Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp377527imm;
        Mon, 2 Jul 2018 13:14:18 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpel8lcMYwDqYpjqa6CrNb5K7IjEGRzj2L/w3D2Gn6zrVkIwlPD4/GTr2ffcxU887bHdkbN0
X-Received: by 2002:a62:40dc:: with SMTP id f89-v6mr26535388pfd.194.1530562458046;
        Mon, 02 Jul 2018 13:14:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530562458; cv=none;
        d=google.com; s=arc-20160816;
        b=Ov51FaOAsKFZtioVlI4ogVzVAXu8xuKFdE0vJvyjhvJQ4srVHzRM1T1LJvABpe6bB2
         8XHCOwqFjoEMTVPFPgZDMpkhi8eblegf0iSF3C6Rj/0idsQuSDtmqq/6pIfW7D3CNLSX
         nJcl8yV2h6UJgWz9QUWfxkDTpI3PWaF3ZLLbk7Y/KmULtSr0RE4YvVzKmNKmkn8ah1LQ
         FazF7X+cFyrM2ugijhg790Psje/hCZ6F9XuPHNBC4BJW5gCqNCd1LD7MWefGCW4sRvxt
         re2/qlDjgBIhePVegHo0HlpBRcHu/kggCZ6GSyN5yNbQm4D0dXgbDbzs8zCR3T4wKfyh
         epqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=Ee4w+6MmUhTnqwEwmBKcdX2CThkK28WgWp4Np/cP+yE=;
        b=KcbNYjh0+5GG3/TLFXpBeJ4TkXfHNxc+6K+kM6/23EAP4QrLD4KAz0ea1MiTWUMZsz
         COnMEHw7eMKEcmsGet+xlGw8hCpvhEyuVyci4Q6j14qnUkPB/GklnUxN34qEECdHdFv4
         8pJf9Sy+VhHhFMKylDewyzrX6/DQjhoXYHP3RbzeUZoU55a/gm44G0nFqRgFHf+I8lxw
         tRzTg51rDQwYAAbWuKcLGDxRbiPIutdTotkMHEWTymdgTuftmJWQDkEFptGXPfByRs+Z
         YVyF8dnYbtARavZgRgbcIPS2CWg3K9Me9mIu3z1+FDJcOyIm2F0ORIh1opydIQ09GiPa
         CZZg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=CKFeO2Jj;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f9-v6si16664471plo.206.2018.07.02.13.14.03;
        Mon, 02 Jul 2018 13:14:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=CKFeO2Jj;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752978AbeGBUNQ (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Mon, 2 Jul 2018 16:13:16 -0400
Received: from mail.kernel.org ([198.145.29.99]:34664 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752728AbeGBUNO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Jul 2018 16:13:14 -0400
Received: from mail-wm0-f46.google.com (mail-wm0-f46.google.com [74.125.82.46])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 0F24925011
        for <linux-kernel@vger.kernel.org>; Mon,  2 Jul 2018 20:13:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1530562394;
        bh=GL6sljJ+sc2/09UHtzjReksrt2mF39MV4+AyIF1RMtM=;
        h=In-Reply-To:References:From:Date:Subject:To:Cc:From;
        b=CKFeO2JjAGTQo+iIxC/TWPyYTqy0FIVzpUzVP037RKgw7qF9T0Raixo2acu/OtpCP
         LJePLluJ3nOkiZzh/CnuALxcrm/3puj/8RfiPtHN9/z2ZdQkvrUasxvcLUbP1+QWaX
         0WZ+Rc3uUJvuuyxLn+nP6xAUJITb1wP28fIq3BnM=
Received: by mail-wm0-f46.google.com with SMTP id w16-v6so30179wmc.2
        for <linux-kernel@vger.kernel.org>; Mon, 02 Jul 2018 13:13:13 -0700 (PDT)
X-Gm-Message-State: APt69E3v8fTQ1UxyvCNXRL4iFHjxIixi4i6QMEXHChmZ8QaNE5N0zFm2
        BZRlM1k4Y5h7F3DbDN0kPkmBNFp7xKtuOn/lfaZXYg==
X-Received: by 2002:a1c:34c9:: with SMTP id b192-v6mr9553382wma.21.1530562392517;
 Mon, 02 Jul 2018 13:13:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a1c:7e92:0:0:0:0:0 with HTTP; Mon, 2 Jul 2018 13:12:51 -0700 (PDT)
In-Reply-To: <CA+55aFy2rxnLhbqGtz0wxW_u=x_A1zHZBNP8ZC5P12_AHyb3PA@mail.gmail.com>
References: <20180628162359.9054-1-mathieu.desnoyers@efficios.com>
 <CA+55aFwJWxsE_LL=-8WgB7uH_mYeMSu=boWF4N5KdOW673g4hA@mail.gmail.com>
 <247789350.9741.1530288432573.JavaMail.zimbra@efficios.com>
 <CA+55aFz8KyVqFsVnp-6g+thz7vmm5nK_FSdRTPSks7gsNVNRdQ@mail.gmail.com>
 <184287091.10022.1530301738384.JavaMail.zimbra@efficios.com>
 <CALCETrXqjrCoHX1KyL0iKGBaAZSGJb1cVdNN1gNigJ8DW9LF8w@mail.gmail.com>
 <1527399163.10673.1530541966296.JavaMail.zimbra@efficios.com>
 <CALCETrVeu_V-3K8OfKv9QixrWBJs+q866yb=e96sC76SS4hxYg@mail.gmail.com>
 <84003252.10754.1530558015813.JavaMail.zimbra@efficios.com>
 <CALCETrVMhU8SrZBXOXxJerrZpQ71A_f_cRBCU=Lmj_KPV0+rRA@mail.gmail.com> <CA+55aFy2rxnLhbqGtz0wxW_u=x_A1zHZBNP8ZC5P12_AHyb3PA@mail.gmail.com>
From:   Andy Lutomirski <luto@kernel.org>
Date:   Mon, 2 Jul 2018 13:12:51 -0700
X-Gmail-Original-Message-ID: <CALCETrWps4Bvd_hGviEZ+60nQFr5ovp2A0+afDWg-QOHB9x7cA@mail.gmail.com>
Message-ID: <CALCETrWps4Bvd_hGviEZ+60nQFr5ovp2A0+afDWg-QOHB9x7cA@mail.gmail.com>
Subject: Re: [RFC PATCH for 4.18 1/2] rseq: validate rseq_cs fields are < TASK_SIZE
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
        Andrew Lutomirski <luto@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Paul McKenney <paulmck@linux.vnet.ibm.com>,
        Boqun Feng <boqun.feng@gmail.com>,
        Dave Watson <davejwatson@fb.com>, Paul Turner <pjt@google.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Russell King - ARM Linux <linux@arm.linux.org.uk>,
        Ingo Molnar <mingo@redhat.com>, Peter Anvin <hpa@zytor.com>,
        Andi Kleen <andi@firstfloor.org>,
        Christoph Lameter <cl@linux.com>, Ben Maurer <bmaurer@fb.com>,
        Steven Rostedt <rostedt@goodmis.org>,
        Josh Triplett <josh@joshtriplett.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Joel Fernandes <joelaf@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 2, 2018 at 12:31 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Mon, Jul 2, 2018 at 12:02 PM Andy Lutomirski <luto@amacapital.net> wrote:
>>
>> Works for me.  Linus, any objection?
>
> I think the 4.19 stage may be overkill, but I don't hate it, so no
> real objections.
>
> If the main reason for this is that we silently clear the upper bits
> when returning to compat mode, I actually think that a better fix
> would be to just fix that. We shouldn't silently ignore bogus data in
> the return path.
>
> But I don't care enough, I think.

Like this:

diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index 3b2490b81918..ec40223c8856 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -170,6 +170,26 @@ static void exit_to_usermode_loop(struct pt_regs
*regs, u32 cached_flags)
         if (cached_flags & _TIF_USER_RETURN_NOTIFY)
             fire_user_return_notifiers();

+        if (unlikely(!user_64bit_mode(regs) &&
+                 (regs->ip & 0xffffffff00000000ull))) {
+            siginfo_t info;
+            struct task_struct *tsk = current;
+
+            /* I haven't thought about this *that* hard. */
+            clear_siginfo(&info);
+            tsk->thread.cr2    = regs->ip;
+            tsk->thread.trap_nr = X86_TRAP_PF;
+            tsk->thread.error_code = X86_PF_USER | X86_PF_INSTR;
+            info.si_signo = SIGSEGV;
+            info.si_errno = 0;
+            info.si_code = SEGV_MAPERR;
+            info.si_addr = (void __user *)regs->ip;
+            /* si_addr_lsb? */
+            force_sig_info(SIGSEGV, &info, tsk);
+
+            /* And we'll go through the loop again. */
+        }
+
         /* Disable IRQs and retry */
         local_irq_disable();

It's whitespace damaged and barely tested, but it seems to at least
not be completely busted.  I don't really love doing this, though.