Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp5519286rdb; Wed, 13 Dec 2023 10:55:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IH7bLSqw3hdymDrHGBJtNhmgUVzY7bgAsGHxU58p/3N+U4EVmR99zFHk8FuRbM3/m26SQP7 X-Received: by 2002:a05:6a00:218f:b0:6cb:d2cb:5234 with SMTP id h15-20020a056a00218f00b006cbd2cb5234mr10132438pfi.32.1702493700462; Wed, 13 Dec 2023 10:55:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702493700; cv=none; d=google.com; s=arc-20160816; b=a+s3DhZTAvHB0XrZdt6XZHdAzYebYIbDh83GLd1YiW6Z0FDa4uLusKX5jn3NcoFO3l d9laULevs+mGxzxUt2cCYxtr6lRY3cdkhah7/ZvHe/20/bZRzaFTu4quN2B6gR8TtRPc cTSsG5RzXRgHpfs7yo22lExWg9nUyuGijgHySpvXKre0nqd1mBnyE7i9UHONbU3lDTfR NpQoJx1U9rKLVCjmMy7F1CiMXI3RLi6qPzaZUm1tV1uxaFY7B8JNqrbPAYq3+WfwjLZ3 PovIEBp1FSa+XfAWNfkKoEAHC4KEaJxhFzMRRIc9rH8UCdpwR7601bEVZS/esEvdNqQc WmMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=NDCS9UOfkoQCbKbgKYdSPqJONg4+Gm4jJWLPZJwATro=; fh=e8zCpH9/msJxA1Oh/ki067mW8ZkriRs/9ohtUPTrbFk=; b=jKEB2Hv1RUa/u2I2/RUXghwL4oDzBVEU8cLCp2VeGtP0IZq13ao8GHBLivS7/2fXZo vzNa3LPj/AaTlPl/y7qHkbvFW5b3ffTqO2Pmh6/4BbNQ7nNblkYjNgMYEAtbF/7bMSy3 e/lq12XRYVcR5L8TP3gfbrrzDY+AnZml1pVort2R5PrRK4wZF06O9KQJBb0g6ahTzESu roKSKR3mV/QCDhpl7GHVP9+mjWs8U0Za1UlbIxI0mDCNmMwkfjlhp6f3xNhZKzpbr1GJ N8/nla0mCSoUDkatJo1CIXhiahTrVy9U1FpueSgRGvaQSs2iYGoGPhsV2sKYiqCEq8yB JXfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=D8JQWI3p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id 20-20020a630f54000000b005ca4684b4ddsi1728774pgp.498.2023.12.13.10.54.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Dec 2023 10:55:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=D8JQWI3p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id C3EA0802FB85; Wed, 13 Dec 2023 10:54:35 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379185AbjLMSyS (ORCPT + 99 others); Wed, 13 Dec 2023 13:54:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233674AbjLMSyP (ORCPT ); Wed, 13 Dec 2023 13:54:15 -0500 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 619F0B0 for ; Wed, 13 Dec 2023 10:54:20 -0800 (PST) Received: by mail-lf1-x12e.google.com with SMTP id 2adb3069b0e04-50bf7bc38c0so8298478e87.2 for ; Wed, 13 Dec 2023 10:54:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; t=1702493658; x=1703098458; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NDCS9UOfkoQCbKbgKYdSPqJONg4+Gm4jJWLPZJwATro=; b=D8JQWI3p3d3siPDBfFmFRj8zB1ioaEMzRdTmvD7xwQ0chlEh1gyofZ86nYu4wQGtwX g1KQ5IsrEl8q7LScJSU1M1unCxfltqY8JiInqVxPAgEN//1xowHGXwWiYMx61TpLG487 r2BN2sBTituCpy4yEJxUNV8j+Wi1heNr51ZJE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702493658; x=1703098458; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NDCS9UOfkoQCbKbgKYdSPqJONg4+Gm4jJWLPZJwATro=; b=QpYM/zO/TABkEv/2LI/Dl+SCurONO7EUF5fsF9D1PeYX+xzEBxswU4jRD8QAWwDH8c B1Y37Yb7OND9r+JRVuykw44spUIJ5TOZJZb86D8GpsN4pxxVU1LV51F+NqThfop0pnPd RZNsrAG0Zu9eo0i2uUttXrAWCk2/WcvquLl/LvdxNSh07LL4M/qZ46FenFfBRtKhEGvR yolET+mxxrb4NFcxAxxjmX8d6vwsD30+sY4/pVWdS/CkVD8uC/0ZHyTKEWMs2DrbneoX eDV5Q1kCiXJU2mOUlRh6erPDwKpe0LKvheEZZqeoQcgZma3xkJdMrc3w/ff5VfGIlony MxcQ== X-Gm-Message-State: AOJu0YxYSSvUtRs3s3rGYM9sFnlLY0fpe40Hc9RLZfEo6QaezAS268wv s/huDeyAUn0bpxd9T43jIUgN6c9gZC68cv+f0JmfPW30 X-Received: by 2002:a05:6512:398a:b0:50d:fb24:1224 with SMTP id j10-20020a056512398a00b0050dfb241224mr3709484lfu.129.1702493658247; Wed, 13 Dec 2023 10:54:18 -0800 (PST) Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com. [209.85.208.47]) by smtp.gmail.com with ESMTPSA id o20-20020a17090611d400b00a0d02cfa48bsm8213743eja.213.2023.12.13.10.54.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 13 Dec 2023 10:54:17 -0800 (PST) Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-55193d5e8cdso2615338a12.1 for ; Wed, 13 Dec 2023 10:54:17 -0800 (PST) X-Received: by 2002:a05:6402:2227:b0:547:9f26:e581 with SMTP id cr7-20020a056402222700b005479f26e581mr4033634edb.37.1702493657276; Wed, 13 Dec 2023 10:54:17 -0800 (PST) MIME-Version: 1.0 References: <20231213163443.70490-1-brgerst@gmail.com> <20231213163443.70490-4-brgerst@gmail.com> In-Reply-To: <20231213163443.70490-4-brgerst@gmail.com> From: Linus Torvalds Date: Wed, 13 Dec 2023 10:54:00 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 3/3] x86/sigreturn: Reject system segements To: Brian Gerst Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Ingo Molnar , Thomas Gleixner , Borislav Petkov , "H . Peter Anvin" , Peter Zijlstra , Michal Luczaj Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 13 Dec 2023 10:54:35 -0800 (PST) On Wed, 13 Dec 2023 at 08:34, Brian Gerst wrote: > > @@ -98,7 +98,11 @@ static bool ia32_restore_sigcontext(struct pt_regs *regs, > > /* Get CS/SS and force CPL3 */ > regs->cs = sc.cs | 0x03; > + if (!valid_user_selector(regs->cs)) > + return false; > regs->ss = sc.ss | 0x03; > + if (!valid_user_selector(regs->ss)) > + return false; Side note: the SS/CS checks could be stricter than the usual selector tests. In particular, normal segments can be Null segments. But CS/SS must not be. Also, since you're now checking the validity, maybe we shouldn't do the "force cpl3" any more, and just make it an error to try to load a non-cpl3 segment at sigreturn.. That forcing was literally just because we weren't checking it for sanity... Linus