Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4571213imu; Tue, 29 Jan 2019 04:01:42 -0800 (PST) X-Google-Smtp-Source: ALg8bN6S5bqFTgStiQpJv963P+nbe0E89hYvljkDwSfHVN74N9ONEOnb+teU+0vHP666Ptz3GS4Y X-Received: by 2002:a17:902:24e7:: with SMTP id l36mr25869918plg.61.1548763302097; Tue, 29 Jan 2019 04:01:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548763302; cv=none; d=google.com; s=arc-20160816; b=c21yJIZSri/oZvLHzTh5ljwDEwA9fGEbhhdXHt4CPnCuZAYQGp8x0m5jpk9RjH8pxy 7Q8GbuxQMEWJGuxRYnG3qNzN1/vKdtgmrEzLUNLtae1ikXkveGq4wlZVF/AgjUZO3u2G 39XO0ambjAj+wyuxHvZw5ssVnwYbTHketeKZasrKypCwnWD729bll7KfzDAq9nw8GVeg Iz9vnOm3KJZB7NJPdm9A1W7kEpmbHb8lPqb74ZACl/mA/hpkW1E1g37C5y1LLRqnZ/4j PtAJU7+gklFmCjM0TK3NtXKGg3LG7QdPQrPlMAxllaqyI1m56HYM+dDNnY9rgTc/U4EU V7Lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jSMHV3+K57alrxNDawYiqNxiG87uucYs4TxY82ili5k=; b=IgJ5ES4aWBbQYdEpb3aWEyJ1OhX3i3UzoIGiwgG62tS/XPVH2llY5HtRw+gaQGFi2d 32deADN80WgME9vbAtVcViy2S3kvBUSe4vGx+giPt8LUtCi5pf85ogbMj8V1Hmr0coeu Cz1ns3LnnMzic47rqG+LlAw/hkYE8/Mkmhzr8yjfinL/MhF3mYbQsH6FftWunsx9NBQp ZkIygzvXBMmkwvelV3+A8uYKQVmcJ6g4VntnDvJyjvMzDIr/nERrXDcBBgLqIdvwml7a CKtFFfo3RhSclDrY+6jpFwMb5eoxt3odz1uIjVIILwNWMGY/zlF1iIxYBYoiclXq3s2O nLAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=M2Q+vKCt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v61si10414731plb.54.2019.01.29.04.01.24; Tue, 29 Jan 2019 04:01:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=M2Q+vKCt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730795AbfA2Lph (ORCPT + 99 others); Tue, 29 Jan 2019 06:45:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:36030 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730771AbfA2Lpd (ORCPT ); Tue, 29 Jan 2019 06:45:33 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4BF2B21852; Tue, 29 Jan 2019 11:45:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1548762333; bh=pHvvNJ1xXS2OOuPaMYpf0p7vx1c46mqEit2AAUsZ3ds=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=M2Q+vKCtSunDQ2v9CnsqWIglvHZKo2wwRDwqhEC4eCzUdVLrxm1JxwEneGHT1X3uR 7JMBKIPFBaKywUaOUDk9VnCjlUJw0NpqUjwxM5ul2gz1slLiBYSdE0aWdi8k+5wvu3 l1qVPk3IhnFzqmDZk6qobXnIef70pniFMIf/Bt9E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dave Hansen , Thomas Gleixner , bp@alien8.de, hpa@zytor.com, peterz@infradead.org, mpe@ellerman.id.au, will.deacon@arm.com, luto@kernel.org, jroedel@suse.de Subject: [PATCH 4.19 072/103] x86/pkeys: Properly copy pkey state at fork() Date: Tue, 29 Jan 2019 12:35:49 +0100 Message-Id: <20190129113205.008854309@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190129113159.567154026@linuxfoundation.org> References: <20190129113159.567154026@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Dave Hansen commit a31e184e4f69965c99c04cc5eb8a4920e0c63737 upstream. Memory protection key behavior should be the same in a child as it was in the parent before a fork. But, there is a bug that resets the state in the child at fork instead of preserving it. The creation of new mm's is a bit convoluted. At fork(), the code does: 1. memcpy() the parent mm to initialize child 2. mm_init() to initalize some select stuff stuff 3. dup_mmap() to create true copies that memcpy() did not do right For pkeys two bits of state need to be preserved across a fork: 'execute_only_pkey' and 'pkey_allocation_map'. Those are preserved by the memcpy(), but mm_init() invokes init_new_context() which overwrites 'execute_only_pkey' and 'pkey_allocation_map' with "new" values. The author of the code erroneously believed that init_new_context is *only* called at execve()-time. But, alas, init_new_context() is used at execve() and fork(). The result is that, after a fork(), the child's pkey state ends up looking like it does after an execve(), which is totally wrong. pkeys that are already allocated can be allocated again, for instance. To fix this, add code called by dup_mmap() to copy the pkey state from parent to child explicitly. Also add a comment above init_new_context() to make it more clear to the next poor sod what this code is used for. Fixes: e8c24d3a23a ("x86/pkeys: Allocation/free syscalls") Signed-off-by: Dave Hansen Signed-off-by: Thomas Gleixner Reviewed-by: Thomas Gleixner Cc: bp@alien8.de Cc: hpa@zytor.com Cc: peterz@infradead.org Cc: mpe@ellerman.id.au Cc: will.deacon@arm.com Cc: luto@kernel.org Cc: jroedel@suse.de Cc: stable@vger.kernel.org Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Peter Zijlstra Cc: Michael Ellerman Cc: Will Deacon Cc: Andy Lutomirski Cc: Joerg Roedel Link: https://lkml.kernel.org/r/20190102215655.7A69518C@viggo.jf.intel.com Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/mmu_context.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -178,6 +178,10 @@ static inline void switch_ldt(struct mm_ void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk); +/* + * Init a new mm. Used on mm copies, like at fork() + * and on mm's that are brand-new, like at execve(). + */ static inline int init_new_context(struct task_struct *tsk, struct mm_struct *mm) { @@ -228,8 +232,22 @@ do { \ } while (0) #endif +static inline void arch_dup_pkeys(struct mm_struct *oldmm, + struct mm_struct *mm) +{ +#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS + if (!cpu_feature_enabled(X86_FEATURE_OSPKE)) + return; + + /* Duplicate the oldmm pkey state in mm: */ + mm->context.pkey_allocation_map = oldmm->context.pkey_allocation_map; + mm->context.execute_only_pkey = oldmm->context.execute_only_pkey; +#endif +} + static inline int arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) { + arch_dup_pkeys(oldmm, mm); paravirt_arch_dup_mmap(oldmm, mm); return ldt_dup_context(oldmm, mm); }