From patchwork Mon Feb 11 17:59:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 158025 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2892148jaa; Mon, 11 Feb 2019 10:00:01 -0800 (PST) X-Google-Smtp-Source: AHgI3IZrwGJD9w88cMwT+LnBwnTfMrvGHah1JxgoKjj8XSX09q4tPXvHwTz4mfedKABfw7+VcesW X-Received: by 2002:a63:cd14:: with SMTP id i20mr34594190pgg.288.1549908001593; Mon, 11 Feb 2019 10:00:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549908001; cv=none; d=google.com; s=arc-20160816; b=Ni7wOf9lnIwW0ZXuBs16kvNVYmQALCIvdgK64pdqldy96+49z8MC+v0rjpSl4erCoJ riLO0ipk0amxAZ7pniOUFg9/lFcapHaawo0zUJbYtyCnU+KmPgPeFpvhBdSNX6q49cws NRiEH9LUaIxQb8Hs3YS8UXq6t5zdnkWZVwkjoDir7XGUF8jbUbr9q3zC6FFQpim9SPvs r5+W1rnEUhJlcfbRlb6whUciQQ2xHO3Y3mi9Orc1A7vDmIZRif+K3lqTJ6zNCTgHANXK WJCU+HU6RGud3I1kCtpi7xiwVX2+DgNRE/zpfJi+MfjNt5HYV19e5ofkgPjAl4OQ7eTH jnCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=7use1sZZ2PBmqfDGd/o7fQneN9vt5f85n1VoUiOudC0=; b=m5E7+RQA6YzVbmdn9lH0Sics1Y8+BzmXtJPDYRvOL4yOxbbnHfaoSh5wWbzfLSQwm8 BCe0cV9RMpII4D/E9XpGVyLjHl1VQPgvpp2JMc3Kki0ITsL8zdf9H5x8ym/nUOha6piw RqnWEXHDBNj5t3nsqdYMcSO3JC8mvEp3zcH9FfJXTVdRF7mTemT+FwE9GVisA2kkofer MaFbGrPVhNIddlqgoGC2zvUixmIr2mjVqtb90YCvdh1twvEW13QUTxsl3DPkR8lXEE0I EF6KgrwSItHSgdHVUHgAo+PLHG4nV1vbGAsy4amqgmTlcBsSze2KwrDzXCiyhEovkvKs wmRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b12si4348421pgj.327.2019.02.11.10.00.01; Mon, 11 Feb 2019 10:00:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732352AbfBKR77 (ORCPT + 31 others); Mon, 11 Feb 2019 12:59:59 -0500 Received: from foss.arm.com ([217.140.101.70]:55062 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730464AbfBKR7p (ORCPT ); Mon, 11 Feb 2019 12:59:45 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1ED88EBD; Mon, 11 Feb 2019 09:59:45 -0800 (PST) Received: from fuggles.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 992703F675; Mon, 11 Feb 2019 09:59:43 -0800 (PST) From: Will Deacon To: linux-kernel@vger.kernel.org Cc: Will Deacon , Kees Cook , Jann Horn , Andrew Morton , Matthew Wilcox , Michal Hocko , Peter Zijlstra Subject: [RFC PATCH 2/4] mm: Expose user stack pointer checking via prctl() Date: Mon, 11 Feb 2019 17:59:33 +0000 Message-Id: <20190211175935.4602-3-will.deacon@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190211175935.4602-1-will.deacon@arm.com> References: <20190211175935.4602-1-will.deacon@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hook up a prctl() option to control the level of user stack pointer checking for the current task. By default, no checking is performed, but checks can be independently controlled for system calls and page faults. The option is inherited across fork() and preserved across exec(). Cc: Kees Cook Cc: Jann Horn Cc: Andrew Morton Cc: Matthew Wilcox Cc: Michal Hocko Cc: Peter Zijlstra Signed-off-by: Will Deacon --- include/linux/mm.h | 5 +++++ include/uapi/linux/prctl.h | 5 +++++ kernel/sys.c | 5 +++++ mm/memory.c | 22 ++++++++++++++++++++++ 4 files changed, 37 insertions(+) -- 2.11.0 diff --git a/include/linux/mm.h b/include/linux/mm.h index 9fa02d47a270..7a668447c01f 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1483,8 +1483,13 @@ int generic_error_remove_page(struct address_space *mapping, struct page *page); int invalidate_inode_page(struct page *page); #ifdef CONFIG_USER_STACK_POINTER_CHECKS +long prctl_sp_check(struct task_struct *tsk, unsigned long flags); bool usp_check_syscall(void); #else +static inline long prctl_sp_check(struct task_struct *tsk, unsigned long flags) +{ + return -EINVAL; +} static inline bool usp_check_syscall(void) { return true; } #endif diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index b4875a93363a..3c4d93856f2a 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -228,4 +228,9 @@ struct prctl_mm_map { # define PR_PAC_APDBKEY (1UL << 3) # define PR_PAC_APGAKEY (1UL << 4) +/* User stack pointer sanity checking */ +#define PR_SP_CHECK 55 +# define PR_SP_CHECK_PAGE_FAULT (1UL << 0) +# define PR_SP_CHECK_SYSCALL (1UL << 1) + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index f7eb62eceb24..bd507eebed54 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2485,6 +2485,11 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, return -EINVAL; error = PAC_RESET_KEYS(me, arg2); break; + case PR_SP_CHECK: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = prctl_sp_check(me, arg2); + break; default: error = -EINVAL; break; diff --git a/mm/memory.c b/mm/memory.c index e0b449f520da..700d9fd03c88 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -71,6 +71,7 @@ #include #include #include +#include #include #include @@ -3949,6 +3950,27 @@ bool usp_check_syscall(void) up_read(&mm->mmap_sem); return ret; } + +long prctl_sp_check(struct task_struct *tsk, unsigned long flags) +{ + if (flags & ~(PR_SP_CHECK_PAGE_FAULT | PR_SP_CHECK_SYSCALL)) + return -EINVAL; + + if (flags & PR_SP_CHECK_PAGE_FAULT) + tsk->usp_checks |= USP_CHECK_FAULT; + else + tsk->usp_checks &= ~USP_CHECK_FAULT; + + if (flags & PR_SP_CHECK_SYSCALL) { + if (!IS_ENABLED(CONFIG_ARCH_HAS_USP_CHECK_SYSCALL)) + return -EINVAL; + tsk->usp_checks |= USP_CHECK_SYSCALL; + } else { + tsk->usp_checks &= ~USP_CHECK_SYSCALL; + } + + return 0; +} #else static bool usp_check_fault(unsigned int flags) { return true; } #endif