From patchwork Mon Apr 9 00:24:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sasha Levin X-Patchwork-Id: 132949 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp644150ljb; Sun, 8 Apr 2018 17:30:11 -0700 (PDT) X-Google-Smtp-Source: AIpwx48ESLkNpVvtyf50V2uNv/8NbAN4q0f5CUgAkGAK9pL4fF8ibftOTzMYhp+sRNxWYIiTdRGC X-Received: by 2002:a17:902:7c83:: with SMTP id y3-v6mr31675700pll.378.1523233811123; Sun, 08 Apr 2018 17:30:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523233811; cv=none; d=google.com; s=arc-20160816; b=h22EXy5r/LL2e1pyuERMVEUlOE/9WrRpoWRXu1uGrXgEJHOuhRuFJbbjP3UE99nZr2 rsvAdj7+szOHB444CneqICVbTYLBlCayzKJbis4FlNRsC5+x2+Bl/ZyWGx2vnpAgMj5/ TEQepEsALRpUqrgMe4AFLSfWFAnVsTwkqtUqJo/oz6WINpn7mArBK6sBDkRSflDgoitz FWfCbieYuC+xnUUN873ddLkl1CSiFmGVf19n7lrfOYEQSLPK8kDezAV13Ks2rWVW1pmW twtg6f5MC6Dal+OGPvBwerPXBv5CnScqClBUS6vF7verMYAVZ7YbJzStj6vrJtvZAge+ ikCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :spamdiagnosticmetadata:spamdiagnosticoutput:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=Hc6nLPJVp8wu8SkOJXZj19L1h+xsTjdVFHXZuslMiMA=; b=IUtSiCUOGSJmQvuGEL9hcxx4oVeXevBDwNIUH9TYDnrQO3q7JWxOunuMjIW6ZAnvLo f7RqJ4MfUloGEu7GEn+X5yFcoY3om22H8Z9MwHUunx2LXmAB2taLBkocoAv4V7UK+Zgj HGBqKPVUkYW/IpoQd9PyIP3eUdks6EvCv5LwBi/xnHrw4e/70bN+9zA6eT/q3viuZqKS 8ldKoL0FhXzXWZ68sx30/rGbd9yWBawpADQAKWuTQ+sQOJpAUuUAPOVgZRAj/aCViQEd WlnnnCJwfU789Tw038gvOJo0Dt4cckPfN9lEAsHSyl9hAyogW1HDo5AkhdnLM646adQh B9eA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=gn3K2+nD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j3si10227182pga.364.2018.04.08.17.30.10; Sun, 08 Apr 2018 17:30:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=gn3K2+nD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756058AbeDIAaH (ORCPT + 29 others); Sun, 8 Apr 2018 20:30:07 -0400 Received: from mail-sn1nam02on0106.outbound.protection.outlook.com ([104.47.36.106]:7529 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932128AbeDIA3s (ORCPT ); Sun, 8 Apr 2018 20:29:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Hc6nLPJVp8wu8SkOJXZj19L1h+xsTjdVFHXZuslMiMA=; b=gn3K2+nDKO3KG5cdsaQHNH+Xs2lLH8Z7v7n/qrj3ObWOM+to3xwQzHDYZogeE4hyul+OiDQy3Ws0+fDezEWpCWbw8Es70vQWuZkcgTcGf4CN6pL7u97b8o9X6n2g7CdrSAeTj9FfCjAwD8kIt+jIsmiCowG0IcZBYQnipIKzAfs= Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.696.0; Mon, 9 Apr 2018 00:29:43 +0000 Received: from DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::8109:aef0:a777:7059]) by DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::8109:aef0:a777:7059%2]) with mapi id 15.20.0696.003; Mon, 9 Apr 2018 00:29:43 +0000 From: Sasha Levin To: "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: Dave Martin , Will Deacon , Sasha Levin Subject: [PATCH AUTOSEL for 4.9 120/293] arm64: ptrace: Flush user-RW TLS reg to thread_struct before reading Thread-Topic: [PATCH AUTOSEL for 4.9 120/293] arm64: ptrace: Flush user-RW TLS reg to thread_struct before reading Thread-Index: AQHTz5kersbuDb7X0EWcileNz7K5cw== Date: Mon, 9 Apr 2018 00:24:26 +0000 Message-ID: <20180409002239.163177-120-alexander.levin@microsoft.com> References: <20180409002239.163177-1-alexander.levin@microsoft.com> In-Reply-To: <20180409002239.163177-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DM5PR2101MB1032; 7:TQqY1ulQEa71DIfNi8UUJ58bHSTUpAKptRFsnYONNmzL07cfUnkv/6Zq7T/VEAnPHQp9Xn3JDoIrqooD4VZl4iYy14GKcniG1Utm6evo+k0D5KxnYynzWkbExNNo//kvumeJzUWBOhLykRoACRDnDmyYe3m1dMwekhfJxsMggD5ojTYHM7Xe+iAqGwsL4g1UNA812dzJWk9DzinT9t5f2fX2o92EMQqVQB/t32f70zgc7qrU1Y30gIGTAWkniYln; 20:iaQezoq1jj3Ka9D6W2Gu6if0bX0+IuIuTTXvjexGaFenKyMTxqvG2HBxcDhYuTX99X8k66yDQ0oFIdJNR5EoI1IKNeoR9MMB/dP5fcyLAZlRP94u2Z/6hQoLvXOEAcxPhUne1Mb3ZEk2s92GxsEy8MRSLjfZ/hyEbpjeO1B94Wg= x-ms-office365-filtering-ht: Tenant X-MS-Office365-Filtering-Correlation-Id: 2ef8733c-dbcd-492c-52ae-08d59db0fd45 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR2101MB1032; x-ms-traffictypediagnostic: DM5PR2101MB1032: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(89211679590171); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231221)(944501327)(52105095)(10201501046)(93006095)(93001095)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR2101MB1032; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB1032; x-forefront-prvs: 0637FCE711 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(346002)(396003)(39860400002)(376002)(366004)(189003)(199004)(5660300001)(76176011)(99286004)(10090500001)(2900100001)(105586002)(305945005)(7736002)(107886003)(2501003)(5250100002)(14454004)(53936002)(4326008)(8936002)(68736007)(25786009)(86612001)(3846002)(66066001)(1076002)(486006)(316002)(72206003)(22452003)(106356001)(186003)(97736004)(6436002)(6116002)(476003)(2616005)(478600001)(6486002)(10290500003)(2906002)(110136005)(54906003)(6512007)(81156014)(81166006)(8676002)(36756003)(11346002)(3660700001)(446003)(6666003)(86362001)(26005)(102836004)(3280700002)(6506007)(22906009)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB1032; H:DM5PR2101MB1032.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: jM96s6lPQbFt4vVwGLZzxXSu/9p/OElnkEGdTIIWUBdmvXcMsFQ0dB00p+IJ1VsnwK0riHN078Xsvdz7s0YmUsMizDm5UEIFwDx1pd0nsgJN89LMkcE6UYJ+6XejTnO2CrcqAzOmUqfRseLMirhM57B9nnekj62zuGDl4DtsakjNv/+hZt4CrHMMokPs1QxoSMNQER8SbUsBMq6EhAdgS9H0lDL0cvIaL0cpHozGLJQg6xmkdQQQwARUo/jr+tL2SW17BKOZfuUNZI2xBakkAZJmNKV5roHyMdF8ao1c/R/FlcZaNpB8/CxLE9rgzguDBJ1BEu4sxx8qN4yLNp/kwa2SY25gunisORvR5KWWtfLJXvMp6XB11y4iaTJwq1EWBMUsR2LdVdiBLD4Fk6S4fSoqCxjriX6CHXcmjsaP+1c= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ef8733c-dbcd-492c-52ae-08d59db0fd45 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2018 00:24:26.5656 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB1032 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin [ Upstream commit 936eb65ca22ad856cb3a995e8cd742e982dc2dd0 ] When reading current's user-writable TLS register (which occurs when dumping core for native tasks), it is possible that userspace has modified it since the time the task was last scheduled out. The new TLS register value is not guaranteed to have been written immediately back to thread_struct in this case. As a result, a coredump can capture stale data for this register. Reading the register for a stopped task via ptrace is unaffected. For native tasks, this patch explicitly flushes the TPIDR_EL0 register back to thread_struct before dumping when operating on current, thus ensuring that coredump contents are up to date. For compat tasks, the TLS register is not user-writable and so cannot be out of sync, so no flush is required in compat_tls_get(). Signed-off-by: Dave Martin Signed-off-by: Will Deacon Signed-off-by: Sasha Levin --- arch/arm64/include/asm/processor.h | 3 +++ arch/arm64/kernel/process.c | 8 ++++++-- arch/arm64/kernel/ptrace.c | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) -- 2.15.1 diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 60e34824e18c..b3ac6e5a70b9 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -102,6 +102,9 @@ struct thread_struct { #define task_user_tls(t) (&(t)->thread.tp_value) #endif +/* Sync TPIDR_EL0 back to thread_struct for current */ +void tls_preserve_current_state(void); + #define INIT_THREAD { } static inline void start_thread_common(struct pt_regs *regs, unsigned long pc) diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0e7394915c70..90e2823e5081 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -304,12 +304,16 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start, return 0; } +void tls_preserve_current_state(void) +{ + *task_user_tls(current) = read_sysreg(tpidr_el0); +} + static void tls_thread_switch(struct task_struct *next) { unsigned long tpidr, tpidrro; - tpidr = read_sysreg(tpidr_el0); - *task_user_tls(current) = tpidr; + tls_preserve_current_state(); tpidr = *task_user_tls(next); tpidrro = is_compat_thread(task_thread_info(next)) ? diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 8eedeef375d6..d1fd560b3a2a 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -646,6 +646,10 @@ static int tls_get(struct task_struct *target, const struct user_regset *regset, void *kbuf, void __user *ubuf) { unsigned long *tls = &target->thread.tp_value; + + if (target == current) + tls_preserve_current_state(); + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, tls, 0, -1); }