Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp630835rdd; Tue, 9 Jan 2024 15:01:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHHF2RLBJxEoqyQ9mGX6bLPqTw90hb9l+xThOoA3BjsdvoLLhydJlYaBDcR8UM7bgh0n0l X-Received: by 2002:a05:6870:b91b:b0:205:9eae:4aa4 with SMTP id gx27-20020a056870b91b00b002059eae4aa4mr234689oab.53.1704841307026; Tue, 09 Jan 2024 15:01:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704841306; cv=none; d=google.com; s=arc-20160816; b=rZiQQ/EaY9OQf0aNplQkMZuxudZ39V8W3ujVbYWE6OaYURFVgwFNahrjafHB9c1B0S h+LL1WCuuhBcdkkKr1eSv5wBih/PiUO9HqOlLx5kVYlUKSjjLfyufpcsnw8TUcuHB26e L5zYIAxePFSA1m3QlB9R07XxEcj9Nc+Nn/hV1cKQeazvUlgLML/5I4lJzXlljr0Z/jqL 9piJSMnGYrdxdFckFJV3YIMwXMBNMNZ1fCwxFcqJs+djg9Iz+wnxa+FYEUTWcmIctPny swnEokICN3gDe3cKI8dPwfr0LPCaviYkKvFkcDJFkF5NR8EwFaxWDWquCqEyGqw9uNtH mj6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=GR/ms3ctfSsOUjIPALp8Jd7xLfAi/c50pWgtGgQX/O4=; fh=i/IljVpPKineRcrx0hWjqlhx9bsnThOOK9PNHV62NLk=; b=nvEe1P5XHIpzVQp5Hc4CWsh6upCGpKB2afmPoYVPz+NzLjMwN9QOfIkYhN6evlkRZ9 BnoLOf9STkEQ2vy+wXCV0RbzPOwrphB226KCiEHqv08r14tHeE6Vjcx7mqqUlVbWMtU/ BaT1jFJ5clC6AiKNvgNk0UPvgeLyARW0068jZNOBD2gDRsmpH50UKlhrxrEyBik9V1A8 UJd22kWqxdr9VV/3u/EGRF869AuMix+3ybiedq/Vjk2SqxAxHeIdcZK8DAi9SBc2j5UV hy+BSAskOZkGGhD35MztmijVY1r0CbdR627o+P6mn27ocs6K7by/labHxO9qNbexsYKV 82Ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cRY83VTM; spf=pass (google.com: domain of linux-kernel+bounces-21488-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21488-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id bs130-20020a632888000000b005c67398f70fsi2211055pgb.379.2024.01.09.15.01.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 15:01:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21488-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=cRY83VTM; spf=pass (google.com: domain of linux-kernel+bounces-21488-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21488-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A1A4B288ADD for ; Tue, 9 Jan 2024 23:01:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 112263E46A; Tue, 9 Jan 2024 23:01:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="cRY83VTM" Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ECA9A364D7 for ; Tue, 9 Jan 2024 23:01:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-28beb1d946fso3095708a91.0 for ; Tue, 09 Jan 2024 15:01:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1704841298; x=1705446098; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=GR/ms3ctfSsOUjIPALp8Jd7xLfAi/c50pWgtGgQX/O4=; b=cRY83VTMoWd6qOPRGh+vBQzoHvwB6Kb/B59h4+sZ9nEXngc6fa3CiWY0EInO90ZUa+ pLewU+mYkzpOHedfXnb3dzk252y1eq2H4gH/bzIYAjPTX+rvNLo91RL0uUugakmkcUg5 I5+jHRHYmpFAWAEePSttL7aMvutsGKSfx/NXU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704841298; x=1705446098; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=GR/ms3ctfSsOUjIPALp8Jd7xLfAi/c50pWgtGgQX/O4=; b=dryXYkHW68nghBadZlBKaEKi1KxdLLVuPcAgtjLHpa8ME2uv/b6ea7cMZbkdp/g4yJ qIIXeq0Mg5p8lZKSXcBh4wKvxS6j+ix9Ykz+xOUTckdws7FDYtbK1spDoQNDVrlYO05H 7IILkz01O4362a50ZDRlcP2OVi1wmSibJyx5iuCchk72o/0Umr+8RWjIZeAmvySPgj9S 009VWozCzERlcqu+5Nnq8mX/IL/B2HA8SFCkHaIC3ZLOY4nPopho3tfUgPQezWWQb8O7 PQJ2A72n2H/mESMLid9UwfZMElaSnMueY0x3pG4ZjAPfXPx7xGbnD8FtTt2yIfRUSp5z Er8w== X-Gm-Message-State: AOJu0Yzy6c/PPR97ezcVQFlTrkXa9ifCQGQesJR94wAJ62zeo1gDtuZ6 30N4vVomAFzHARxeo64yvnXg+URyECtu X-Received: by 2002:a17:90b:2397:b0:28c:446c:8093 with SMTP id mr23-20020a17090b239700b0028c446c8093mr40661pjb.26.1704841298243; Tue, 09 Jan 2024 15:01:38 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id eu15-20020a17090af94f00b0028b845f2890sm19498pjb.33.2024.01.09.15.01.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 15:01:37 -0800 (PST) Date: Tue, 9 Jan 2024 15:01:37 -0800 From: Kees Cook To: Rick Edgecombe Cc: lkp@intel.com, x86@kernel.org, bp@alien8.de, dave.hansen@linux.intel.com, linux-kernel@vger.kernel.org, oe-kbuild-all@lists.linux.dev, yu-cheng.yu@intel.com Subject: Re: [PATCH] x86/shstk: Use __force when casting away __user Message-ID: <202401091501.4EC0C8EAD@keescook> References: <202401080003.duO4RmjK-lkp@intel.com> <20240109224619.1013899-1-rick.p.edgecombe@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240109224619.1013899-1-rick.p.edgecombe@intel.com> On Tue, Jan 09, 2024 at 02:46:19PM -0800, Rick Edgecombe wrote: > In setup_signal_shadow_stack() the kernel needs to push the restorer > address to the shadow stack. This involves writing the value of the > restorer pointer to the shadow stack. Since the restorer is defined as a > __user in struct k_sigaction, the __user needs to be casted away to read > the value. It is safe to do, because nothing is being dereferenced, and > the de-__user-ed value is not stashed in an accessible local variable > where it might accidentally be used for another purpose. > > However, sparse warns about casting away __user. So use __force to > silence sparse and add a comment to explain why it is ok. > > Fixes: 05e36022c054 ("x86/shstk: Handle signals for shadow stack") > Reported-by: kernel test robot > Closes: https://lore.kernel.org/oe-kbuild-all/202401080003.duO4RmjK-lkp@intel.com/ > Signed-off-by: Rick Edgecombe Seems fine to me. Thanks! Reviewed-by: Kees Cook -- Kees Cook