Received: by 10.213.65.68 with SMTP id h4csp3562936imn; Tue, 10 Apr 2018 00:34:55 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/qM4SthiSHWhBm7VpjLZ5+4qBJipXoBjqzEh6DApm79d8W7sfazJglmK+ZO/UdxC5THQMt X-Received: by 10.98.152.217 with SMTP id d86mr1870615pfk.18.1523345695418; Tue, 10 Apr 2018 00:34:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523345695; cv=none; d=google.com; s=arc-20160816; b=iHkXdaOW9sKJRK23iTCj5znN6VPjqmZCMzYVKtDMb7JsM8TF2nTmm5RgnyDU2r5bSK Fepa+GG66CCkqpINeQGSQha3QmT0Nrw/6FJ656dH+QXUuODadG68w71BjawGb7CVYqeZ GznrApsSCKiBvXqqXzPuyODQ+S45lbb5knr36zmEzdWI0bMaaGWKh6p/OOrr8HIxABTN SjaHoROjDGQ4jqvXbY/n0NiaKo4+RVztmyWNblV2mHcGzTfAwn1XWP/zL5xNfqE/IFFf ffwzBaX159mUyi4oFYGvfVuSx8K44mxkEx6WpQ8CtDYsPV5Bf89IT6f/wBOpPp//iYv4 Am6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=QVdUNFQEP2PBzgiizGMptMiMFI80vvYZP7iNFdF67Sg=; b=Tg02s0lniQCm2d9xdZFK2/6m2jnhs9L849F7nsYqrXPQ9Thk/daRD4wGvs76w+iYhb fzZ3YSqh+m1VJAQsy/W6XGcED94pnuHSpTe2aoIVCjDqK7dkShI/YhzLL+Yz29xIdnUd KmIrLENBo4iu9cbsT8BrL9NKOeaxLY985E0CdUleWpot2AG2WEJBUNv8meWY4aonazRp 8dTrA4cUeCfAd1slSdSQs/JegxTbe8vgEN2wfIbwWLAHsTGCEvMo7nxoz8McBB+lwAxp 2Q8QucamQFSbUZuqZtxlYswV+V8D4ewt6Dk0yGdfqw0Vpfmm2Sn1zRU7RPx8xIBAlSFh CJaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=beBpv6g8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1-v6si1969054pld.108.2018.04.10.00.34.17; Tue, 10 Apr 2018 00:34:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=beBpv6g8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752222AbeDJHbS (ORCPT + 99 others); Tue, 10 Apr 2018 03:31:18 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:36805 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751845AbeDJHbQ (ORCPT ); Tue, 10 Apr 2018 03:31:16 -0400 Received: by mail-wm0-f66.google.com with SMTP id x82so21253304wmg.1 for ; Tue, 10 Apr 2018 00:31:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QVdUNFQEP2PBzgiizGMptMiMFI80vvYZP7iNFdF67Sg=; b=beBpv6g8j9l3/sTpCc57fNqfwEPDj7f2QT/UJtkNre4Ae0xNIvqyZoef3dyjji6Kw8 E55IzufsOkBOf1eV1rZr0oYSh1JVh2AsbWbKaddD5/K6bY42ctKUTfsKZBj+dO09bOBj Uqds8NgOH/Rq5DXlf44zWE7j+jIHjrGDTNLpi2wK7hEjawS/iOpDlSPD9JA/hJEXHukj sqOeh83lAWKxLNqiTUkEm2QWrKa6wg4KnKsbrxrtmDvMiElxosHRpirStnuI+92W7LK7 OFBhcwp0fzA3sGDs/0jnf0wbyxKceNOXX/y1HilRJINJC5f8/n6oMG1JnbBLxi1Fgkp9 c9Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QVdUNFQEP2PBzgiizGMptMiMFI80vvYZP7iNFdF67Sg=; b=AFShTZQNK7GUK+1DpMEBupLE1npU3som2Xk+2e4dgbBl3Iyg/4NzBlhXNqI1bhzeJz HqkNPImK9lG0ONEBasuEODIfFuByQw7qm8jtFTRhCP1KaLxHECx+7b2nAYCFJPaFSC3s zehOiCu7NLlWr4o1aqxtaxjyWoYR5FVzfuZmjMLnUzibFDaXvX8ePfvlEWCy+nRs/IG7 Ds2PaOwdcdBSJCNSgbIiKTpx1V/MqmqV4rkQbzB7m0lqRr9qni3d6/UXjjquRkAtWQZn CGpf2WDGmFuqX44NP97o1zYuz/ni/JM0uT4WnS6LxHZj4Aq3fUrRLPlJqnmcufyX/2kk U9pA== X-Gm-Message-State: ALQs6tDMbwhlC+3zgX67pgGjJbO038w+20cYsRE8CD1v7s5gLkITqd26 A8WhKP7bkrSTmJqXxqTVF4c= X-Received: by 10.28.7.133 with SMTP id 127mr692743wmh.74.1523345475084; Tue, 10 Apr 2018 00:31:15 -0700 (PDT) Received: from sahara-mac.darkmatter.uae (bba421079.alshamil.net.ae. [83.110.21.201]) by smtp.gmail.com with ESMTPSA id r8sm2339516wmg.44.2018.04.10.00.31.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 10 Apr 2018 00:31:14 -0700 (PDT) From: kpark3469@gmail.com To: kernel-hardening@lists.openwall.com Cc: catalin.marinas@arm.com, keescook@chromium.org, will.deacon@arm.com, mark.rutland@arm.com, james.morse@arm.com, panand@redhat.com, keun-o.park@darkmatter.ae, psodagud@codeaurora.org, jpoimboe@redhat.com, mingo@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 1/3] stacktrace: move arch_within_stack_frames from thread_info.h Date: Tue, 10 Apr 2018 11:30:45 +0400 Message-Id: <1523345447-10725-2-git-send-email-kpark3469@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1523345447-10725-1-git-send-email-kpark3469@gmail.com> References: <1523345447-10725-1-git-send-email-kpark3469@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sahara Since the inlined arch_within_stack_frames function was placed within asm/thread_info.h, using stacktrace functions to unwind stack was restricted. Now in order to have this function use more abundant apis, it is moved to architecture's stacktrace.c. And, it is changed from inline to noinline function to clearly have three depth calls like: do_usercopy_stack() copy_[to|from]_user() : inline check_copy_size() : inline __check_object_size() check_stack_object() arch_within_stack_frames() With this change, the x86's implementation was slightly changed also. Signed-off-by: Sahara Reviewed-by: Kees Cook --- arch/x86/include/asm/thread_info.h | 51 +------------------------------------- arch/x86/kernel/Makefile | 2 +- arch/x86/kernel/stacktrace.c | 49 ++++++++++++++++++++++++++++++++++++ include/linux/stacktrace.h | 24 ++++++++++++++++++ include/linux/thread_info.h | 21 ---------------- mm/usercopy.c | 2 +- 6 files changed, 76 insertions(+), 73 deletions(-) diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h index a5d9521..e25d70a 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -156,59 +156,10 @@ struct thread_info { * * preempt_count needs to be 1 initially, until the scheduler is functional. */ -#ifndef __ASSEMBLY__ - -/* - * Walks up the stack frames to make sure that the specified object is - * entirely contained by a single stack frame. - * - * Returns: - * GOOD_FRAME if within a frame - * BAD_STACK if placed across a frame boundary (or outside stack) - * NOT_STACK unable to determine (no frame pointers, etc) - */ -static inline int arch_within_stack_frames(const void * const stack, - const void * const stackend, - const void *obj, unsigned long len) -{ -#if defined(CONFIG_FRAME_POINTER) - const void *frame = NULL; - const void *oldframe; - - oldframe = __builtin_frame_address(1); - if (oldframe) - frame = __builtin_frame_address(2); - /* - * low ----------------------------------------------> high - * [saved bp][saved ip][args][local vars][saved bp][saved ip] - * ^----------------^ - * allow copies only within here - */ - while (stack <= frame && frame < stackend) { - /* - * If obj + len extends past the last frame, this - * check won't pass and the next frame will be 0, - * causing us to bail out and correctly report - * the copy as invalid. - */ - if (obj + len <= frame) - return obj >= oldframe + 2 * sizeof(void *) ? - GOOD_FRAME : BAD_STACK; - oldframe = frame; - frame = *(const void * const *)frame; - } - return BAD_STACK; -#else - return NOT_STACK; -#endif -} - -#else /* !__ASSEMBLY__ */ - +#ifdef __ASSEMBLY__ #ifdef CONFIG_X86_64 # define cpu_current_top_of_stack (cpu_tss_rw + TSS_sp1) #endif - #endif #ifdef CONFIG_COMPAT diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 02d6f5c..3b8afd5 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -70,7 +70,7 @@ obj-$(CONFIG_IA32_EMULATION) += tls.o obj-y += step.o obj-$(CONFIG_INTEL_TXT) += tboot.o obj-$(CONFIG_ISA_DMA_API) += i8237.o -obj-$(CONFIG_STACKTRACE) += stacktrace.o +obj-y += stacktrace.o obj-y += cpu/ obj-y += acpi/ obj-y += reboot.o diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c index 093f2ea..ff178a0 100644 --- a/arch/x86/kernel/stacktrace.c +++ b/arch/x86/kernel/stacktrace.c @@ -12,6 +12,54 @@ #include #include + +/* + * Walks up the stack frames to make sure that the specified object is + * entirely contained by a single stack frame. + * + * Returns: + * GOOD_FRAME if within a frame + * BAD_STACK if placed across a frame boundary (or outside stack) + * NOT_STACK unable to determine (no frame pointers, etc) + */ +int arch_within_stack_frames(const void * const stack, + const void * const stackend, + const void *obj, unsigned long len) +{ +#if defined(CONFIG_FRAME_POINTER) + const void *frame = NULL; + const void *oldframe; + + oldframe = __builtin_frame_address(2); + if (oldframe) + frame = __builtin_frame_address(3); + /* + * low ----------------------------------------------> high + * [saved bp][saved ip][args][local vars][saved bp][saved ip] + * ^----------------^ + * allow copies only within here + */ + while (stack <= frame && frame < stackend) { + /* + * If obj + len extends past the last frame, this + * check won't pass and the next frame will be 0, + * causing us to bail out and correctly report + * the copy as invalid. + */ + if (obj + len <= frame) + return obj >= oldframe + 2 * sizeof(void *) ? + GOOD_FRAME : BAD_STACK; + oldframe = frame; + frame = *(const void * const *)frame; + } + return BAD_STACK; +#else + return NOT_STACK; +#endif +} + +#ifdef CONFIG_STACKTRACE + static int save_stack_address(struct stack_trace *trace, unsigned long addr, bool nosched) { @@ -241,3 +289,4 @@ void save_stack_trace_user(struct stack_trace *trace) if (trace->nr_entries < trace->max_entries) trace->entries[trace->nr_entries++] = ULONG_MAX; } +#endif /* CONFIG_STACKTRACE */ diff --git a/include/linux/stacktrace.h b/include/linux/stacktrace.h index ba29a06..60bb988 100644 --- a/include/linux/stacktrace.h +++ b/include/linux/stacktrace.h @@ -7,6 +7,30 @@ struct task_struct; struct pt_regs; +/* + * For per-arch arch_within_stack_frames() implementations, defined in + * kernel/stacktrace.c. + */ +enum { + BAD_STACK = -1, + NOT_STACK = 0, + GOOD_FRAME, + GOOD_STACK, +}; + +#ifdef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES +extern int arch_within_stack_frames(const void * const stack, + const void * const stackend, + const void *obj, unsigned long len); +#else +static inline int arch_within_stack_frames(const void * const stack, + const void * const stackend, + const void *obj, unsigned long len) +{ + return NOT_STACK; +} +#endif + #ifdef CONFIG_STACKTRACE struct stack_trace { unsigned int nr_entries, max_entries; diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index 34f053a..5403851 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -23,18 +23,6 @@ #endif #include - -/* - * For per-arch arch_within_stack_frames() implementations, defined in - * asm/thread_info.h. - */ -enum { - BAD_STACK = -1, - NOT_STACK = 0, - GOOD_FRAME, - GOOD_STACK, -}; - #include #ifdef __KERNEL__ @@ -92,15 +80,6 @@ static inline int test_ti_thread_flag(struct thread_info *ti, int flag) #define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED) -#ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES -static inline int arch_within_stack_frames(const void * const stack, - const void * const stackend, - const void *obj, unsigned long len) -{ - return 0; -} -#endif - #ifdef CONFIG_HARDENED_USERCOPY extern void __check_object_size(const void *ptr, unsigned long n, bool to_user); diff --git a/mm/usercopy.c b/mm/usercopy.c index e9e9325..6a74776 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c @@ -19,7 +19,7 @@ #include #include #include -#include +#include #include /* -- 2.7.4