCSIh10Zrr+Xen3wuSK6p0Mh0umfQVYgcM4nmf18Rt6YYzChZ8W0drD0n f2NY+ehBnfBPQDb53IoBB+ErHc2Tuv+L4X92CsEixcaoS648JVETaAW2U4q660UV971f Xgf15nCZJzKlF5f6xJg8xW7Oa9hvecXwMBEbo7ypLnC0kc6pw87GJ3OmyZ3LidjitUMx ymPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=FEtetmR8; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b="eimVFJU/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id y72-20020a638a4b000000b00578b379922asi1560685pgd.734.2023.09.19.10.34.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Sep 2023 10:34:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=FEtetmR8; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b="eimVFJU/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 7862A801C591; Tue, 19 Sep 2023 09:53:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231863AbjISQxG (ORCPT + 26 others); Tue, 19 Sep 2023 12:53:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229853AbjISQxB (ORCPT ); Tue, 19 Sep 2023 12:53:01 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42610AD; Tue, 19 Sep 2023 09:52:55 -0700 (PDT) Date: Tue, 19 Sep 2023 16:52:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1695142373; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=a0eDSd4cSDghjb6mnbsI8z3gtL7oCcCNLtmkgwwpC3I=; b=FEtetmR8hsv04eddaH9/Rr6FBvQHnqNa7YpmLTNOwxJ7vgQtImbFjozl2LN6s8qOPzGSMD DgHTf5ypVJ33l3hO7d/C6RZQCaDrXNHMG0r5DeygxlamAfn4iyZ61C+1hNhio/DaJPaX6r 9Iu5++qkqsA+WOVl1DYJvMQ5VKh/BGvQmlojHopn0C4K26ucjOlxvBElLY4PBXpZkf92YT NGBg+GZ9WnEHNrgY4cGH89WvAp1h5FDUP4X/4o4Tx8lrLMwQ+E9EtFpQnc6Gc+TrcO+LN7 l2UeSBSKEcLDWEpZlA10EqVDc2RCvhrLn8ssiPTczcIQUfpUqDgk8u/ylWtiHw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1695142373; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=a0eDSd4cSDghjb6mnbsI8z3gtL7oCcCNLtmkgwwpC3I=; b=eimVFJU/Hfo/wGXgL8gLXCY8rpgxboceWFGiS6L86BYhWWsKk9b95jyuQysbGwxu8NiYUG zky0dMEhuw9HGKCw== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/shstk: Add warning for shadow stack double unmap Cc: Rick Edgecombe , Dave Hansen , "H.J. Lu" , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <169514237254.27769.13102793379343449331.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 19 Sep 2023 09:53:09 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777488201460519666 X-GMAIL-MSGID: 1777488201460519666 The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 509ff51ee652c41a277c2b439aea01a8f56a27b9 Gitweb: https://git.kernel.org/tip/509ff51ee652c41a277c2b439aea01a8f56a27b9 Author: Rick Edgecombe AuthorDate: Fri, 08 Sep 2023 13:36:55 -07:00 Committer: Dave Hansen CommitterDate: Tue, 19 Sep 2023 09:18:34 -07:00 x86/shstk: Add warning for shadow stack double unmap There are several ways a thread's shadow stacks can get unmapped. This can happen on exit or exec, as well as error handling in exec or clone. The task struct already keeps track of the thread's shadow stack. Use the size variable to keep track of if the shadow stack has already been freed. When an attempt to double unmap the thread shadow stack is caught, warn about it and abort the operation. Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Tested-by: H.J. Lu Link: https://lore.kernel.org/all/20230908203655.543765-4-rick.p.edgecombe%40intel.com --- arch/x86/kernel/shstk.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kernel/shstk.c b/arch/x86/kernel/shstk.c index ad63252..59e15dd 100644 --- a/arch/x86/kernel/shstk.c +++ b/arch/x86/kernel/shstk.c @@ -426,7 +426,18 @@ void shstk_free(struct task_struct *tsk) if (!shstk->base) return; + /* + * shstk->base is NULL for CLONE_VFORK child tasks, and so is + * normal. But size = 0 on a shstk->base is not normal and + * indicated an attempt to free the thread shadow stack twice. + * Warn about it. + */ + if (WARN_ON(!shstk->size)) + return; + unmap_shadow_stack(shstk->base, shstk->size); + + shstk->size = 0; } static int wrss_control(bool enable)