Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp696664pxb; Thu, 12 Nov 2020 14:06:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJzVzkqYEu8OrguzgKQTAq1BMpJe8/SY8u89L/0PIgw7RDzubw7r2FAZ/c55lccGOCCJZ+K7 X-Received: by 2002:a17:906:512:: with SMTP id j18mr1502934eja.370.1605218779342; Thu, 12 Nov 2020 14:06:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605218779; cv=none; d=google.com; s=arc-20160816; b=A93itdsZzQQS3TgJ0qc8X6zWcKjIAcmBYqltiXiAfYFTIoF9vsow7JDlUCnPe0aKM+ NyB5F399igf+TZQZLW58r3qxme5ynh8uHzoMk8/tmjFxgG6b9Qmnp+UaBkRyBdLpzzpO a/m9BJVmmH1tyRnqjkB0admxHlgPH+5Um3B7sC4ZsBwwzSqKga1FFyf3KTUVvfiU82nw CPyyd3n25y6EAQ68tE3z+r3sZ/MuVesRt3QKHHGNaKJRisVlEfaOwsRk33Eoaz7r/H2P DJy2mg6xfvjfZStbBk+64w5A7xyfqGJcqAcdFuxLtET0Ct+kaWyM1PL7tVGbmVnmCv0e PT8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LrXubYLHoUYzYYz0xphWM3pwe5YVqgV+p5Q9r/FTsE0=; b=dLIKv36TYBuHmdhB2npM01DHs4XPWjnMM4As3iCMb5Ad0ryBSHxjsoqwA3JzyaOh07 R2x8rxEp3o1WB2pL08vuLY8kgJEN6FMsqp+9rBT3qknFfRFlGUYr/a5d+wfpHF5KAXY2 0vz3Oxo0i2SLsZCYRN+i+qo8+HsVH+EBnIoTxi3URDfZNNMbGoyVpRNxHIiE7gHx89t5 PoRuLf8g5SNkJLxFa7k++3E8gzV0Mov+3qT423OB78r9BrCcoCmUrC4XNRDIm7edDE+m 54JQ18W4DUVFxM+K6jndcLxw24QPcCz85oo+ovLPjGVrfQeMqxFCUWHc5JgklimmPffD V2Ow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XBMixRKE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q25si4451880ejd.426.2020.11.12.14.05.55; Thu, 12 Nov 2020 14:06:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XBMixRKE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727811AbgKLWDh (ORCPT + 99 others); Thu, 12 Nov 2020 17:03:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:51968 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727801AbgKLWDg (ORCPT ); Thu, 12 Nov 2020 17:03:36 -0500 Received: from suppilovahvero.lan (83-245-197-237.elisa-laajakaista.fi [83.245.197.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1A9EF21D7F; Thu, 12 Nov 2020 22:03:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605218615; bh=uqpHLcPZino2yEMltWpyaGARZTu7pMUqeIRcIUZbI4g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XBMixRKEVvcAe38v2xjKbIKwiYwdg0GtIBO5EnjWnvneSiqzwnobg0cCYlG/NdkzU sig5MFWbokoL4ro2mGeqz/l8QZG3wgyTq4O5kCg4NYI4K1k806LX33bB4FBo0DlGmK QAvke+LEVTgaTwQ8PPTOQnPHQlBQeazwoCkKpUXM= From: Jarkko Sakkinen To: x86@kernel.org, linux-sgx@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Sean Christopherson , Jethro Beekman , Jarkko Sakkinen , akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com, asapek@google.com, bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, dave.hansen@intel.com, haitao.huang@intel.com, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, luto@kernel.org, nhorman@redhat.com, npmccallum@redhat.com, puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com, mikko.ylinen@intel.com Subject: [PATCH v41 17/24] x86/fault: Add helper function to sanitize error code Date: Fri, 13 Nov 2020 00:01:28 +0200 Message-Id: <20201112220135.165028-18-jarkko@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201112220135.165028-1-jarkko@kernel.org> References: <20201112220135.165028-1-jarkko@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson vDSO exception fixup is a replacement for signals in limited situations. Signals and vDSO exception fixup need to provide similar information to userspace, including the hardware error code. That hardware error code needs to be sanitized. For instance, if userspace accesses a kernel address, the error code could indicate to userspace whether the address had a Present=1 PTE. That can leak information about the kernel layout to userspace, which is bad. The existing signal code does this sanitization, but fairly late in the signal process. The vDSO exception code runs before the sanitization happens. Move error code sanitization out of the signal code and into a helper. Call the helper in the signal code. Acked-by: Jethro Beekman # v40 # Signed-off-by: Sean Christopherson Signed-off-by: Jarkko Sakkinen --- Changes from v39: * Add the missing change to the set_signal_archinfo() that removes the snippet contained in sanitize_error_code(). arch/x86/mm/fault.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 9339fee83784..0161d4acf3ad 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -602,11 +602,9 @@ pgtable_bad(struct pt_regs *regs, unsigned long error_code, oops_end(flags, regs, sig); } -static void set_signal_archinfo(unsigned long address, - unsigned long error_code) +static void sanitize_error_code(unsigned long address, + unsigned long *error_code) { - struct task_struct *tsk = current; - /* * To avoid leaking information about the kernel page * table layout, pretend that user-mode accesses to @@ -617,7 +615,13 @@ static void set_signal_archinfo(unsigned long address, * information and does not appear to cause any problems. */ if (address >= TASK_SIZE_MAX) - error_code |= X86_PF_PROT; + *error_code |= X86_PF_PROT; +} + +static void set_signal_archinfo(unsigned long address, + unsigned long error_code) +{ + struct task_struct *tsk = current; tsk->thread.trap_nr = X86_TRAP_PF; tsk->thread.error_code = error_code | X86_PF_USER; @@ -658,6 +662,8 @@ no_context(struct pt_regs *regs, unsigned long error_code, * faulting through the emulate_vsyscall() logic. */ if (current->thread.sig_on_uaccess_err && signal) { + sanitize_error_code(address, &error_code); + set_signal_archinfo(address, error_code); /* XXX: hwpoison faults will set the wrong code. */ @@ -806,13 +812,7 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, if (is_errata100(regs, address)) return; - /* - * To avoid leaking information about the kernel page table - * layout, pretend that user-mode accesses to kernel addresses - * are always protection faults. - */ - if (address >= TASK_SIZE_MAX) - error_code |= X86_PF_PROT; + sanitize_error_code(address, &error_code); if (likely(show_unhandled_signals)) show_signal_msg(regs, error_code, address, tsk); @@ -931,6 +931,8 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (is_prefetch(regs, error_code, address)) return; + sanitize_error_code(address, &error_code); + set_signal_archinfo(address, error_code); #ifdef CONFIG_MEMORY_FAILURE -- 2.27.0