Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2344251ybz; Thu, 23 Apr 2020 16:25:01 -0700 (PDT) X-Google-Smtp-Source: APiQypJGHfDUS4yfnzCc0MFKM0IsL0fwGo4CowPOyyRnjz5tvdYZDurDAf4BMF0utmbNANmr/X/E X-Received: by 2002:a17:906:1cd5:: with SMTP id i21mr4717907ejh.251.1587684301222; Thu, 23 Apr 2020 16:25:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587684301; cv=none; d=google.com; s=arc-20160816; b=v1YQnl4cwSZg58A5t6t7jzLxYc30Eg3haCv9pe0bqwXreMS3Da18vKuBLeF/LcIeea D0w+/jG/ARCDeY9dnW2jy1D5kl7nDEMaetE9E8rHn+XY1nBhwSRkdeNfMD8+lTkC+49n qrLn5aC+Y1K778nyyYVaUmvdmHpAEiTjX2FTH6qb55G7km44c8fhdi1XSViOboSwSRNF Oom3ENLHl5Eg2VeJadnTwi0OEHdA2NLAyEntPsSBA1IED53voWqYrDkUBllVCQrWTWnj vA/8lUOCQdxGjRoAVGfRKS6uRCBsBGpGnfUt0C+kDkMXgRhusTk9XSPl7Xz2hj+JDQeq KflQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2kluk9OWnIFv54BUAY2gIxtjn+lEwtOfDikJK3DgWzA=; b=svzxjMPVxpGWdDjQ/ZCZOPW8tbf9STWfTIdqkTASHnQB8oOBn7YNhsj16DryvSRhez hn5VjJXkEh0FAiI15f+XKCSgru6wVqMhwEG6NAXs458a+JEqU7YMgqS1xqZdBYoSxkhS QV/RrcK/zfeTW78FaWinlSPLeYLObFq09QzLD3rT9zfQyjb0+xj4l+ga67Ve5+lrThLZ hZ5F29QTkZapILwXPa7RPph0npRtWz8YRVeECo7GYDDQ97DeXFX+DSmazZF8UJYzmekm SFCKpDze6nZHj5+YbK1TbbAAwshR00Hlc3uQENQAZNTPrnkbTJY6DI3bn2+FT0SnbzAE q+sQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ffNYf0Nk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v1si2086300edr.198.2020.04.23.16.24.37; Thu, 23 Apr 2020 16:25:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ffNYf0Nk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728458AbgDWXXW (ORCPT + 99 others); Thu, 23 Apr 2020 19:23:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:58748 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727976AbgDWXWN (ORCPT ); Thu, 23 Apr 2020 19:22:13 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6EB7A214AF; Thu, 23 Apr 2020 23:22:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587684132; bh=McSR8byyd5pn7qxZsE2sBlU9Wb5OJcdDZ1fu4w2Wa9Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ffNYf0NkcWlw++M4pDh2+T9403+bIikkQJb/VHg8hJzE1LJ9avnRABtX9Yg0mnxIT jiUUMVyu5zAp9ur3sbWmW/4G0VHVCVeSobCw/Lp0OAo1GbTzVrFWlOIejSKWWm/g1m hZ+2x5PWSfdMwP8yV28P92qMtjtu0djHOQXqw6gY= From: Sasha Levin To: linux-kernel@vger.kernel.org, tglx@linutronix.de, bp@alien8.de, luto@kernel.org Cc: hpa@zytor.com, dave.hansen@intel.com, tony.luck@intel.com, ak@linux.intel.com, ravi.v.shankar@intel.com, chang.seok.bae@intel.com, Sasha Levin Subject: [PATCH v10 01/18] x86/ptrace: Prevent ptrace from clearing the FS/GS selector Date: Thu, 23 Apr 2020 19:21:50 -0400 Message-Id: <20200423232207.5797-2-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200423232207.5797-1-sashal@kernel.org> References: <20200423232207.5797-1-sashal@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Chang S. Bae" When a ptracer writes a ptracee's FS/GS base with a different value, the selector is also cleared. This behavior is not correct as the selector should be preserved. Update only the base value and leave the selector intact. To simplify the code further remove the conditional checking for the same value as this code is not performance-critical. The only recognizable downside of this change is when the selector is already nonzero on write. The base will be reloaded according to the selector. But the case is highly unexpected in real usages. Suggested-by: Andy Lutomirski Signed-off-by: Chang S. Bae Reviewed-by: Tony Luck Cc: Thomas Gleixner Cc: Borislav Petkov Cc: Andy Lutomirski Cc: H. Peter Anvin Cc: Dave Hansen Cc: Tony Luck Cc: Andi Kleen Signed-off-by: Sasha Levin --- arch/x86/kernel/ptrace.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index f0e1ddbc2fd78..cc56efb75d275 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -380,25 +380,12 @@ static int putreg(struct task_struct *child, case offsetof(struct user_regs_struct,fs_base): if (value >= TASK_SIZE_MAX) return -EIO; - /* - * When changing the FS base, use do_arch_prctl_64() - * to set the index to zero and to set the base - * as requested. - * - * NB: This behavior is nonsensical and likely needs to - * change when FSGSBASE support is added. - */ - if (child->thread.fsbase != value) - return do_arch_prctl_64(child, ARCH_SET_FS, value); + x86_fsbase_write_task(child, value); return 0; case offsetof(struct user_regs_struct,gs_base): - /* - * Exactly the same here as the %fs handling above. - */ if (value >= TASK_SIZE_MAX) return -EIO; - if (child->thread.gsbase != value) - return do_arch_prctl_64(child, ARCH_SET_GS, value); + x86_gsbase_write_task(child, value); return 0; #endif } -- 2.20.1