Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2993737lqo; Tue, 21 May 2024 03:49:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXxfAU2dkDAKiB+paCDP0lM9b3A9ydWfJK60lQwPb0ZqznJRCuVRiD5wH9i02uk8aXikm+aOrg66fjlvYK8Y9UTD8deJX6OU537+g6fzA== X-Google-Smtp-Source: AGHT+IEOqOnPSPDTegLmy9W//TrVxTUSqsIKhcsWzgM68M8eXDb8IR0jiZeQKV+hV6COZPksUW8v X-Received: by 2002:a17:906:a41:b0:a5d:edb:6d59 with SMTP id a640c23a62f3a-a5d0edb7945mr719894066b.73.1716288540077; Tue, 21 May 2024 03:49:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716288540; cv=pass; d=google.com; s=arc-20160816; b=wnom308sMJusJ6sMK/P6Qz37NA6Sek8ARzmY+xhmgizSKVc1SrvLhuN4QeNV8fEwEu CztxTo0+S2kxqkL9HZfKH6gmWWUmY989pKAkOOH8gQzuPSkm0FohRrjAAIjTz86ezy3U F7wP1WE5YX4STeov/3pjNhlmzpyA75mctlV0I62Xwjlc7JjFAD8VX0h825ApUcKw83xx o1M8efpCuj1JxqXTLTTujjfvBYVWDKNZfeIt0l8yrcN15tl2tc3hM/L2kgaUrrXWCzNw iGN2RyhWNI2IAFWZZtqZ+IhKmT4glmHJ9R/bQuN+9WCpVV/4N/vzYZCevvLhQ1Jv34jV Onzw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=SsZnsj7GQ4HCwjmjmQe5PaPA2m2zdAOK7KQcAnn9LG8=; fh=nmDo0evxWwTAvBlxNELHY/fYZbxD4K9pluaUjPt1MrQ=; b=V1QhhzPUKoJiHYSTN4b6aNSyk2VIycBV4h1Vlig1IiuxSBkmyY3qryvu5gtdBehLgp bSj1XwPTMiN2+cvXyMYlxI3zF/PnWoCGiXoEGrBZa+iA1ck7C/82mEKMEDXpidDKfxMJ W3k8oWUKF7c9+pMqDH0Lci5wwsiTYGZOe6N0hjgVKTOAAWeLRfrL4yHfdy4FDjqp5mmt 7JTGVq+CnMhWZuMI2pB1f6ofc83rEj8ZFMquIK7QUIUsjcXGJe9UwjxydpJyb/0ZGQVn yrT1aZPtzuRIcJ4IdASlR+BEmE5JG/pZP8ZoYxMld6Ntxs/0sGBAqYEPkxyd47r+n/ly WNRQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EfP4+Oh7; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-184820-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184820-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a5a17bfc532si1396766566b.868.2024.05.21.03.49.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 03:49:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-184820-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EfP4+Oh7; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-184820-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184820-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id CAB5E1F228AD for ; Tue, 21 May 2024 10:48:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 91E9473183; Tue, 21 May 2024 10:48:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EfP4+Oh7" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ABE696BFDC; Tue, 21 May 2024 10:48:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716288525; cv=none; b=oqbXWtEnGGTdjA/CdkrIymMuK7R7syCcCpmDHQ7u1xhNuvJYZCWm/N6486PdLCjbS2AEcEiqR0UYV4GZh88J1cob2L/XUMbIf1yGc3/5zP7YwoCHgm+jeECm180z5vXRJgCTuxFPk1eWBQ91Z0EDDY5Vj58SM42b8VYB92fm0Gk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716288525; c=relaxed/simple; bh=Z8DXNDPnmFnRTeFkXHNzbgWi0PNawYnnzOuslkQUpZU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Sa6y6sJXkqLUnNVFWZ4nwOjU5fNRaF7XivL2m0btHyjaUKadtG8Z0bVmVFxvE7eS+7/6TABBqUM7B9wxKn1d7Iu/ZTBTu4G7QGKzvu4SwYhuY/VZuGbY9B+LKj94UGeNb73T/gdbFGZuHoMo4rN4UIna2H4Mq3RE66h+l72aFyM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EfP4+Oh7; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D191C2BD11; Tue, 21 May 2024 10:48:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716288525; bh=Z8DXNDPnmFnRTeFkXHNzbgWi0PNawYnnzOuslkQUpZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EfP4+Oh7+GXfzLtJc1453I2ZgPPd2dt7EQilKIhug2ROnj/ux1URKK+GIinbYKVCC E+979p5uS2BS0DITqJk1NE5KO1dv0oY0wqR3VOKiuEJiZYyUKIXV9n5xLcIFjypnso nSeCdsa5A+H5S03zMTf0Dh9ScLbCv/0TlzEjQLN7V9jA/OjBHB/HVzKD3AfBjSSY1S Aw8CQR4PRjMDAzYmAs61o6bLipJpHxFwVA5eUqfqnr678k+SBTe+LCKE7tJUZR20gW XqQZ8/phLvB95M1VG4limxenOZvrMz5KYKyXdbnfkCH8rtR3PUQkhaBhERC89l3Pgm tSSIRITrhoALw== From: Jiri Olsa To: Steven Rostedt , Masami Hiramatsu , Oleg Nesterov , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-man@vger.kernel.org, x86@kernel.org, bpf@vger.kernel.org, Song Liu , Yonghong Song , John Fastabend , Peter Zijlstra , Thomas Gleixner , "Borislav Petkov (AMD)" , Ingo Molnar , Andy Lutomirski , "Edgecombe, Rick P" , Deepak Gupta Subject: [PATCHv6 bpf-next 1/9] x86/shstk: Make return uprobe work with shadow stack Date: Tue, 21 May 2024 12:48:17 +0200 Message-ID: <20240521104825.1060966-2-jolsa@kernel.org> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240521104825.1060966-1-jolsa@kernel.org> References: <20240521104825.1060966-1-jolsa@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Currently the application with enabled shadow stack will crash if it sets up return uprobe. The reason is the uretprobe kernel code changes the user space task's stack, but does not update shadow stack accordingly. Adding new functions to update values on shadow stack and using them in uprobe code to keep shadow stack in sync with uretprobe changes to user stack. Fixes: 8b1c23543436 ("x86/shstk: Add return uprobe support") Signed-off-by: Jiri Olsa --- arch/x86/include/asm/shstk.h | 2 ++ arch/x86/kernel/shstk.c | 11 +++++++++++ arch/x86/kernel/uprobes.c | 7 ++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/shstk.h b/arch/x86/include/asm/shstk.h index 42fee8959df7..896909f306e3 100644 --- a/arch/x86/include/asm/shstk.h +++ b/arch/x86/include/asm/shstk.h @@ -21,6 +21,7 @@ unsigned long shstk_alloc_thread_stack(struct task_struct *p, unsigned long clon void shstk_free(struct task_struct *p); int setup_signal_shadow_stack(struct ksignal *ksig); int restore_signal_shadow_stack(void); +int shstk_update_last_frame(unsigned long val); #else static inline long shstk_prctl(struct task_struct *task, int option, unsigned long arg2) { return -EINVAL; } @@ -31,6 +32,7 @@ static inline unsigned long shstk_alloc_thread_stack(struct task_struct *p, static inline void shstk_free(struct task_struct *p) {} static inline int setup_signal_shadow_stack(struct ksignal *ksig) { return 0; } static inline int restore_signal_shadow_stack(void) { return 0; } +static inline int shstk_update_last_frame(unsigned long val) { return 0; } #endif /* CONFIG_X86_USER_SHADOW_STACK */ #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/kernel/shstk.c b/arch/x86/kernel/shstk.c index 6f1e9883f074..9797d4cdb78a 100644 --- a/arch/x86/kernel/shstk.c +++ b/arch/x86/kernel/shstk.c @@ -577,3 +577,14 @@ long shstk_prctl(struct task_struct *task, int option, unsigned long arg2) return wrss_control(true); return -EINVAL; } + +int shstk_update_last_frame(unsigned long val) +{ + unsigned long ssp; + + if (!features_enabled(ARCH_SHSTK_SHSTK)) + return 0; + + ssp = get_user_shstk_addr(); + return write_user_shstk_64((u64 __user *)ssp, (u64)val); +} diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c index 6c07f6daaa22..6402fb3089d2 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c @@ -1076,8 +1076,13 @@ arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs return orig_ret_vaddr; nleft = copy_to_user((void __user *)regs->sp, &trampoline_vaddr, rasize); - if (likely(!nleft)) + if (likely(!nleft)) { + if (shstk_update_last_frame(trampoline_vaddr)) { + force_sig(SIGSEGV); + return -1; + } return orig_ret_vaddr; + } if (nleft != rasize) { pr_err("return address clobbered: pid=%d, %%sp=%#lx, %%ip=%#lx\n", -- 2.45.0