From patchwork Mon Mar 5 10:31:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 10258781 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0328360211 for ; Mon, 5 Mar 2018 11:42:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E0BB8284C3 for ; Mon, 5 Mar 2018 11:42:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D55EC28537; Mon, 5 Mar 2018 11:42:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 49B02284C3 for ; Mon, 5 Mar 2018 11:42:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=MnmH9EdlJMGPlnWYDi8ztA61qQGG2J3AyEXMNlU90mw=; b=j4Z k5ba102s03YjpfKiD5cWtxEoYgeyujjZDnbsxhrUtaTZ16TjM7HyGS8qTSnO9Lvnfb336fuoXqjlz 0mZ4te3GIRKAZIBU2xOgTRoCpvAfj1Mioz5R4agTWdsGg0T6558HJeqD5wv91XtkftkSGAOlrJHlr TG4cUz7foe8aFN3wCHRPrg+kgJuF6DZoKDLJ+S8yrKsijzMCtwoj+RpkkDslMSZsTwvRX3MJbFNvc saaXT026UKS23IHsvtqYLx/+20H0U+DVq9Wls1b4NfvB8yF7YkLE+5EEKN+roglmgVf/c79zpUMui MjWXFHziq0V9vS4rFeLr2Qia8cuLR9w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1esoVv-0001K7-4c; Mon, 05 Mar 2018 11:42:43 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1esoUx-0000jx-3m for linux-arm-kernel@bombadil.infradead.org; Mon, 05 Mar 2018 11:41:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=N7hcijHTz9PK/rzznHq83b9a9h4t23mLLRQf2zLQXfg=; b=yv9e/gpCnealxmFK+r1J8I3md dp9X3YiMCmPQGH9WCUw0vHY9Rxox2UsPL9mSWrr3iL9VFw0/H8NvsIK+fXkg2qXZY39C1mdbjZoQ3 e3OlFpnsgJQ1T35hLwJm+sxAW3IZQO4rnxC9w8VuFPPYS7epEoJOGQVFsYy0Z9NRfyJUDtyETEuQV RzzNmzCcBrQoUj9IwoASvz4Zo4MGZ6iLBrX+whOvfqXM1qOri0Faa+Y0LHYYblRu53F8rN2NROwey veMH/8zHHQV4LPshMZ5hzZTu7yy7JCiq4Ae5AKErrsGHsEC/JEJRzc3FjSiSj0PFz/rAPBX18B/zy 1XO3BEcBw==; Received: from foss.arm.com ([217.140.101.70]) by merlin.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1esnOv-0002EZ-Km for linux-arm-kernel@lists.infradead.org; Mon, 05 Mar 2018 10:31:27 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C75C914; Mon, 5 Mar 2018 02:31:12 -0800 (PST) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 987B83F487; Mon, 5 Mar 2018 02:31:12 -0800 (PST) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 736D71AE52C7; Mon, 5 Mar 2018 10:31:16 +0000 (GMT) From: Will Deacon To: linux-arm-kernel@lists.infradead.org Subject: [RFC PATCH] arm64: fault: Don't populate ESR context for user fault on kernel VA Date: Mon, 5 Mar 2018 10:31:15 +0000 Message-Id: <1520245875-32527-1-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180305_053125_763192_7BA24FA8 X-CRM114-Status: GOOD ( 10.45 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Will Deacon , Dave Martin , Ard Biesheuvel MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP User faults on kernel addresses are a good sign that the faulting task is either up to no good or is in deep trouble. In such situations, exposing the optional ESR context on the sigframe as part of the delivered signal is only useful to attackers who are using information about underlying hardware fault (e.g. translation vs permission) as a mechanism to defeat KASLR. Remove the ESR context from the sigframe for user faults on kernel addresses. Cc: Ard Biesheuvel Cc: Dave Martin Signed-off-by: Will Deacon --- Here's another one that doesn't make a huge amount of difference when kpti is enabled, but I think is a change worth making all the same. arch/arm64/mm/fault.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 49dfb08a6c4d..b9800395788e 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -292,8 +292,10 @@ static void __do_kernel_fault(unsigned long addr, unsigned int esr, static void __do_user_fault(struct siginfo *info, unsigned int esr) { - current->thread.fault_address = (unsigned long)info->si_addr; - current->thread.fault_code = esr; + unsigned long addr = (unsigned long)info->si_addr; + + current->thread.fault_address = addr; + current->thread.fault_code = addr < TASK_SIZE ? esr : 0; arm64_force_sig_info(info, esr_to_fault_info(esr)->name, current); }