Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp299248imm; Thu, 27 Sep 2018 21:44:39 -0700 (PDT) X-Google-Smtp-Source: ACcGV61rTgx2iYP04Zz/wsns+eKVpdkaXA30wi74XqGtG/kWS3KNHB0Umpf3O9OsRzl+0GklT7KP X-Received: by 2002:a17:902:704c:: with SMTP id h12-v6mr14159609plt.237.1538109879143; Thu, 27 Sep 2018 21:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538109879; cv=none; d=google.com; s=arc-20160816; b=TIZrLkTecn/KFi4uBNC7dKiraPOfaQ20P+744OW5CXJfrrwoZgRWx/brR0aD1tA9/k E8PydJ8Qc4ynfyIqoIrO10OlIF8i73vb/+4PASXmHD30rli9FpONQ8Bg+AVijrWvoRj8 9L9oa0X6qsCYwsXk9xIOTjAExfG9UUXKZFExXqzYWP9KJDhS3a1WKpH2kmp9VhsZBXPB BUYCBuIaHEXNpZ1c9O7+C/U3ZjAG/tI0G6HZnp1aSr7sj1K2PLBa4YSDRCJq51JkHCjS bxYR4lB2I4C7rXgBTWpaZAKq06/PsLpln9p0QZnAbKrSIhLk/l3gV7VDegH3yaldmLSy 7uUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=77D7gDBkT9zjZKXaXYDmVmLCNjaaj227W0gc0uh+GUQ=; b=g7kAzzANe2HBbMKXOLZGXR/1IoGBulndwZzJGZ2uA6JUlu1MHWB6tKx6LYogyhmfmX 1NmQ4hJ7AWKNts1SvPyOcJPNVWJwEdeWVvf6PE/MG3taZw7kzRGEB9xFoa8tdUM5ZWwG u1QKsly+QZy2juGi5V7iY2BV+NYRVEigXw2m00syL7//MvP+J09IApkLTVBMrTKiMl1W gLedsH4uJxbb1Go80odh4Jit0g4T3w9H8GfDVtySbHvvx+M5viqRroIhZWk/wmYrMh15 vuzLrxK5j11mY8IKYqnc7QM+wKWuPjaJvjHfy68KZZXOspk3faAw40cvFlNRfhHST3cF QHAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Qyy2vrIS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r130-v6si3738857pgr.456.2018.09.27.21.44.20; Thu, 27 Sep 2018 21:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Qyy2vrIS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728298AbeI1LGE (ORCPT + 99 others); Fri, 28 Sep 2018 07:06:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:57472 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726106AbeI1LGE (ORCPT ); Fri, 28 Sep 2018 07:06:04 -0400 Received: from localhost (c-71-202-137-17.hsd1.ca.comcast.net [71.202.137.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id ED5BD2170E; Fri, 28 Sep 2018 04:44:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1538109855; bh=auUKGtk9R4m16ZE0rC/nI6N0K0OKYQT6FN/1Q+NhGZI=; h=From:To:Cc:Subject:Date:From; b=Qyy2vrISg8VJPpEsp9nCG3l/uFYvKRGMXgzYkuFvbXR0HS04ajnFt3A406SDZE94x hzOVRZeck4eLgKRhgZ79HunrsztY+5vzZFFfx6qHUTU+C5Lk1Ef6klON2q/Z10W4S7 29Eta/nJZzaW8bklIv4sTe83O88wwc/H0HXAROVE= From: Andy Lutomirski To: x86@kernel.org, Peter Zijlstra , Ingo Molnar , Thomas Gleixner , Darren Hart Cc: LKML , Andy Lutomirski , linux-s390@vger.kernel.org, Martin Schwidefsky , Heiko Carstens , Finn Thain , Geert Uytterhoeven Subject: [PATCH] futex: Set USER_DS for the futex_detect_cmpxchg() test Date: Thu, 27 Sep 2018 21:44:13 -0700 Message-Id: <74fb6ce22f62e0fb48b91ca9918b74cedbcecaf1.1538096323.git.luto@kernel.org> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org futex_detect_cmpxchg() checks whether cmpxchg is available by trying it on the NULL pointer and seeing what the error code is (EFAULT vs ENOSYS). This happens with KERNEL_DS set, which is impolite: while the NULL *user* pointer is definitely invalid when there is no user program running, the NULL *kernel* pointer seems more like a programming error than a safe place to do an intentionally-failing access. An upcoming hardening series I'm working on causes the existing code to OOPS, because it considers any failed uaccess with KERNEL_DS to be a sign of a bug. Explicitly set USER_DS to avoid this problem. Cc: linux-s390@vger.kernel.org Cc: Martin Schwidefsky Cc: Heiko Carstens Cc: Finn Thain Cc: Geert Uytterhoeven --- I have a couple questions here: - Is this actually okay on all architectures? That is, are there cases where we'll screw up if we fail a USER_DS access this early? s390 stands out as the obvious special case (where USER_DS is not than just a subset of KERNEL_DS), but s390 opts out. - Why doesn't x86 set HAVE_FUTEX_CMPXCHG? Or do we still support some 32-bit configurations that don't have cmpxchg and don't know about it at compile time? kernel/futex.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/futex.c b/kernel/futex.c index 11fc3bb456d6..16bd3e72602a 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -3593,6 +3593,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; + mm_segment_t old_seg; /* * This will fail and we want it. Some arch implementations do @@ -3604,8 +3605,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ + old_seg = get_fs(); + set_fs(USER_DS); if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT) futex_cmpxchg_enabled = 1; + set_fs(old_seg); #endif } -- 2.17.1