From patchwork Mon Feb 11 17:59:35 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Will Deacon <will.deacon@arm.com>
X-Patchwork-Id: 158023
Delivered-To: patch@linaro.org
Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2892001jaa;
 Mon, 11 Feb 2019 09:59:53 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ibcya1saQJQWn3rILP/ch0A2J1GSUpNmizv48AD/H5MdEaAZi6IeiaexpYgjWxjykdXtnI/
X-Received: by 2002:a63:5ec6:: with SMTP id
 s189mr33340407pgb.357.1549907993505; 
 Mon, 11 Feb 2019 09:59:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549907993; cv=none;
 d=google.com; s=arc-20160816;
 b=Yl2g2k7x2Igp6TGlEQcQN9xr2yVDJ0oj1grpuqE5JnSx4PHFYdBVJaIk/u8Vz/g34D
 prP8SGgRSa05jGpP2wtm9RyYe6q0lLld8PDKwTvT1xKH4GDAokif5e2MDNk8SxmvK/6x
 7iWN4q2Np10VPW2CFnOnlcZdzGg7NlOXhpAS/0L8HjcjB2CKzoBsoi8pCAuPWB3rrAPU
 gmtnmnB9EKbQL+aBmmsyhC/lREysYt7362qZufrqp3vWbS/WYfHUbm1PAWBQ4C2rZ78J
 6LrA/dey2R+vFCr2qLNKdTI72sUV4VN0iLA3SCrPU8noxXs0+Bc/GwnThB8rPcdqAx6h
 ChpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=x97xKymySwL3p5aC6fZaewLWSy2bEfM9v6J0tXTz75U=;
 b=EyXe/DVxX+hPSdFcdxPmJRYADjHQNwbidza5NyefDv6jXGw3TEdc1D8FLcOwRs+/XY
 mYH8+xE3eCRZKmBSc1zyW4Sd5uoqn0MJGJreww3TBx8MBmmLVQuxY7tmAn2SIvqUSZri
 kA1Cw+cfvycQE1qV+W5R1hk0qggmkWsIHOEbBmSvSCzdhx3uxwDeHxaRS82kO4WCTBOw
 6olmFWJ/GpalrXRhF/RXsORP4ssTFwLl18fboi5QbVhfsR4fmXel34ZTEjXVzJ8NgAek
 m6dShl6pTOc0BHIo45yTSc8yqbnIQyyZmau0H1l/ae5l7BNRacDyBp5hSe0qE1wtW+U9
 BjIg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id z8si9483200pgv.204.2019.02.11.09.59.53;
 Mon, 11 Feb 2019 09:59:53 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1732279AbfBKR7w (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Mon, 11 Feb 2019 12:59:52 -0500
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:55090 "EHLO
 foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1731153AbfBKR7t (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Mon, 11 Feb 2019 12:59:49 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9C8DBEBD;
 Mon, 11 Feb 2019 09:59:48 -0800 (PST)
Received: from fuggles.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id
 22B2D3F675; Mon, 11 Feb 2019 09:59:46 -0800 (PST)
From: Will Deacon <will.deacon@arm.com>
To: linux-kernel@vger.kernel.org
Cc: Will Deacon <will.deacon@arm.com>, Kees Cook <keescook@chromium.org>,
 Jann Horn <jannh@google.com>, Andrew Morton <akpm@linux-foundation.org>,
 Matthew Wilcox <willy@infradead.org>, Michal Hocko <mhocko@suse.com>,
 Peter Zijlstra <peterz@infradead.org>
Subject: [RFC PATCH 4/4] arm64: Check user stack pointer on syscall entry
Date: Mon, 11 Feb 2019 17:59:35 +0000
Message-Id: <20190211175935.4602-5-will.deacon@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20190211175935.4602-1-will.deacon@arm.com>
References: <20190211175935.4602-1-will.deacon@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Allow the user stack pointer value to be checked on system call entry
and deliver a SIGSEGV if the check does not pass.

Cc: Kees Cook <keescook@chromium.org>
Cc: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/Kconfig          | 1 +
 arch/arm64/kernel/syscall.c | 4 ++++
 2 files changed, 5 insertions(+)

-- 
2.11.0

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a4168d366127..e87304a06a85 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -29,6 +29,7 @@ config ARM64
 	select ARCH_HAS_SYNC_DMA_FOR_CPU
 	select ARCH_HAS_SYSCALL_WRAPPER
 	select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
+	select ARCH_HAS_USP_CHECK_SYSCALL
 	select ARCH_HAVE_NMI_SAFE_CMPXCHG
 	select ARCH_INLINE_READ_LOCK if !PREEMPT
 	select ARCH_INLINE_READ_LOCK_BH if !PREEMPT
diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c
index 5610ac01c1ec..06566010f6d1 100644
--- a/arch/arm64/kernel/syscall.c
+++ b/arch/arm64/kernel/syscall.c
@@ -11,6 +11,7 @@
 #include <asm/fpsimd.h>
 #include <asm/syscall.h>
 #include <asm/thread_info.h>
+#include <asm/traps.h>
 #include <asm/unistd.h>
 
 long compat_arm_syscall(struct pt_regs *regs, int scno);
@@ -71,6 +72,9 @@ static void el0_svc_common(struct pt_regs *regs, int scno, int sc_nr,
 	local_daif_restore(DAIF_PROCCTX);
 	user_exit();
 
+	if (!usp_check_syscall())
+		force_signal_inject(SIGSEGV, SEGV_MAPERR, GET_USP(regs));
+
 	if (has_syscall_work(flags)) {
 		/* set default errno for user-issued syscall(-1) */
 		if (scno == NO_SYSCALL)