From patchwork Tue Mar 28 01:03:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 75759 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1903127vqo; Mon, 27 Mar 2023 18:33:33 -0700 (PDT) X-Google-Smtp-Source: AKy350atz0MTJWsc3ndrXtQEF/QWYEOScprAJyQokm+7c+pWkTptCWOnzNlsT4UCnrr16lMDwli7 X-Received: by 2002:a17:906:3806:b0:931:fdf0:7eee with SMTP id v6-20020a170906380600b00931fdf07eeemr13425214ejc.56.1679967213114; Mon, 27 Mar 2023 18:33:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679967213; cv=none; d=google.com; s=arc-20160816; b=YExNDXCJusfH5oS9WPjXVolerp7vqSdPCOlsoszwwgmXTYCKn8Oxyx1XPpbLvw6Dgx N9a+79ghaYyBmaXgp2iuJMeV6sTmW57mdnt8V2W72IUsBYVe/UGyziSqFui1Z0aMt3T0 unniDJHaG88PVsaQrYJXEz6MntbbmRrMNaTQQtRegYLtcCSlB71zWiwj9Pq3uDyEJeDk qJCmAwsTs77dxC30DqDtojyWYF8Xvr6oI4PWd0M9XaQbyQWzzTMjUYAs8GzToa75pi1M 2WBWnem0k0o2/7NsI9EIIkoqpJGoAPlFmEVhWZtXhxyjWdXH4OCqR3vtJbzCS1WOBxKG JtJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=67MctZIWISax8lWg/O1BUzadU9+7vRWPYiN1MT2xET4=; b=CSyzMCexz9rx2iJ8hGiE1aY5hG3H+/M1mX05dq+DtdsjzIjDrSXuOphbYJnSLTYQ9E m/kspU9MEkacad5Wd+xQKfwiybtLCClW9Dh4q1jGHfhjI5TBiP9dZJjPDJXnuBkBzxVv T97hNgdBI+13ktU1MKmTpK1uSe1H5WEAuMXx+LlQ25VMUncglJ9vJXWCH5brbdnE6wWL IkXe/6imazxKFz4ekUqWmqEhdKwmglrVwHxRbGCKtPajutkIcvNP2/udBepUmgmXsgcP hBl6b8piLnQ/e1VWdh6rQST4y3QcCeDt2ENcUUBbJlNs96wMRlje7r3ZRyBoBozzpqar AtAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=c0pmAtjJ; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h4-20020aa7de04000000b00502038d273bsi12010059edv.575.2023.03.27.18.33.09; Mon, 27 Mar 2023 18:33:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=c0pmAtjJ; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230239AbjC1BEH (ORCPT + 99 others); Mon, 27 Mar 2023 21:04:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47722 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229897AbjC1BEF (ORCPT ); Mon, 27 Mar 2023 21:04:05 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8EF621A5; Mon, 27 Mar 2023 18:04:01 -0700 (PDT) Date: Tue, 28 Mar 2023 01:03:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1679965439; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=67MctZIWISax8lWg/O1BUzadU9+7vRWPYiN1MT2xET4=; b=c0pmAtjJQX4yOSfxD0H4QkzTWoJCAOhHpmEyMZiBPiAEMbVwmgEzIzQYipoq2vGF7ZLxGm w+07+v7Wcf31m6vT5QQgXyPQGx/p6pX3eQj1rrOLER9b7/gZl5B1rlXo7Y6f64mAYUFt5C WRN+5lHCzv9cad7aVgx3ZAHykUBu0yF425G6Qbse6Gk9yWsggY5IIYqJvk4DIsod9mcBp3 QNtNyufJasIgYttJNTYL/QIEWvFua6BwpRFDUBPKK0u8FYC8HJ/7+ZUpF/HuQ+Bdvn5rLd 9mAY2hFlxxQ1a2HWKBxgRgo168rHm1t2aFIvRgE6T5V0IWbvIf2QYgMk1K2Pow== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1679965439; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=67MctZIWISax8lWg/O1BUzadU9+7vRWPYiN1MT2xET4=; b=dSMnQ/psMnohljrtpotyYNblxfvkBIgTme3m9btGomqyUeHjAqx4N5WXxJLBxtzU5o1a37 22c4QbhcU6Vnj3Dg== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/shstk: Enforce only whole copies for ssp_set() Cc: Dan Carpenter , Rick Edgecombe , Dave Hansen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <167996543824.5837.9196113102924582471.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761573300574683089?= X-GMAIL-MSGID: =?utf-8?q?1761573300574683089?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: 11c95c77eef6d56c1ef9f55d8afd83ceb6d99996 Gitweb: https://git.kernel.org/tip/11c95c77eef6d56c1ef9f55d8afd83ceb6d99996 Author: Rick Edgecombe AuthorDate: Sat, 25 Mar 2023 12:33:49 -07:00 Committer: Dave Hansen CommitterDate: Mon, 27 Mar 2023 17:55:51 -07:00 x86/shstk: Enforce only whole copies for ssp_set() The regset set interface takes pos and count arguments to allow for partial copies. No callers use a non-zero pos, but ptrace allows for the count to be specified. It limits count to be a multiple of regset size, so this still allows for a zero size to be passed to ssp_set(). In ssp_set(), user_regset_copyin() returns success for copying zero bytes, which means user_ssp can later be accessed uninitialized. So add enforcement for this case. The other regset's also enforce pos == 0, so do that as well even though there is no caller today. In the case of partial copies, some regsets return -EINVAL and some return -EFAULT. -EINVAL seems more appropriate, so use that error code. Fixes: d84e6ee122e5 ("x86: Add PTRACE interface for shadow stack") Reported-by: Dan Carpenter Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Link: https://lore.kernel.org/all/90af27cc-6c9d-4fb9-be3b-fc4ef378766d@kili.mountain/ Link: https://lore.kernel.org/all/20230325193349.31893-1-rick.p.edgecombe%40intel.com --- arch/x86/kernel/fpu/regset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c index f0a8eaf..6bc1eb2 100644 --- a/arch/x86/kernel/fpu/regset.c +++ b/arch/x86/kernel/fpu/regset.c @@ -223,6 +223,9 @@ int ssp_set(struct task_struct *target, const struct user_regset *regset, !ssp_active(target, regset)) return -ENODEV; + if (pos != 0 || count != sizeof(user_ssp)) + return -EINVAL; + r = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_ssp, 0, -1); if (r) return r;