Received: by 10.213.65.68 with SMTP id h4csp2529663imn; Mon, 9 Apr 2018 05:08:16 -0700 (PDT) X-Google-Smtp-Source: AIpwx48hzSlMXfV4biiejeMsXnlVHutdCH7NYn8REAgd2Wyd6RJDGKiwMDo2eKLgBWAGKMNcl+BP X-Received: by 10.101.71.194 with SMTP id f2mr2981948pgs.312.1523275696062; Mon, 09 Apr 2018 05:08:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523275696; cv=none; d=google.com; s=arc-20160816; b=FjYCn6gBZhKm5zF6CRqpKjTsQylFlh2IoVP/vWpd0NO0HJ2GeBRL6R3D+AYSwH0jQK DFZWzEu8PxFwdcrLGDKSsGhyYt+ec6sycB9kWoM5F+wfVTqV/dFdm47n3g43CAOZJfyQ jNLdTJZrCGHvi4hXPLR/hz3kVdVfcQGqqI02pdJbZA2V+4gaaP+PUz9hf+7VjVu1Wued MXB6nRK1i+BJC2+lBor8nP6EeViIqD3Z36df9w+w/Kyq/MGOJ6JiTQUBidVUeZtwuNmN lJcbDm15AeP8Yqe7wbHFN72UHO/ipRTqHkMFgeZbw19/Wrq5I/QP9TjMqeCtNIvfKK34 cuhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=KkoAn0XKI3SIyBj98Z9iP8iiibOgEVzCiE0UvoSvhKw=; b=1JBNw+IdqFDhOtLbFbVZzBjbi0RvxTFsDjCUfVdcquM55uWjqy+GhwPpRD3KEDGc+B M9cJwFqT99yn6ZTJDC5wIgo+Zto+KU9wrrwBgnoEw+JBLgk70054hIUtIVrKdKH6PlKG 8vMcEId3nCb1fKagOgFa4Y8xSUwDnwhHGHa2zkVacpe0MzFrsTTZ2Qk9N8CICo4mxIcB NFAlmf+YmGq9B52IPvqkUBrPQeBbSJ+9kBEmHUn30vKlhzxZBHdU47k0dZhN6LWHDLKU WfFrWXklAiTQlBz6QBYoPtdKmVlzpUT/dGRgc2ioMt3lxfzXTaRdBrhOkwlYihBC2ix8 2ZNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aqHSuic0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q13si134755pgr.405.2018.04.09.05.07.39; Mon, 09 Apr 2018 05:08:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aqHSuic0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752493AbeDIMEE (ORCPT + 99 others); Mon, 9 Apr 2018 08:04:04 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:36049 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752468AbeDIMEB (ORCPT ); Mon, 9 Apr 2018 08:04:01 -0400 Received: by mail-wm0-f68.google.com with SMTP id x82so16284412wmg.1 for ; Mon, 09 Apr 2018 05:04:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KkoAn0XKI3SIyBj98Z9iP8iiibOgEVzCiE0UvoSvhKw=; b=aqHSuic0H5m680p7mx6kS6Zzx7BYNK1X3nT5i4cagCuv/Q9dq/5ZignTwoxkIweL6y ujeRk2owS5kFbIyjUdmkC/l6QMFFcvVkr5IkXUH15nkTG5hzliP3BvXJpLBvg7SgVWOu MLdRVkRQrAu22k6//7BZaan69A7cv+obk1hlHfXinbjuiBlpv5v2cHeg8OdMh0q020u8 9YJl2KZ+tgTIIObyRKCGzBjaz8Ah9qMTc1cYtzIZQ5SDejmu+6CaKFV464u93QSE/rwm olOppXQY56GptLh0S/tMLbl3A3ZYgnNPUs5xPOMPGHmFoJI1DcV81jakxKipvJoppcTi HPqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KkoAn0XKI3SIyBj98Z9iP8iiibOgEVzCiE0UvoSvhKw=; b=iJ2UqPld59jgUt27yJdV5ggrdllb8t/lN47FDeh6BLP02KbgFyz1l9DUV2HPEP4xOS GoCitt0d5kmcDrCfFVebBYbiPwPP9CfTIshDoIOeVJ+QFO6cJ+M2JYkA5Eif9+H3eZbJ iTN86H1/07TWAnjHt5MC2O2MmnJUqMewC7bkZROgFFNsz3Aoh9RS3KneuXf6zp3p2gw1 4FEcwSJe9Q/n373mwY1kcTKIL4VKjPTNkjHfMXXgLnn+mKI1deecmf2AtMlmlSgO7C0R SsW/k7EczKdVXSXnzzt8MsyrGMRoWHL4G4aZM93XaxPvUaSEkKYKet0zXsPxXmojLSwL c/OQ== X-Gm-Message-State: ALQs6tA8urIUiwl5WQ0E79JZlms8JtBoQaZ1xlP+k3n1gJkIVyxjMgj9 y2tMHOzhIuUArN7u6i+bSmA= X-Received: by 10.28.85.137 with SMTP id j131mr21907873wmb.94.1523275440381; Mon, 09 Apr 2018 05:04:00 -0700 (PDT) Received: from sahara-ad.darkmatter.uae (bba421079.alshamil.net.ae. [83.110.21.201]) by smtp.gmail.com with ESMTPSA id 59sm280435wro.35.2018.04.09.05.03.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 09 Apr 2018 05:03:59 -0700 (PDT) From: kpark3469@gmail.com To: kernel-hardening@lists.openwall.com Cc: catalin.marinas@arm.com, keescook@chromium.org, will.deacon@arm.com, mark.rutland@arm.com, james.morse@arm.com, panand@redhat.com, keun-o.park@darkmatter.ae, psodagud@codeaurora.org, jpoimboe@redhat.com, mingo@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 3/3] x86: usercopy: reimplement arch_within_stack_frames with unwinder Date: Mon, 9 Apr 2018 15:59:16 +0400 Message-Id: <1523275156-29087-4-git-send-email-kpark3469@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1523275156-29087-3-git-send-email-kpark3469@gmail.com> References: <1523275156-29087-1-git-send-email-kpark3469@gmail.com> <1523275156-29087-2-git-send-email-kpark3469@gmail.com> <1523275156-29087-3-git-send-email-kpark3469@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sahara The old arch_within_stack_frames which used the frame pointer is now reimplemented to use frame pointer unwinder apis. So the main functionality is same as before. Signed-off-by: Sahara --- arch/x86/include/asm/unwind.h | 5 ++++ arch/x86/kernel/stacktrace.c | 64 +++++++++++++++++++++++++++++++++--------- arch/x86/kernel/unwind_frame.c | 4 +-- 3 files changed, 57 insertions(+), 16 deletions(-) diff --git a/arch/x86/include/asm/unwind.h b/arch/x86/include/asm/unwind.h index 1f86e1b..6f04906f 100644 --- a/arch/x86/include/asm/unwind.h +++ b/arch/x86/include/asm/unwind.h @@ -87,6 +87,11 @@ void unwind_init(void); void unwind_module_init(struct module *mod, void *orc_ip, size_t orc_ip_size, void *orc, size_t orc_size); #else +#ifdef CONFIG_UNWINDER_FRAME_POINTER +#define FRAME_HEADER_SIZE (sizeof(long) * 2) +size_t regs_size(struct pt_regs *regs); +#endif + static inline void unwind_init(void) {} static inline void unwind_module_init(struct module *mod, void *orc_ip, size_t orc_ip_size, diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c index ff178a0..3de1105 100644 --- a/arch/x86/kernel/stacktrace.c +++ b/arch/x86/kernel/stacktrace.c @@ -13,6 +13,33 @@ #include +static inline void *get_cur_frame(struct unwind_state *state) +{ + void *frame = NULL; + +#if defined(CONFIG_UNWINDER_FRAME_POINTER) + if (state->regs) + frame = (void *)state->regs; + else + frame = (void *)state->bp; +#endif + return frame; +} + +static inline void *get_frame_end(struct unwind_state *state) +{ + void *frame_end = NULL; + +#if defined(CONFIG_UNWINDER_FRAME_POINTER) + if (state->regs) { + frame_end = (void *)state->regs + regs_size(state->regs); + } else { + frame_end = (void *)state->bp + FRAME_HEADER_SIZE; + } +#endif + return frame_end; +} + /* * Walks up the stack frames to make sure that the specified object is * entirely contained by a single stack frame. @@ -26,31 +53,42 @@ int arch_within_stack_frames(const void * const stack, const void * const stackend, const void *obj, unsigned long len) { -#if defined(CONFIG_FRAME_POINTER) - const void *frame = NULL; - const void *oldframe; - - oldframe = __builtin_frame_address(2); - if (oldframe) - frame = __builtin_frame_address(3); +#if defined(CONFIG_UNWINDER_FRAME_POINTER) + struct unwind_state state; + void *prev_frame_end = NULL; /* * low ----------------------------------------------> high * [saved bp][saved ip][args][local vars][saved bp][saved ip] * ^----------------^ * allow copies only within here + * + * Skip 3 non-inlined frames: arch_within_stack_frames(), + * check_stack_object() and __check_object_size(). + * */ - while (stack <= frame && frame < stackend) { + unsigned int discard_frames = 3; + + for (unwind_start(&state, current, NULL, NULL); !unwind_done(&state); + unwind_next_frame(&state)) { /* * If obj + len extends past the last frame, this * check won't pass and the next frame will be 0, * causing us to bail out and correctly report * the copy as invalid. */ - if (obj + len <= frame) - return obj >= oldframe + 2 * sizeof(void *) ? - GOOD_FRAME : BAD_STACK; - oldframe = frame; - frame = *(const void * const *)frame; + if (discard_frames) { + discard_frames--; + } else { + void *frame = get_cur_frame(&state); + + if (!frame || !prev_frame_end) + return NOT_STACK; + if (obj + len <= frame) + return obj >= prev_frame_end ? + GOOD_FRAME : BAD_STACK; + } + /* save current frame end before move to next frame */ + prev_frame_end = get_frame_end(&state); } return BAD_STACK; #else diff --git a/arch/x86/kernel/unwind_frame.c b/arch/x86/kernel/unwind_frame.c index 3dc26f9..c8bfa5c 100644 --- a/arch/x86/kernel/unwind_frame.c +++ b/arch/x86/kernel/unwind_frame.c @@ -8,8 +8,6 @@ #include #include -#define FRAME_HEADER_SIZE (sizeof(long) * 2) - unsigned long unwind_get_return_address(struct unwind_state *state) { if (unwind_done(state)) @@ -69,7 +67,7 @@ static void unwind_dump(struct unwind_state *state) } } -static size_t regs_size(struct pt_regs *regs) +size_t regs_size(struct pt_regs *regs) { /* x86_32 regs from kernel mode are two words shorter: */ if (IS_ENABLED(CONFIG_X86_32) && !user_mode(regs)) -- 2.7.4