Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4921975imb;
        Thu, 7 Mar 2019 03:53:39 -0800 (PST)
X-Google-Smtp-Source: APXvYqz4DTvmQOSSVzA1JHEBFrM8CbOnwv+KQacaOeEWklb1+7szl0AnVzmDnn+8H0/HPICZKhrJ
X-Received: by 2002:a17:902:9a88:: with SMTP id w8mr12525103plp.8.1551959619389;
        Thu, 07 Mar 2019 03:53:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551959619; cv=none;
        d=google.com; s=arc-20160816;
        b=kBVhWIdt9tue4mVvNAfmGBJTLkR1YUjQdlpOKzGhNcY/ufA2B9hXAxH4+0rermDp++
         Imv6gy0HPlAewnnJNrSYxCj4gZxbxH2lvrd1bU+oiqe25bxixtWNETC1NA84LvHanUy3
         94GcIYoVIjL/TuKgQ+ef7LwrhupHKAoJbTxEZLccNQ3AyfemQ8V6tWL+Zni4ysuUhU9X
         c6lMvfU4/XmujZFhR6Z4XZPL8ANn5PRtOtbfh/cLucUZnvj9YLVyyRX5eIlm/o8qXkeK
         cL3KlTXhG9AAwLIGUBmU2QSaEzs4dCeLv6kc1a7HSDppZyLFyFVblmrE1dlQrAnXJOAr
         CJhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:cc:to:from:date:user-agent
         :message-id:dkim-signature;
        bh=GIU7bkqdcNofYEsnSIvCZRtoqcbUhYFLozQs98LUjQA=;
        b=AfoLH22Mr7e2YIACvwYAGxzoRNfZXviefI8LYr7KjwZhtnqq4V6YHhLHdjuJlGF3Dd
         p4xPstAx4WBXtwsWpZW9YrtZkMLhILcvuQrjqYN/Kr/Egz7Hgs5XNouJ21XbHDsfayGY
         Eoq19laXYyRiWXVp0U4lw4IzYy3SjUaIbvUlJAKJa66enoi8DERt9o+HOteItKXPMwXG
         akdm3u8sfSMc2v8kWNVqNDwMoYyuQ8876v88grvrXM6z2JpDZGw7+6KfWWOmYt+5kpRb
         K69JMbPrGlTBgPzqbBYR5YIruJpB9JDnw4BU8litHfzcpPeBHZmudSMXaDdYWFRismEr
         00Yw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="tFyA/K3L";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b7si1143689plb.0.2019.03.07.03.53.24;
        Thu, 07 Mar 2019 03:53:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="tFyA/K3L";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726628AbfCGLxC (ORCPT <rfc822;epopevad@gmail.com> + 99 others);
        Thu, 7 Mar 2019 06:53:02 -0500
Received: from merlin.infradead.org ([205.233.59.134]:50984 "EHLO
        merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726535AbfCGLw5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Mar 2019 06:52:57 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=merlin.20170209; h=Subject:Cc:To:From:Date:Message-Id:
        Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
        Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
        Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
        List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
         bh=GIU7bkqdcNofYEsnSIvCZRtoqcbUhYFLozQs98LUjQA=; b=tFyA/K3LxECH2jT1+zynmbZ1k
        fWSUVcDJ9bw0zvz9I1DtYsp4taHfzz6Cbcy/yog1cgWVVjS/OlWlFDkZfHWpaJs8CbtksmgMukVhJ
        db+bfj9FgskmfTU/o4v/BBhD+h0u8XvsbkWLIA9078scjPetBDFNT7TyPzqzuudFNEIwTvUpabLOF
        j6aP8tdKhIAwOvYH7i0GyjkcAHMUi0S+cyYXv9SPkhl7f8HwtW51S4rXrTWbbgQ5xp4UoqI5rIJwC
        lWvxg23nSQwAycO220RIOP8ZrPn7VQxjBGKsP8WZgkN7eYxsE5ii2bihv+sxgyFVhuEjjXIC1oj8W
        3mH8U7LCA==;
Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net)
        by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux))
        id 1h1rZl-0005PR-MK; Thu, 07 Mar 2019 11:52:39 +0000
Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0)
        id 7F6582029D8D6; Thu,  7 Mar 2019 12:52:35 +0100 (CET)
Message-Id: <20190307114511.870090179@infradead.org>
User-Agent: quilt/0.65
Date:   Thu, 07 Mar 2019 12:45:11 +0100
From:   Peter Zijlstra <peterz@infradead.org>
To:     torvalds@linux-foundation.org, tglx@linutronix.de, hpa@zytor.com,
        julien.thierry@arm.com, will.deacon@arm.com, luto@amacapital.net,
        mingo@kernel.org, catalin.marinas@arm.com, james.morse@arm.com,
        valentin.schneider@arm.com, brgerst@gmail.com, jpoimboe@redhat.com,
        luto@kernel.org, bp@alien8.de, dvlasenk@redhat.com
Cc:     linux-kernel@vger.kernel.org, peterz@infradead.org,
        dvyukov@google.com, rostedt@goodmis.org
Subject: [PATCH 00/20] objtool: UACCESS validation v3
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Teach objtool to validate the UACCESS (SMAP, PAN) rules with are currently
unenforced and (therefore obviously) violated.

UACCESS sections should be small; we want to limit the amount of code that can
touch userspace. Furthermore, UACCESS state isn't scheduled, this means that
anything that directly calls into the scheduler will result in random code
running with UACCESS enabled and possibly getting back into the UACCESS region
with UACCESS disabled and causing faults.

Forbid any CALL/RET while UACCESS is enabled; but provide a few exceptions.

This builds x86_64-allmodconfig clean, and I've only got a few randconfig
failures left (GCC-8) that I'm not quite understanding.

---
 arch/x86/ia32/ia32_signal.c                |  29 ++-
 arch/x86/include/asm/asm.h                 |  24 --
 arch/x86/include/asm/nospec-branch.h       |   4 +-
 arch/x86/include/asm/smap.h                |  20 ++
 arch/x86/include/asm/uaccess.h             |   5 +-
 arch/x86/include/asm/uaccess_64.h          |   3 -
 arch/x86/include/asm/xen/hypercall.h       |  26 +-
 arch/x86/kernel/signal.c                   |   2 +-
 arch/x86/lib/copy_user_64.S                |  48 ++++
 arch/x86/lib/memcpy_64.S                   |   3 +-
 arch/x86/lib/usercopy_64.c                 |  20 --
 drivers/gpu/drm/i915/i915_gem_execbuffer.c |   6 +-
 include/linux/uaccess.h                    |   2 +
 kernel/trace/trace_branch.c                |   4 +
 lib/Makefile                               |   1 +
 lib/ubsan.c                                |   4 +
 mm/kasan/Makefile                          |   3 +
 mm/kasan/common.c                          |  10 +
 mm/kasan/report.c                          |   3 +-
 scripts/Makefile.build                     |   3 +
 tools/objtool/Makefile                     |   2 +-
 tools/objtool/arch.h                       |   8 +-
 tools/objtool/arch/x86/decode.c            |  26 +-
 tools/objtool/builtin-check.c              |   4 +-
 tools/objtool/builtin.h                    |   2 +-
 tools/objtool/check.c                      | 382 ++++++++++++++++++++++-------
 tools/objtool/check.h                      |   4 +-
 tools/objtool/elf.c                        |  15 +-
 tools/objtool/elf.h                        |   3 +-
 tools/objtool/special.c                    |  10 +-
 tools/objtool/warn.h                       |   8 +
 31 files changed, 511 insertions(+), 173 deletions(-)