Received: by 10.213.65.68 with SMTP id h4csp2115131imn;
        Sun, 8 Apr 2018 20:05:39 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4+hwddxzTZlg3KMBzCwpRGl/TJwnJjQqxC1FPzJ6qM4zbdDB27vO+NhhKnVzwedBpRuIHnH
X-Received: by 2002:a17:902:32a2:: with SMTP id z31-v6mr37883280plb.41.1523243139067;
        Sun, 08 Apr 2018 20:05:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523243139; cv=none;
        d=google.com; s=arc-20160816;
        b=ficmZLFQSn9FZGqL9hVRzwtwe6SBNfPuUsvcZ9BeNSRko4uqG5o4Z6IhEdh7ykBhLs
         fjJSjdJ0G2f7mjKwanQy2QhleuaWdvpoFK6UVKTcEF99yrd/nqnTJK2vEQ3n+SCTE2xE
         +UbKYGTpeAQFmideOgDWX5N6GcGkQEA8iUDerjbao48Q4UuwVwE52b067PTJw5kmgNP6
         0j12BnbpeMQIZyCa9zD2SMyD8oN9N415g/CnS12btAlfIV2+gIKZjsaWiKeOcZGrbYuN
         vSTjdKbJfuNcXFGP2bXxVKW1gex6ZcNSqUPeeKL+ez56ewuDj226eGUo2xgbhP+Xvp6S
         /MHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :spamdiagnosticmetadata:spamdiagnosticoutput:content-language
         :accept-language:in-reply-to:references:message-id:date:thread-index
         :thread-topic:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=Hc6nLPJVp8wu8SkOJXZj19L1h+xsTjdVFHXZuslMiMA=;
        b=IUtSiCUOGSJmQvuGEL9hcxx4oVeXevBDwNIUH9TYDnrQO3q7JWxOunuMjIW6ZAnvLo
         f7RqJ4MfUloGEu7GEn+X5yFcoY3om22H8Z9MwHUunx2LXmAB2taLBkocoAv4V7UK+Zgj
         HGBqKPVUkYW/IpoQd9PyIP3eUdks6EvCv5LwBi/xnHrw4e/70bN+9zA6eT/q3viuZqKS
         8ldKoL0FhXzXWZ68sx30/rGbd9yWBawpADQAKWuTQ+sQOJpAUuUAPOVgZRAj/aCViQEd
         WlnnnCJwfU789Tw038gvOJo0Dt4cckPfN9lEAsHSyl9hAyogW1HDo5AkhdnLM646adQh
         B9eA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=gn3K2+nD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n6-v6si13535710plp.194.2018.04.08.20.05.02;
        Sun, 08 Apr 2018 20:05:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=gn3K2+nD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756061AbeDIAaH (ORCPT <rfc822;kkoh.linux@gmail.com>
        + 98 others); Sun, 8 Apr 2018 20:30:07 -0400
Received: from mail-sn1nam02on0106.outbound.protection.outlook.com ([104.47.36.106]:7529
        "EHLO NAM02-SN1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S932128AbeDIA3s (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 8 Apr 2018 20:29:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=Hc6nLPJVp8wu8SkOJXZj19L1h+xsTjdVFHXZuslMiMA=;
 b=gn3K2+nDKO3KG5cdsaQHNH+Xs2lLH8Z7v7n/qrj3ObWOM+to3xwQzHDYZogeE4hyul+OiDQy3Ws0+fDezEWpCWbw8Es70vQWuZkcgTcGf4CN6pL7u97b8o9X6n2g7CdrSAeTj9FfCjAwD8kIt+jIsmiCowG0IcZBYQnipIKzAfs=
Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by
 DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.696.0; Mon, 9 Apr 2018 00:29:43 +0000
Received: from DM5PR2101MB1032.namprd21.prod.outlook.com
 ([fe80::8109:aef0:a777:7059]) by DM5PR2101MB1032.namprd21.prod.outlook.com
 ([fe80::8109:aef0:a777:7059%2]) with mapi id 15.20.0696.003; Mon, 9 Apr 2018
 00:29:43 +0000
From:   Sasha Levin <Alexander.Levin@microsoft.com>
To:     "stable@vger.kernel.org" <stable@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
CC:     Dave Martin <Dave.Martin@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL for 4.9 120/293] arm64: ptrace: Flush user-RW TLS reg
 to thread_struct before reading
Thread-Topic: [PATCH AUTOSEL for 4.9 120/293] arm64: ptrace: Flush user-RW TLS
 reg to thread_struct before reading
Thread-Index: AQHTz5kersbuDb7X0EWcileNz7K5cw==
Date:   Mon, 9 Apr 2018 00:24:26 +0000
Message-ID: <20180409002239.163177-120-alexander.levin@microsoft.com>
References: <20180409002239.163177-1-alexander.levin@microsoft.com>
In-Reply-To: <20180409002239.163177-1-alexander.levin@microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [52.168.54.252]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DM5PR2101MB1032;7:TQqY1ulQEa71DIfNi8UUJ58bHSTUpAKptRFsnYONNmzL07cfUnkv/6Zq7T/VEAnPHQp9Xn3JDoIrqooD4VZl4iYy14GKcniG1Utm6evo+k0D5KxnYynzWkbExNNo//kvumeJzUWBOhLykRoACRDnDmyYe3m1dMwekhfJxsMggD5ojTYHM7Xe+iAqGwsL4g1UNA812dzJWk9DzinT9t5f2fX2o92EMQqVQB/t32f70zgc7qrU1Y30gIGTAWkniYln;20:iaQezoq1jj3Ka9D6W2Gu6if0bX0+IuIuTTXvjexGaFenKyMTxqvG2HBxcDhYuTX99X8k66yDQ0oFIdJNR5EoI1IKNeoR9MMB/dP5fcyLAZlRP94u2Z/6hQoLvXOEAcxPhUne1Mb3ZEk2s92GxsEy8MRSLjfZ/hyEbpjeO1B94Wg=
x-ms-office365-filtering-ht: Tenant
X-MS-Office365-Filtering-Correlation-Id: 2ef8733c-dbcd-492c-52ae-08d59db0fd45
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020);SRVR:DM5PR2101MB1032;
x-ms-traffictypediagnostic: DM5PR2101MB1032:
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Alexander.Levin@microsoft.com; 
x-microsoft-antispam-prvs: <DM5PR2101MB10323225627CAFE9399C181EFBBF0@DM5PR2101MB1032.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(89211679590171);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(61425038)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231221)(944501327)(52105095)(10201501046)(93006095)(93001095)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011);SRVR:DM5PR2101MB1032;BCL:0;PCL:0;RULEID:;SRVR:DM5PR2101MB1032;
x-forefront-prvs: 0637FCE711
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39380400002)(346002)(396003)(39860400002)(376002)(366004)(189003)(199004)(5660300001)(76176011)(99286004)(10090500001)(2900100001)(105586002)(305945005)(7736002)(107886003)(2501003)(5250100002)(14454004)(53936002)(4326008)(8936002)(68736007)(25786009)(86612001)(3846002)(66066001)(1076002)(486006)(316002)(72206003)(22452003)(106356001)(186003)(97736004)(6436002)(6116002)(476003)(2616005)(478600001)(6486002)(10290500003)(2906002)(110136005)(54906003)(6512007)(81156014)(81166006)(8676002)(36756003)(11346002)(3660700001)(446003)(6666003)(86362001)(26005)(102836004)(3280700002)(6506007)(22906009)(217873001);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR2101MB1032;H:DM5PR2101MB1032.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate
 permitted sender hosts)
x-microsoft-antispam-message-info: jM96s6lPQbFt4vVwGLZzxXSu/9p/OElnkEGdTIIWUBdmvXcMsFQ0dB00p+IJ1VsnwK0riHN078Xsvdz7s0YmUsMizDm5UEIFwDx1pd0nsgJN89LMkcE6UYJ+6XejTnO2CrcqAzOmUqfRseLMirhM57B9nnekj62zuGDl4DtsakjNv/+hZt4CrHMMokPs1QxoSMNQER8SbUsBMq6EhAdgS9H0lDL0cvIaL0cpHozGLJQg6xmkdQQQwARUo/jr+tL2SW17BKOZfuUNZI2xBakkAZJmNKV5roHyMdF8ao1c/R/FlcZaNpB8/CxLE9rgzguDBJ1BEu4sxx8qN4yLNp/kwa2SY25gunisORvR5KWWtfLJXvMp6XB11y4iaTJwq1EWBMUsR2LdVdiBLD4Fk6S4fSoqCxjriX6CHXcmjsaP+1c=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2ef8733c-dbcd-492c-52ae-08d59db0fd45
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2018 00:24:26.5656
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB1032
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Dave Martin <Dave.Martin@arm.com>

[ Upstream commit 936eb65ca22ad856cb3a995e8cd742e982dc2dd0 ]

When reading current's user-writable TLS register (which occurs
when dumping core for native tasks), it is possible that userspace
has modified it since the time the task was last scheduled out.
The new TLS register value is not guaranteed to have been written
immediately back to thread_struct in this case.

As a result, a coredump can capture stale data for this register.
Reading the register for a stopped task via ptrace is unaffected.

For native tasks, this patch explicitly flushes the TPIDR_EL0
register back to thread_struct before dumping when operating on
current, thus ensuring that coredump contents are up to date.  For
compat tasks, the TLS register is not user-writable and so cannot
be out of sync, so no flush is required in compat_tls_get().

Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 arch/arm64/include/asm/processor.h | 3 +++
 arch/arm64/kernel/process.c        | 8 ++++++--
 arch/arm64/kernel/ptrace.c         | 4 ++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/pr=
ocessor.h
index 60e34824e18c..b3ac6e5a70b9 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -102,6 +102,9 @@ struct thread_struct {
 #define task_user_tls(t)	(&(t)->thread.tp_value)
 #endif
=20
+/* Sync TPIDR_EL0 back to thread_struct for current */
+void tls_preserve_current_state(void);
+
 #define INIT_THREAD  {	}
=20
 static inline void start_thread_common(struct pt_regs *regs, unsigned long=
 pc)
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 0e7394915c70..90e2823e5081 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -304,12 +304,16 @@ int copy_thread(unsigned long clone_flags, unsigned l=
ong stack_start,
 	return 0;
 }
=20
+void tls_preserve_current_state(void)
+{
+	*task_user_tls(current) =3D read_sysreg(tpidr_el0);
+}
+
 static void tls_thread_switch(struct task_struct *next)
 {
 	unsigned long tpidr, tpidrro;
=20
-	tpidr =3D read_sysreg(tpidr_el0);
-	*task_user_tls(current) =3D tpidr;
+	tls_preserve_current_state();
=20
 	tpidr =3D *task_user_tls(next);
 	tpidrro =3D is_compat_thread(task_thread_info(next)) ?
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 8eedeef375d6..d1fd560b3a2a 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -646,6 +646,10 @@ static int tls_get(struct task_struct *target, const s=
truct user_regset *regset,
 		   void *kbuf, void __user *ubuf)
 {
 	unsigned long *tls =3D &target->thread.tp_value;
+
+	if (target =3D=3D current)
+		tls_preserve_current_state();
+
 	return user_regset_copyout(&pos, &count, &kbuf, &ubuf, tls, 0, -1);
 }
=20
--=20
2.15.1