Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4975601ybb; Tue, 24 Mar 2020 08:40:44 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtvLkXG3RtjkdHNbm+eCMbEzJicm+VFlObGfaPgyrJTpOYd1dv3bSKV9v7bGIF0TbKxUctb X-Received: by 2002:aca:56c7:: with SMTP id k190mr3880076oib.127.1585064444340; Tue, 24 Mar 2020 08:40:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585064444; cv=none; d=google.com; s=arc-20160816; b=NJ58nWcuLBfhjOiGUkXV80Gbz79RHJLdiyvMzk9PpSoFPGegMe1HiUiD7Jjd3Kfd1K 69OkeAoZHc4KgsVviHAqWSOdjEziB76pp8k8XaMZx8vjP7Zh7qpXP7pJsuEY4/tmZg2C MF11tvgwrh20byl1VPfqpoY+RqV044DhhyEiTjQWtJ4WNRqYUVO8SHbd8o+NUW5PsH15 B2BoVhJ5iG0gvCPXUoPTIxfR8o8J/Q3yek+PiMHrR6vKJZj+mRfYqCrR69ErD+C5PbUj xzWXRKQWx5WbruRZhVicCBqlanr8Mle/oz5BuJpDlRdiLyqgNZXdHuT+TOiinCIywOR+ 13Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HiO01EX3OhdcpHGtPLP/JTNGovPh+r20mM8m6q+AxRU=; b=CFVljbTwRuq97CNK+zSd8IxTVe/mk3d+zv1FUzC8MaJgNQHxn06GODtr+YCRffs2q4 Pr7oVjz0hlNJbMUKfpm2NdBbx84zTMp7i1Fh9ROij4shu0Irf29j9DRQb351OkbnYcej OVgQwph0HEBP96FMMB/eJC78RPB8Whk5yIkEfQjHV75Re4r2+BEvUDvOp4icrDePVB6b uCHylfuN0Z+RhchScHDMV1LapmtR0BDhvNOdupdV1DSwmDyyi2KhQ8e2mr1vMUQ22MJq o7dSCfsRKzKxYklSP1tYORvo6HG2EsaU1mzSkU6k6ilDgUlAz2s2Wm1+KFw6ZoETiPmC 1BFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=okUik8tk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i19si9588161otp.177.2020.03.24.08.40.31; Tue, 24 Mar 2020 08:40:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=okUik8tk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727984AbgCXPi0 (ORCPT + 99 others); Tue, 24 Mar 2020 11:38:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:60414 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728657AbgCXPha (ORCPT ); Tue, 24 Mar 2020 11:37:30 -0400 Received: from localhost.localdomain (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 557A2208C3; Tue, 24 Mar 2020 15:37:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585064250; bh=ri9KQLLR3eoXLGocQosIf3Ei29WyRhQ2wVoDTxEb0QY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=okUik8tknQQ138Vj56YnBrEna4Dkp2mzticYyUdqn/jqnjmdfi8iA1WSYHvaE+ElE l0BMIexjkb1rt+rQl32RdJoYUc6XzslCr4Wct3AMllOZiubhJCtT52wo9hMR1A5OD6 XSZYQ4u2Ra6hhjPYtbysNwwxxh7mpvHPJE4nYEL0= From: Will Deacon To: linux-kernel@vger.kernel.org Cc: Will Deacon , Eric Dumazet , Jann Horn , Kees Cook , Maddie Stone , Marco Elver , "Paul E . McKenney" , Peter Zijlstra , Thomas Gleixner , kernel-team@android.com, kernel-hardening@lists.openwall.com Subject: [RFC PATCH 16/21] list_bl: Extend integrity checking in deletion routines Date: Tue, 24 Mar 2020 15:36:38 +0000 Message-Id: <20200324153643.15527-17-will@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200324153643.15527-1-will@kernel.org> References: <20200324153643.15527-1-will@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Although deleting an entry from an 'hlist_bl' optionally checks that the node being removed is unlocked before subsequently removing it and poisoning its pointers, we don't actually check for the poison values like we do for other list implementations. Add poison checks to __hlist_bl_del_valid() so that we can catch list corruption without relying on a later fault. Cc: Kees Cook Cc: Paul E. McKenney Cc: Peter Zijlstra Signed-off-by: Will Deacon --- include/linux/list_bl.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/linux/list_bl.h b/include/linux/list_bl.h index f48d8acb15b4..0839c4f43e6d 100644 --- a/include/linux/list_bl.h +++ b/include/linux/list_bl.h @@ -48,7 +48,15 @@ static inline bool __hlist_bl_add_head_valid(struct hlist_bl_head *h, static inline bool __hlist_bl_del_valid(struct hlist_bl_node *n) { unsigned long nlock = (unsigned long)n & LIST_BL_LOCKMASK; - return !CHECK_DATA_CORRUPTION(nlock, "hlist_bl_del_valid: node locked"); + + return !(CHECK_DATA_CORRUPTION(nlock, + "hlist_bl_del_valid: node locked") || + CHECK_DATA_CORRUPTION(n->next == LIST_POISON1, + "hlist_bl_del corruption, %px->next is LIST_POISON1 (%px)\n", + n, LIST_POISON1) || + CHECK_DATA_CORRUPTION(n->pprev == LIST_POISON2, + "hlist_bl_del corruption, %px->pprev is LIST_POISON2 (%px)\n", + n, LIST_POISON2)); } #else static inline bool __hlist_bl_add_head_valid(struct hlist_bl_head *h, -- 2.20.1