Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751877AbdIUUVy (ORCPT ); Thu, 21 Sep 2017 16:21:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48436 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751791AbdIUUVx (ORCPT ); Thu, 21 Sep 2017 16:21:53 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7E59DC0587C6 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=riel@redhat.com Message-ID: <1506025307.5486.24.camel@redhat.com> Subject: Re: [kernel-hardening] [PATCH v3 2/3] x86/fpu: tighten validation of user-supplied xstate_header From: Rik van Riel To: Eric Biggers , x86@kernel.org Cc: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Andy Lutomirski , Dave Hansen , Dmitry Vyukov , Fenghua Yu , Ingo Molnar , Kevin Hao , Oleg Nesterov , Wanpeng Li , Yu-cheng Yu , Michael Halcrow , Eric Biggers Date: Thu, 21 Sep 2017 16:21:47 -0400 In-Reply-To: <20170921185239.88398-3-ebiggers3@gmail.com> References: <20170921185239.88398-1-ebiggers3@gmail.com> <20170921185239.88398-3-ebiggers3@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-7xkChiA9PXNB1wO4FFuT" Mime-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 21 Sep 2017 20:21:53 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2277 Lines: 61 --=-7xkChiA9PXNB1wO4FFuT Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 2017-09-21 at 11:52 -0700, Eric Biggers wrote: > From: Eric Biggers >=20 > Move validation of user-supplied xstate_headers into a helper > function > and call it from both the ptrace and sigreturn syscall paths.=C2=A0=C2=A0= The > new > function also considers it to be an error if *any* reserved bits are > set, whereas before we were just clearing most of them. >=20 > This should reduce the chance of bugs that fail to correctly validate > user-supplied XSAVE areas.=C2=A0=C2=A0It also will expose any broken user= space > programs that set the other reserved bits; this is desirable because > such programs will lose compatibility with future CPUs and kernels if > those bits are ever used for anything.=C2=A0=C2=A0(There shouldn't be any= such > programs, and in fact in the case where the compacted format is in > use > we were already validating xfeatures.=C2=A0=C2=A0But you never know...) >=20 > Reviewed-by: Kees Cook > Acked-by: Dave Hansen > Cc: Andy Lutomirski > Cc: Dmitry Vyukov > Cc: Fenghua Yu > Cc: Ingo Molnar > Cc: Kevin Hao > Cc: Oleg Nesterov > Cc: Wanpeng Li > Cc: Yu-cheng Yu > Signed-off-by: Eric Biggers >=20 Reviewed-by: Rik van Riel --=20 All rights reversed --=-7xkChiA9PXNB1wO4FFuT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJZxB9cAAoJEM553pKExN6D8ygIAIl128KarCAq3fc+6HjyWCA6 YuJAU0kDYE23OQ+1UpZ4VNCSsWk8kmG6N/goj20yF2pQKwVqV4FaA2uGtSjkuENX amSZetbgzP7M9E8RYJRAcJZGwVRP/dWsmli9fcgan6biNDMZx2TonmJuuoPiBrWi K/AaoQOsyTuBRtIeHTyZujoNnCEFeYkrOBetUb5rkIJG4eBWeT1mMNPt+Zbqp5oh cBm7ro3OF2N1L2R5yrnhpDw4DrH1Nj+WBwgH0YqFXj7t+Dsi9+7Xd4YYsX7C2l6W UZyXcxILc9Mm9ooLxAVPKag0TFmJJrbmjzC+5UjPtyfWan00HpLiAUIicQeDnVk= =8ypp -----END PGP SIGNATURE----- --=-7xkChiA9PXNB1wO4FFuT--