Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Mar 2017 17:05:53 +0000
From: Russell King - ARM Linux <linux@...linux.org.uk>
To: Thomas Garnier <thgarnie@...gle.com>
Cc: Mark Rutland <mark.rutland@....com>,
	David Howells <dhowells@...hat.com>,
	Dave Hansen <dave.hansen@...el.com>, Arnd Bergmann <arnd@...db.de>,
	Al Viro <viro@...iv.linux.org.uk>,
	René Nyffenegger <mail@...enyffenegger.ch>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Kees Cook <keescook@...omium.org>,
	"Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>,
	"David S . Miller" <davem@...emloft.net>,
	Andy Lutomirski <luto@...nel.org>,
	Ard Biesheuvel <ard.biesheuvel@...aro.org>,
	Nicolas Pitre <nicolas.pitre@...aro.org>,
	Petr Mladek <pmladek@...e.com>,
	Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
	Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
	Helge Deller <deller@....de>, Rik van Riel <riel@...hat.com>,
	Ingo Molnar <mingo@...nel.org>, Oleg Nesterov <oleg@...hat.com>,
	John Stultz <john.stultz@...aro.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	Stanislav Kinsburskiy <skinsbursky@...tuozzo.com>,
	Ingo Molnar <mingo@...hat.com>, "H . Peter Anvin" <hpa@...or.com>,
	Paolo Bonzini <pbonzini@...hat.com>, Borislav Petkov <bp@...en8.de>,
	Josh Poimboeuf <jpoimboe@...hat.com>,
	Brian Gerst <brgerst@...il.com>, Jan Beulich <JBeulich@...e.com>,
	Christian Borntraeger <borntraeger@...ibm.com>,
	"Luis R . Rodriguez" <mcgrof@...nel.org>,
	He Chen <he.chen@...ux.intel.com>,
	Will Deacon <will.deacon@....com>,
	Catalin Marinas <catalin.marinas@....com>,
	James Morse <james.morse@....com>,
	Pratyush Anand <panand@...hat.com>,
	Vladimir Murzin <vladimir.murzin@....com>,
	Chris Metcalf <cmetcalf@...lanox.com>,
	Andre Przywara <andre.przywara@....com>,
	Linux API <linux-api@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>,
	the arch/x86 maintainers <x86@...nel.org>,
	linux-arm-kernel@...ts.infradead.org,
	Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH v2 4/4] arm64/syscalls: Specific usage of
 verify_pre_usermode_state

On Thu, Mar 09, 2017 at 08:35:30AM -0800, Thomas Garnier wrote:
> On Thu, Mar 9, 2017 at 8:26 AM, Russell King - ARM Linux
> <linux@...linux.org.uk> wrote:
> > I wouldn't call what you've done on ARM an "optimisation", because my
> > comment about making the fast path worthless still stands.
> 
> Why does it still stands on the latest proposal?

It's still having to needlessly save stuff when there's nothing wrong.
Remember, syscalls are a fast path, so the minimum we can do is good.
Calling into C functions is not ideal, because they will tend to be
_very_ expensive compared to hand crafted assembly, especially for
something like this.

It's possible to check the address limit in just three instructions,
which is way less than will be incurred by calling a C function.

Note: This patch is completely untested.

 arch/arm/kernel/entry-common.S | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index eb5cd77bf1d8..6b43c6d73117 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -41,8 +41,11 @@
  UNWIND(.cantunwind	)
 	disable_irq_notrace			@ disable interrupts
 	ldr	r1, [tsk, #TI_FLAGS]		@ re-check for syscall tracing
+	ldr	r2, [tsk, #TI_ADDR_LIMIT]
 	tst	r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
 	bne	fast_work_pending
+	cmp	r2, #TASK_SIZE
+	blgt	addr_limit_fail
 
 	/* perform architecture specific actions before user return */
 	arch_ret_to_user r1, lr
@@ -67,6 +70,7 @@ ENDPROC(ret_fast_syscall)
 	str	r0, [sp, #S_R0 + S_OFF]!	@ save returned r0
 	disable_irq_notrace			@ disable interrupts
 	ldr	r1, [tsk, #TI_FLAGS]		@ re-check for syscall tracing
+	ldr	r2, [tsk, #TI_ADDR_LIMIT]
 	tst	r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
 	beq	no_work_pending
  UNWIND(.fnend		)
@@ -82,6 +86,7 @@ ENDPROC(ret_fast_syscall)
 	mov	r2, why				@ 'syscall'
 	bl	do_work_pending
 	cmp	r0, #0
+	ldreq	r2, [tsk, #TI_ADDR_LIMIT]
 	beq	no_work_pending
 	movlt	scno, #(__NR_restart_syscall - __NR_SYSCALL_BASE)
 	ldmia	sp, {r0 - r6}			@ have to reload r0 - r6
@@ -99,9 +104,12 @@ ENTRY(ret_to_user)
 	disable_irq_notrace			@ disable interrupts
 ENTRY(ret_to_user_from_irq)
 	ldr	r1, [tsk, #TI_FLAGS]
+	ldr	r2, [tsk, #TI_ADDR_LIMIT]
 	tst	r1, #_TIF_WORK_MASK
 	bne	slow_work_pending
 no_work_pending:
+	cmp	r2, #TASK_SIZE
+	blgt	addr_limit_fail
 	asm_trace_hardirqs_on save = 0
 
 	/* perform architecture specific actions before user return */
@@ -125,6 +133,16 @@ ENTRY(ret_from_fork)
 	b	ret_slow_syscall
 ENDPROC(ret_from_fork)
 
+addr_limit_fail:
+#ifdef CONFIG_BUG_ON_DATA_CORRUPTION
+	stmfd	sp!, {r0, lr}
+	bl	verify_pre_usermode_state
+	ldmfd	sp!, {r0, lr}
+#endif
+	mov	r2, #TASK_SIZE
+	str	r2, [tsk, #TI_ADDR_LIMIT]
+	ret	lr
+
 /*=============================================================================
  * SWI handler
  *-----------------------------------------------------------------------------


-- 
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.