From patchwork Fri May 26 20:56:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 100583 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp505188qge; Fri, 26 May 2017 18:11:58 -0700 (PDT) X-Received: by 10.99.165.9 with SMTP id n9mr5830729pgf.233.1495847518356; Fri, 26 May 2017 18:11:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1495847518; cv=none; d=google.com; s=arc-20160816; b=Sbj2VPJD6NmNs+lh7dZU9tJuwjiQuDP2n0Txbe5m+plL4ub2PFQ2jlq/plnUg+3Kd8 lCvURht6aOlFSWHFhsX+TTPsk7tYY0sTcEC8P+WT5M6wOrC+7vX0osK0SpfuUbed1v4c 4J6L9zmf43T4leD2cf/31+3AgYaUmD3X1+yyyMgy9lCgi6+zsVo8nHeRCdWQ3gPRTXTg CMMYfHRauLTKZ3pZk5H/54mMAHEKgTm0d5CMxoglRkTXYemNp5CCA1v7rAgDXBedY8L5 jnWrK2vHiuONLnGtCkW4CXBAt1khTlAL/C6eeuKGSvM1DxhzIOZKQe6+D8e0bMijgz8l BeTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=jK/c8ZNQLW17Aa3QZXZ19aAb1wkUSQ6UQ6CeVy+JslQ=; b=EWB1C20MV1NMrTojW3HaXJYVnZ+xBUuK0RS8jPyl7qcSxYrSvhJMH9HsTAWyNCpEpo h/y2IXum8mBPeo8BCxq78tSlant9UAbd7uefgbl2v4xL6c4psQrwDY0yDj+Eg4TXdnzT CS5N78Y8zLm8ncJAo/EkoqfNbuSjA/4G99foF2vHblEsxQibiGUDKc+eK9zPVcWimeVh vcokeGJk9ar/lyugWJ6tCQWoDrez8Tw3ojgozTdQ8Ks+NDpUT1N/A4WvJrBsKyhlydRB UfjdSGtNOEE34GIfA2bNydSRSYbZSDjM4q0UETniq5K4hGABFmxQt6HlWVjtg8Jst2iS MM8g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g26si2539412pfk.385.2017.05.26.18.11.58; Fri, 26 May 2017 18:11:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755973AbdE0BLd (ORCPT + 6 others); Fri, 26 May 2017 21:11:33 -0400 Received: from mout.kundenserver.de ([212.227.17.24]:59965 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S944944AbdEZU5H (ORCPT ); Fri, 26 May 2017 16:57:07 -0400 Received: from wuerfel.lan ([78.42.17.5]) by mrelayeu.kundenserver.de (mreue102 [212.227.15.145]) with ESMTPA (Nemesis) id 0MaJVA-1dTpq138cC-00JvyU; Fri, 26 May 2017 22:56:37 +0200 From: Arnd Bergmann To: stable@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, keescook@chromium.org, gregkh@linuxfoundation.org, Arnd Bergmann , linux-kernel@vger.kernel.org Subject: [stable backport PATCH v2] usercopy: Adjust tests to deal with SMAP/PAN Date: Fri, 26 May 2017 22:56:25 +0200 Message-Id: <20170526205632.1955399-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:S2cDg4OA1m6yaCQ5/Fq+nh9Pz+Ie75hzAY/1/g5TVeB8/wIVj9g GIMQZbW1fQVUoYHvWyxl0nwiCal5QsjgC47CbMRD8tWPWYQonSn1xWdMJ2WzGe3o3X47ij+ z53auQw48vcrs1Gobe428Yu0CzFbcCdtuHghmKM3Dh/f8OQ8ZHsC2qFMkUQRmMsneD//Nk+ tJIsBb94yd2X3zu3okhOg== X-UI-Out-Filterresults: notjunk:1; V01:K0:fkAqW/N2PqE=:xOXYxSpzu5PM5M51sfBisP 4wfCLlM/b6IMX/VkiRDDG1j/saqwOV4bBvJi2y77z4RX/Q7ia+KTNvW9L/XYHU7wdGp7cIbG2 xt3sBmdaxk/qXXIZ/v0XzlM7NeITOODdI3Yoi9IZkAGbgyjC/qE7XGdOVgq+wEJu1twSSjs02 yv3dBMGUhE0JVzVZNGvBLymnVdavQ6DyRFqcbj09JUlL+X+l5aBybHFgQNrDChtlQzt7h1HfM 31iEPRPtJudYk50CRjmbNHwcIk0cusxSsyk2bfOnjwjc0ebwSWqR9E5yBPVYq6BI83D0VXLxc 3bRUJt5sHzV0Ap83Bj+dZLuzv+NninxusTaLRhDdh8GN3Ggu5FUz7hjfDOCGUOVO89zkWRGPQ T1n7vSgUpAdr7qik6XBFyKYDXujb90PmSYpie8AHRtte1xiI+wb/Os2s4rJ+hXqtNjj533H6+ 0/3HpfACMd/ZTO3eOAtqkAWsGzA/sgHSo8Lch9fzY5Y/beV1D/z4cRS1/JCtc2WtLgCR6JGcc Wy84SgKEcFJJJOoGpkP9b/G7K0mn5/pL7dtItme5msZUjtJnbxwf4C1Z+qnbhJh0QXTuJmuZy fvMvz2GdvCVV7Xuloi1/yT36BK+dkEMDdQdWgjx7SJoX32FC5vIn6eWLC1H5PSAZNzYIa2tUs gjzn1p5YSSV+5noqU9kojRp41PgHLpMuYMMhXtfL8XqVRh00kkLScxvzx/Oj2jdrzuPs= Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Kees Cook Commit f5f893c57e37ca730808cb2eee3820abd05e7507 upstream. Under SMAP/PAN/etc, we cannot write directly to userspace memory, so this rearranges the test bytes to get written through copy_to_user(). Additionally drops the bad copy_from_user() test that would trigger a memcpy() against userspace on failure. [arnd: the test module was added in 3.14, and this backported patch should apply cleanly on all version from 3.14 to 4.10. The original patch was in 4.11 on top of a context change I saw the bug triggered with kselftest on a 4.4.y stable kernel] Signed-off-by: Kees Cook Signed-off-by: Arnd Bergmann --- v2: remove a line that accidentally ended up from upstream version but is not part of the fix. --- lib/test_user_copy.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) -- 2.9.0 diff --git a/lib/test_user_copy.c b/lib/test_user_copy.c index 0ecef3e4690e..5e6db6b1e3bd 100644 --- a/lib/test_user_copy.c +++ b/lib/test_user_copy.c @@ -58,7 +58,9 @@ static int __init test_user_copy_init(void) usermem = (char __user *)user_addr; bad_usermem = (char *)user_addr; - /* Legitimate usage: none of these should fail. */ + /* + * Legitimate usage: none of these copies should fail. + */ ret |= test(copy_from_user(kmem, usermem, PAGE_SIZE), "legitimate copy_from_user failed"); ret |= test(copy_to_user(usermem, kmem, PAGE_SIZE), @@ -68,19 +70,33 @@ static int __init test_user_copy_init(void) ret |= test(put_user(value, (unsigned long __user *)usermem), "legitimate put_user failed"); - /* Invalid usage: none of these should succeed. */ + /* + * Invalid usage: none of these copies should succeed. + */ + + /* Reject kernel-to-kernel copies through copy_from_user(). */ ret |= test(!copy_from_user(kmem, (char __user *)(kmem + PAGE_SIZE), PAGE_SIZE), "illegal all-kernel copy_from_user passed"); + +#if 0 + /* + * When running with SMAP/PAN/etc, this will Oops the kernel + * due to the zeroing of userspace memory on failure. This needs + * to be tested in LKDTM instead, since this test module does not + * expect to explode. + */ ret |= test(!copy_from_user(bad_usermem, (char __user *)kmem, PAGE_SIZE), "illegal reversed copy_from_user passed"); +#endif ret |= test(!copy_to_user((char __user *)kmem, kmem + PAGE_SIZE, PAGE_SIZE), "illegal all-kernel copy_to_user passed"); ret |= test(!copy_to_user((char __user *)kmem, bad_usermem, PAGE_SIZE), "illegal reversed copy_to_user passed"); + ret |= test(!get_user(value, (unsigned long __user *)kmem), "illegal get_user passed"); ret |= test(!put_user(value, (unsigned long __user *)kmem),