Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp745597ybt; Fri, 26 Jun 2020 10:29:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzpTGIQx2X5vfYuz5i98B0xnGWhZ+RYVjITKaXBtUU6u1sOHIOtiQ3bGacvGbt5X0/DlV6+ X-Received: by 2002:a17:906:cc58:: with SMTP id mm24mr3794900ejb.134.1593192592503; Fri, 26 Jun 2020 10:29:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593192592; cv=none; d=google.com; s=arc-20160816; b=GY95DY3L3JVCREs+Wo79n5CogXV7xxDGOWAFXmL2ZHnHIMy+czp/M5lI/nvwnzZp8b EvSWs+hJAMxO2ZXXirD2eZ+MSGRWHSwr+LLTAECOxgMD0Wmrrz5q4UHelxoFlC5+KVop fPRZhdh7FxJ+hUDWmyUNpraehXGm190qr+9CvcWawf/SwPNfuAD/cg/IPyJ9Hry7xnC0 5TQQAZXAw/bVi4aIrT1/XZt38hquakxKJHcTy3DkcHpaPGlUzu39bd13NH9qVlpqrfGd h5mRImn8OTHCl3Rp0FXYy+C+RoO79gbMLi0LjDqpG2G3DUsEmZajJA5lZKtKVmyTtDzT K/sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Xb0DDOCftX6oFPy6sIcmwPGowNxTkjl31tZYEUt+nCg=; b=bc5ilBHWN8z/Lo2Lq0uUMkVJ8aV9FPpIWTzbDm6cqxvm2ppxbBIWaw3lK+tqunaGEy REoc95XS4y+M5NOilJd04rgSh6D9jyj3zuDPV2GkpCfpkTjnH0E9xgewL1ow8h798zZW nTO9GvSAoVbZmbvAdu8qxRWOfDNPU4y2OdEk/OpOAC4crHUWjLAALoXY6AAGnt9qOuC6 ygvw6ZkI6T+A1NY5AToUXKbY0lcO3niascuy+We5Spb02H9BTMWD4B/GFIVdo9rQEpFJ xVpFSEJFFRUZ7JBrd0rcVWtPbhkvoVjdQDh6SNx8Sl+u7mbm46WFBrQ7tDM4bGXcrpx6 EfJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mPPamoIx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e1si16395982ejf.3.2020.06.26.10.29.29; Fri, 26 Jun 2020 10:29:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=mPPamoIx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726934AbgFZRVW (ORCPT + 99 others); Fri, 26 Jun 2020 13:21:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:39736 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725957AbgFZRVU (ORCPT ); Fri, 26 Jun 2020 13:21:20 -0400 Received: from localhost (c-67-180-165-146.hsd1.ca.comcast.net [67.180.165.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 231C720823; Fri, 26 Jun 2020 17:21:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593192080; bh=ITdNEEY+ZHKHsjx3oMsm/9Nbn6kiG/EkZjcuFwym5no=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mPPamoIx+AvB5/BkRh8J+OwzXuhJ6XadVUjCoHniecDZyTU/JCZlkEWcZvTHr9esU wMUZw0TVkIWnHOKXyiaCmLxKf6bOf/nO7xElHnQmqpB533lzQEoxN8rXAfgnncVryd NA1Y6aknx9bEQXsiyRC0QY0PPJI/BNRvau6p4m7U= From: Andy Lutomirski To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, Andrew Cooper , Juergen Gross , Andy Lutomirski Subject: [PATCH 1/6] x86/entry: Assert that syscalls are on the right stack Date: Fri, 26 Jun 2020 10:21:11 -0700 Message-Id: <52059e42bb0ab8551153d012d68f7be18d72ff8e.1593191971.git.luto@kernel.org> X-Mailer: git-send-email 2.25.4 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Now that the entry stack is a full page, it's too easy to regress the system call entry code and end up on the wrong stack without noticing. Assert that all system calls (SYSCALL64, SYSCALL32, SYSENTER, and INT80) are on the right stack and have pt_regs in the right place. Signed-off-by: Andy Lutomirski --- arch/x86/entry/common.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index bd3f14175193..ed8ccc820995 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -45,6 +45,15 @@ #define CREATE_TRACE_POINTS #include +/* Check that the stack and regs on entry from user mode are sane. */ +static void check_user_regs(struct pt_regs *regs) +{ + if (IS_ENABLED(CONFIG_DEBUG_ENTRY)) { + WARN_ON_ONCE(!on_thread_stack()); + WARN_ON_ONCE(regs != task_pt_regs(current)); + } +} + #ifdef CONFIG_CONTEXT_TRACKING /** * enter_from_user_mode - Establish state when coming from user mode @@ -127,9 +136,6 @@ static long syscall_trace_enter(struct pt_regs *regs) unsigned long ret = 0; u32 work; - if (IS_ENABLED(CONFIG_DEBUG_ENTRY)) - BUG_ON(regs != task_pt_regs(current)); - work = READ_ONCE(ti->flags); if (work & (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU)) { @@ -346,6 +352,8 @@ __visible noinstr void do_syscall_64(unsigned long nr, struct pt_regs *regs) { struct thread_info *ti; + check_user_regs(regs); + enter_from_user_mode(); instrumentation_begin(); @@ -409,6 +417,8 @@ static void do_syscall_32_irqs_on(struct pt_regs *regs) /* Handles int $0x80 */ __visible noinstr void do_int80_syscall_32(struct pt_regs *regs) { + check_user_regs(regs); + enter_from_user_mode(); instrumentation_begin(); @@ -460,6 +470,8 @@ __visible noinstr long do_fast_syscall_32(struct pt_regs *regs) vdso_image_32.sym_int80_landing_pad; bool success; + check_user_regs(regs); + /* * SYSENTER loses EIP, and even SYSCALL32 needs us to skip forward * so that 'regs->ip -= 2' lands back on an int $0x80 instruction. -- 2.25.4