Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp8419262ybl; Thu, 16 Jan 2020 16:31:03 -0800 (PST) X-Google-Smtp-Source: APXvYqy+wz5Pq7u4AKYA+SxsFhtzLZ+4l0or2ptyIyuvALMTOD8pdmQNWCR800AjiU49eDiC99Bm X-Received: by 2002:aca:2210:: with SMTP id b16mr1461959oic.32.1579221063120; Thu, 16 Jan 2020 16:31:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579221063; cv=none; d=google.com; s=arc-20160816; b=kZEff9/lQJYfjHP1g9VhoP+nIsDmFnSxNfodHZOWUy/dF+sRzdcC2f5ZwmrD1WBERb xHos1ppq0Ayml8xuCQjGFtpsUOD9/xRr3EiqqqMj9VlrBNXruCxe0bnskj6zvQO52bk5 F8iEYhNML7+kd14jTsR7OXB5ZU5TvTSnadaJ9QTusszrkdfddyXzPhtB1MtvKzongIyn UE3F3eE8o6itLlvdSFwDySx6FHPLJiAMXGZ3h1X5cqXKpeLePC5tgZI8Wbx713GSK/7O 1O7ZC0/fyz8ukZDur8dvxK2r+KKaTrfSwRAAQzUecaKgavACxzI9mZQs3vPpfXcERZE0 o9Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=SZQv4R7Q7nX3MghyqI93MbgdOpxJRrnfic/9wpXjXio=; b=Ihbu8LuYYg7exAOp5+sRj2OKavf2WEXEniW1NAV2Bl1n6/okHTGHoumYq3tbz56K02 I2MZw2b67eolC1nG3OvR2QKL7ZWpKKnpu/bzJKUCJ1avNvu2H7g0clt2fKAY+d9BmP94 2cEWoLThiZc5SOklUzkiGix6Yu4t3Q/E63GTsRPqkvbYUnoADrZ7gdQW0CxWMGfnUmsN c3//MtyKIkytxcZK7hk4rNow1nJL5ijVf8El4i33qMOYK8ssmkaPUjeHeNUamKNJb9Fe 9hgbUYDARKZTsid43Y3NJA4zXrJMkwpmQVKaZcYpSbz8eU/r+tgiSDEtxefSLb6Y0hq6 7APg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=rjV4ezNy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m7si12165595oih.7.2020.01.16.16.30.51; Thu, 16 Jan 2020 16:31:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=rjV4ezNy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390860AbgAPXVn (ORCPT + 99 others); Thu, 16 Jan 2020 18:21:43 -0500 Received: from mail.kernel.org ([198.145.29.99]:49068 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390856AbgAPXVk (ORCPT ); Thu, 16 Jan 2020 18:21:40 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5F4C220684; Thu, 16 Jan 2020 23:21:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579216898; bh=128e+somJDcJtHvjLzOsfEVT1tUN9JSWtlTuDdHk/RY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rjV4ezNyPJo5eyCRxAtn1HYTdE+4WviVc5e6odkHMCApVg6/mGMIEVGMdHu3tARas /dbPfK9NG15RYcCXqyRR8B+Qr/EfwnAm8txChvKYjSQJVhis8GBimVTiGs9L0f+tMU zI40uTotfJLC7gnQLX4FYDhNU+ADWzvSk3ZMInP0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sami Tolvanen , Andy Lutomirski , Borislav Petkov , "H . Peter Anvin" , Kees Cook , Linus Torvalds , Peter Zijlstra , Thomas Gleixner , Ingo Molnar Subject: [PATCH 5.4 049/203] syscalls/x86: Use the correct function type for sys_ni_syscall Date: Fri, 17 Jan 2020 00:16:06 +0100 Message-Id: <20200116231748.274095943@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200116231745.218684830@linuxfoundation.org> References: <20200116231745.218684830@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sami Tolvanen commit f48f01a92cca09e86d46c91d8edf9d5a71c61727 upstream. Use the correct function type for sys_ni_syscall() in system call tables to fix indirect call mismatches with Control-Flow Integrity (CFI) checking. Signed-off-by: Sami Tolvanen Acked-by: Andy Lutomirski Cc: Borislav Petkov Cc: H . Peter Anvin Cc: Kees Cook Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: https://lkml.kernel.org/r/20191008224049.115427-5-samitolvanen@google.com Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- arch/x86/entry/syscall_32.c | 8 +++----- arch/x86/entry/syscall_64.c | 14 ++++++++++---- arch/x86/entry/syscalls/syscall_32.tbl | 4 ++-- 3 files changed, 15 insertions(+), 11 deletions(-) --- a/arch/x86/entry/syscall_32.c +++ b/arch/x86/entry/syscall_32.c @@ -10,13 +10,11 @@ #ifdef CONFIG_IA32_EMULATION /* On X86_64, we use struct pt_regs * to pass parameters to syscalls */ #define __SYSCALL_I386(nr, sym, qual) extern asmlinkage long sym(const struct pt_regs *); - -/* this is a lie, but it does not hurt as sys_ni_syscall just returns -EINVAL */ -extern asmlinkage long sys_ni_syscall(const struct pt_regs *); - +#define __sys_ni_syscall __ia32_sys_ni_syscall #else /* CONFIG_IA32_EMULATION */ #define __SYSCALL_I386(nr, sym, qual) extern asmlinkage long sym(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); extern asmlinkage long sys_ni_syscall(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); +#define __sys_ni_syscall sys_ni_syscall #endif /* CONFIG_IA32_EMULATION */ #include @@ -29,6 +27,6 @@ __visible const sys_call_ptr_t ia32_sys_ * Smells like a compiler bug -- it doesn't work * when the & below is removed. */ - [0 ... __NR_syscall_compat_max] = &sys_ni_syscall, + [0 ... __NR_syscall_compat_max] = &__sys_ni_syscall, #include }; --- a/arch/x86/entry/syscall_64.c +++ b/arch/x86/entry/syscall_64.c @@ -4,11 +4,17 @@ #include #include #include +#include #include #include -/* this is a lie, but it does not hurt as sys_ni_syscall just returns -EINVAL */ -extern asmlinkage long sys_ni_syscall(const struct pt_regs *); +extern asmlinkage long sys_ni_syscall(void); + +SYSCALL_DEFINE0(ni_syscall) +{ + return sys_ni_syscall(); +} + #define __SYSCALL_64(nr, sym, qual) extern asmlinkage long sym(const struct pt_regs *); #define __SYSCALL_X32(nr, sym, qual) __SYSCALL_64(nr, sym, qual) #include @@ -23,7 +29,7 @@ asmlinkage const sys_call_ptr_t sys_call * Smells like a compiler bug -- it doesn't work * when the & below is removed. */ - [0 ... __NR_syscall_max] = &sys_ni_syscall, + [0 ... __NR_syscall_max] = &__x64_sys_ni_syscall, #include }; @@ -40,7 +46,7 @@ asmlinkage const sys_call_ptr_t x32_sys_ * Smells like a compiler bug -- it doesn't work * when the & below is removed. */ - [0 ... __NR_syscall_x32_max] = &sys_ni_syscall, + [0 ... __NR_syscall_x32_max] = &__x64_sys_ni_syscall, #include }; --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -124,7 +124,7 @@ 110 i386 iopl sys_iopl __ia32_sys_iopl 111 i386 vhangup sys_vhangup __ia32_sys_vhangup 112 i386 idle -113 i386 vm86old sys_vm86old sys_ni_syscall +113 i386 vm86old sys_vm86old __ia32_sys_ni_syscall 114 i386 wait4 sys_wait4 __ia32_compat_sys_wait4 115 i386 swapoff sys_swapoff __ia32_sys_swapoff 116 i386 sysinfo sys_sysinfo __ia32_compat_sys_sysinfo @@ -177,7 +177,7 @@ 163 i386 mremap sys_mremap __ia32_sys_mremap 164 i386 setresuid sys_setresuid16 __ia32_sys_setresuid16 165 i386 getresuid sys_getresuid16 __ia32_sys_getresuid16 -166 i386 vm86 sys_vm86 sys_ni_syscall +166 i386 vm86 sys_vm86 __ia32_sys_ni_syscall 167 i386 query_module 168 i386 poll sys_poll __ia32_sys_poll 169 i386 nfsservctl