From patchwork Tue Jan 23 01:12:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 13526766 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 728D5C46CD2 for ; Tue, 23 Jan 2024 01:13:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=Y/Ilq7LshqH89/j9bjbwKHEWpqD8wwJI2dLaPUTsVvw=; b=QelZfw55l1hxIw 3S5eOTgkAstFhtS3emveKypDw+PSQmxzsMpJaQC7PkPArs7ok/LEF0I05PHlZTwi4uP0ve3MqM5ul 7y8Cs6Z38JeqUxrcR8HUOjw9/89Y7q4VWbhOzwIujGxYfPld6r27262H0WzBxlS0asUtB+SCGpzBJ rsVvVHi/GKkumyB1uXvuEwrj6+7es46yJR3HkDayZOJz6wZwRaFKXSdoLa5mYUFnAR6G4RkSQe9Qy Tp60Ho8yIu9D4VnoVCgaHmeiFkV33uLYt/ii9HecgACw+ziTixH/Dx3p0mBYQLMdkbE4ButCyOqKJ m727iujHE8YCHBbpAt3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rS5LL-00EhxY-2W; Tue, 23 Jan 2024 01:12:47 +0000 Received: from mail-pl1-x630.google.com ([2607:f8b0:4864:20::630]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rS5LJ-00Ehw0-1N for linux-arm-kernel@lists.infradead.org; Tue, 23 Jan 2024 01:12:47 +0000 Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-1d711d7a940so32357145ad.1 for ; Mon, 22 Jan 2024 17:12:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1705972361; x=1706577161; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=n14FGfYa3N4uzTdzNZsVaNNrsg5rUFPNmizA1oZLo14=; b=DAmc2rlCl9xLvXRQDNBJ4nDoxMBLl+h6juTWs/gGB/x9PxqIq3dG8PkltGeHDX7xCs 9P61G5nVi+HEpY5Z+THinmYMYXGtmAKXD4HIvhz5duXG0g3sGDUX9LG7G1KLJ6XOGc7G zqJbLE9cLnTKBHLVrY4y11c6sJgoo74p0WPgA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705972361; x=1706577161; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n14FGfYa3N4uzTdzNZsVaNNrsg5rUFPNmizA1oZLo14=; b=dh17rNnKblJzAsxoMeBsawSQ9Rkiimd1a5FZbqHkQBnapmhT3PLHMFgQ1OJ4tOBuB6 VVKNqsIT41MqJz9aUznl1mxcspIt736YhKltfpNjzzL834Jdbly2wmCldSqcgVWd7GAL csZZKyno3F8/hsjhT1YyAW3kxr7Yl60MyV4HDUwM7siSPIP1j2JreGktU7uG9WGwNgFb MhNI/vsevQZ3L+KF/3kLJjYEWteLTDEe1gfHdI1TKCXc/njbsPked0elPNXiIjZ0SxNH SLLbmr5fSOTgofImcDCLv53lbMgZRO2CP2v3PCz6FWeVBU3xgduNUi+MpZ9+n5jUrkr7 Uhnw== X-Gm-Message-State: AOJu0YzAKVCWzGdmAUPsHCXuhCJRt6Cl0QwVffMPKxsZodGVFgOgB1Pl CMkN9c+MVVDL7mlri0i0GJwSGRJnIYlFKPa/bdgV0QFgCQltNyEOGeI8DVNPGw== X-Google-Smtp-Source: AGHT+IHH3PujdMDfftn0ifK4xpPLi9pSA5OLmvNKNg1j+9Qyo1XlR3axM7A6jl9cXl68oYyNAu2Kdw== X-Received: by 2002:a17:902:e888:b0:1d7:52b5:9c50 with SMTP id w8-20020a170902e88800b001d752b59c50mr2638187plg.19.1705972360860; Mon, 22 Jan 2024 17:12:40 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id t10-20020a170902bc4a00b001d714a1530bsm6628583plz.176.2024.01.22.17.12.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 17:12:40 -0800 (PST) From: Kees Cook To: Russell King Cc: Kees Cook , Mark Brown , Ard Biesheuvel , Wang Kefeng , Andrew Morton , Ben Hutchings , linux-arm-kernel@lists.infradead.org, "Russell King (Oracle)" , Hugh Dickins , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] ARM: fault: Implement copy_from_kernel_nofault_allowed() Date: Mon, 22 Jan 2024 17:12:38 -0800 Message-Id: <20240123011238.work.301-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1287; i=keescook@chromium.org; h=from:subject:message-id; bh=JA+WiZ5whi3MvySX6MkJgvqaUceqzu/DBmYXunBrTeM=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlrxKG6tfWL5xIYFOGIds5Ts6wuSg01/DNuLeZT /o7VpD4uOiJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZa8ShgAKCRCJcvTf3G3A JqFMD/4gN73mQX7mlPdaa2zdsvP6xq2yWc61Unnw6gRee5hi4n3KdF0VTHrC8u6k/Ojil81Faop CycsyD3ymi/oVbJbAN8oA1wX16KvFVSjif6WYxUTkAqDotaXT1X0Oo4qYrGHbmAGX1KsXCC4l3/ b4iewmTT2eykQn8Nwn/wGsGL/gz2InD3oulj/Uiphv4kWPU8JWMycGeVd/j8LMsEHeSzhlNzEK2 lcMLvN0UFl7LeIIwjfJ4fx6lS5k475b9MelfqCneOEOIWZt5OO8wBCPyFoOHrnbQWtVgg3MqfMS TgvdVKBpb+9UKdvp63vpHvr1nEoOFh7VvIevfFgIu7E5wQ5y7LdMw0Tu7oBG5I1J89ds5umUE8D xEOHPot/UYDCpt3RwJq5Kc7OkK7WzJU+Ox/lC0cyJwzJda/kDmWoykk059C2ttsuF8J805nAWHK 2CXdOVvNRApGTU4Y49k/dPvNX8LAQkCUNUEYIFQdl2Sj8Y/Ky41W9FCh/K6Vw/NIXRrisU6lwLB HnqAAkL9cUJsNRqHAk44p4Gmt6hBD8uD9ag3Y6pGYEs76kE50YOnZkmZENzJyIVz5Bt+L5QjZSA mlW5Ku2TXKPToAGEKdO7YRa9frphpW+u4qRUNagx9DbbLO70ghNmfr+Qu/c+32TtrN7Wev1UXPC jgHeNF1 3TOXn3dw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240122_171245_463285_12A5A824 X-CRM114-Status: GOOD ( 11.89 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Under PAN emulation when dumping backtraces from things like the LKDTM EXEC_USERSPACE test[1], a double fault (which would hang a CPU) would happen because of dump_instr() attempting to read a userspace address. Make sure copy_from_kernel_nofault() does not attempt this any more. Reported-by: Mark Brown Link: https://lore.kernel.org/all/202401181125.D48DCB4C@keescook/ [1] Suggested-by: "Russell King (Oracle)" Cc: Russell King Cc: Ard Biesheuvel Cc: Wang Kefeng Cc: Andrew Morton Cc: Ben Hutchings Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Kees Cook Reviewed-by: Ard Biesheuvel Tested-by: Mark Brown --- arch/arm/mm/fault.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index e804432e905e..bc5b959b6f90 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,13 @@ #include "fault.h" +bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) +{ + unsigned long addr = (unsigned long)unsafe_src; + + return addr >= TASK_SIZE && ULONG_MAX - addr >= size; +} + #ifdef CONFIG_MMU /*