Received: by 10.223.164.221 with SMTP id h29csp353745wrb; Fri, 3 Nov 2017 16:05:32 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QIf1kntQRgnwH7JLD4bTrcLA27D8rIWHfVWunSDlA8oIsXe/xOB9J9ESGOY4ltAMY7cEB1 X-Received: by 10.84.235.69 with SMTP id g5mr8384621plt.239.1509750332439; Fri, 03 Nov 2017 16:05:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509750332; cv=none; d=google.com; s=arc-20160816; b=NvJdcYiDgC7dFZhxi2M7imNi+kaY3yplGXffe0pqndZxM/oYRLmQrks8OupwhDkcv4 Mi1TE6a8z4GehOKQPSJbor5eJiOee/zrvRF8tyO2mwtsCPZksXF6j5mxd3N2X8UliaxW nScZs985ORMIY0Vs/1vsCc6aza6zhjm7qDiOJSVXDHxF6Ijsx9rhCCw4nOKq4emg6ABO Acz/saccICvSSF7Qu0shmfr+qVrOOYxZ6AA/2T7xYnczcYX/RytSuH4VMtz+6osbbDoK sZ+vKkdTNM8X7F3KyMt21Byugn1zCZH+U95YP9oIzmsAuwnjyWH3OsF0qCPw7opGOZXB X8BQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:message-id:date:subject:cc:to :from:arc-authentication-results; bh=hIuH7feV/3Yr2tCufVteXry0sJPILfzRI2ezezib8uc=; b=qonKEWJPcHrqgTRR84hcjMQVh12Puqa8yASuqfcFPlM73QeEpNB4SKK0FxMNKNkAN8 JiujLdHrH1734ps1NOOOuep3BI7bXnloJlw5BpxP1nHYN7+LheQpCwTpxIgxgiUy2xCV BQWoQyrqws0bRPEKmnjW4uSL4m+ey2fAnyXwu2jtY6ZrYO6HnMMeal3XlmShSudUw9X7 YBwtfGS+9yqaX+Reiay6XCNe5fWA3RZqWi7zyJsCxBX0vXTzKLe1wuTmlfAVAUk9kGHu kvKquUcWoi0D8jSuz3RpZ/A0IZsl5+QUrKzM28Pj9IQZHRKojcUJrcnOIi3w50xjqKVB 1zvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h4si5867264pll.684.2017.11.03.16.05.19; Fri, 03 Nov 2017 16:05:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755945AbdKCXEd (ORCPT + 92 others); Fri, 3 Nov 2017 19:04:33 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:49113 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752446AbdKCXEb (ORCPT ); Fri, 3 Nov 2017 19:04:31 -0400 Received: by mail-oi0-f66.google.com with SMTP id m198so3284921oig.5 for ; Fri, 03 Nov 2017 16:04:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to; bh=hIuH7feV/3Yr2tCufVteXry0sJPILfzRI2ezezib8uc=; b=YDWm9IYZZwzF5CSIL2bangmA+fTxn9iFYDTD3qsMY5vJmgHzBcvNnCeoL48wEqwfsA H3pr2OdBoAuQ5qH8Hrex/Y50bFAPGpzuTgyDg/ehgIFrLsN3pK+9EEggF2EmmRmwmUXE tOh+1tZBfFgIC8bhy5RXlfy+5xwW8D8o4/oW0h7G+krBJobiGxMHvvBWQv1cEH8vINWY s/kjyz7vLMXxq1tjqr/DrFE88VNnSBsLPcXm8srjOJXZXIBuXtvQ7udxFBLXqxfECCMJ CxGqVx8q3a/PiB5pE/9kLOeDbZg42TBXbrarW80kW7KyZT6y+OwFmN/QGv46SeH3g8XD vWDw== X-Gm-Message-State: AMCzsaWvKefTpSaIBV0jPISxYuj0DzbTVp9Kea/l5wnquFRHJ8xKHYoP EI3MFNzK+jrp9A9ni0rPVhl86w== X-Received: by 10.202.89.134 with SMTP id n128mr4964874oib.64.1509750271227; Fri, 03 Nov 2017 16:04:31 -0700 (PDT) Received: from labbott-redhat-machine.redhat.com ([2601:602:9802:a8dc::e174]) by smtp.gmail.com with ESMTPSA id m40sm3383415otb.34.2017.11.03.16.04.29 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 03 Nov 2017 16:04:30 -0700 (PDT) From: Laura Abbott To: kernel-hardening@lists.openwall.com Cc: Laura Abbott , linux-kernel@vger.kernel.org, Mark Rutland , Kees Cook , x86@kernel.org Subject: [RFC PATCH 1/2] x86: Avoid multiple evaluations in __{get,put}_user_size Date: Fri, 3 Nov 2017 16:04:25 -0700 Message-Id: <20171103230426.19114-1-labbott@redhat.com> X-Mailer: git-send-email 2.13.5 In-reply-to: <20171026090942.7041-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently __{get,put}_user_size() expand their ptr argument in several places, and some callers pass in expressions with side effects. For example, fs/binfmt_elf.c, passes sp++ as the ptr argument to a chain of __put_user() calls. So far this isn't a problem, as each of these uses is mutually exclusive. However, in subsequent patches we will need to make use of the ptr argument several times, and ensure that we evaluate the ptr expression exactly once to avoid corrupting the pointer. In preparation for such uses, this patch reorganises __{get,put}_user_size to evaluate the ptr argument into a temporary __{gu,pu}_ptr variable, ensuring that side-effects occur exaclty once. There should be no functional change as a result of this patch. Based on work done for arm64 by Mark Rutland. Signed-off-by: Laura Abbott --- This is setup patch for checking __{get,put}_user on x86 based on Mark Rutland's work for arm64 lkml.kernel.org/r/<20171026090942.7041-1-mark.rutland@arm.com> --- arch/x86/include/asm/uaccess.h | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h index 574dff4d2913..d23fb5844404 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -275,21 +275,25 @@ extern void __put_user_8(void); #define __put_user_size(x, ptr, size, retval, errret) \ do { \ + typeof(ptr) __pu_ptr = (ptr); \ retval = 0; \ - __chk_user_ptr(ptr); \ + __chk_user_ptr(__pu_ptr); \ switch (size) { \ case 1: \ - __put_user_asm(x, ptr, retval, "b", "b", "iq", errret); \ + __put_user_asm(x, __pu_ptr, retval, "b", "b", "iq", \ + errret); \ break; \ case 2: \ - __put_user_asm(x, ptr, retval, "w", "w", "ir", errret); \ + __put_user_asm(x, __pu_ptr, retval, "w", "w", "ir", \ + errret); \ break; \ case 4: \ - __put_user_asm(x, ptr, retval, "l", "k", "ir", errret); \ + __put_user_asm(x, __pu_ptr, retval, "l", "k", "ir", \ + errret); \ break; \ case 8: \ - __put_user_asm_u64((__typeof__(*ptr))(x), ptr, retval, \ - errret); \ + __put_user_asm_u64((__typeof__(*ptr))(x), __pu_ptr, \ + retval, \ errret); \ break; \ default: \ __put_user_bad(); \ @@ -352,20 +356,24 @@ do { \ #define __get_user_size(x, ptr, size, retval, errret) \ do { \ + typeof(ptr) __gu_ptr = (ptr); \ retval = 0; \ - __chk_user_ptr(ptr); \ + __chk_user_ptr(__gu_ptr); \ switch (size) { \ case 1: \ - __get_user_asm(x, ptr, retval, "b", "b", "=q", errret); \ + __get_user_asm(x, __gu_ptr, retval, "b", "b", "=q", \ + errret); \ break; \ case 2: \ - __get_user_asm(x, ptr, retval, "w", "w", "=r", errret); \ + __get_user_asm(x, __gu_ptr, retval, "w", "w", "=r", \ + errret); \ break; \ case 4: \ - __get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \ + __get_user_asm(x, __gu_ptr, retval, "l", "k", "=r", \ + errret); \ break; \ case 8: \ - __get_user_asm_u64(x, ptr, retval, errret); \ + __get_user_asm_u64(x, __gu_ptr, retval, errret); \ break; \ default: \ (x) = __get_user_bad(); \ -- 2.13.5 From 1583066527105470510@xxx Fri Nov 03 17:24:48 +0000 2017 X-GM-THRID: 1583066527105470510 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread