From patchwork Wed Jul 12 14:44:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 9836887 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 96C6E60363 for ; Wed, 12 Jul 2017 14:46:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 87F7D204C1 for ; Wed, 12 Jul 2017 14:46:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7C7DB284E4; Wed, 12 Jul 2017 14:46:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id BA20A285D3 for ; Wed, 12 Jul 2017 14:46:18 +0000 (UTC) Received: (qmail 3313 invoked by uid 550); 12 Jul 2017 14:45:27 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 1721 invoked from network); 12 Jul 2017 14:45:21 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IsbUJeftlrOSX/qS7PZHqw7fAM9foT0Anz+xl/EojBE=; b=Z+jM5bbgD30/lzqeVdw09WbkVMhnRN4figAp0wHXB0ASLrxonjNiABvagx8uGtjL+C soX5RObVWkZxRNKDJVmg6zd5uvLIR1WeqO8SRhsPzPiyMBPifUUhmvDryT4EpI9DFC6A mld/n3xRRQBnjKeMmRzqfevqKjxSvclNZ84JY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IsbUJeftlrOSX/qS7PZHqw7fAM9foT0Anz+xl/EojBE=; b=orRW4Tc42BuzPEalrhV9jfV128jS+bkiLWCPzJGW65ldyZ1ADi48cAK42NG2J2oPJn HSwSDz4MaGXOOtbboVZiSj1zD2260g0gkoN2DeMdXtp9LzrQ4OFa5RdTtyOpZ7qKV5Ml P9Gpz+pf1RSKmgZ/2aus4cXgvNJ7Yp5HcbukdDIzUFJfb8Ufp0FlD/e/JrHkibFEZm78 52+ef7g1LqFaGJb12VClZJPFWziuorM5sUYdGMuxXkVCfjH/lyu6EEPBF5DlMXId4RBe 8GHMgczjiJqmOgrLFeFBNQ8t85omegZIaoLsDhCkNc6vHkYfxesL4HZ5qFopi06zE5YD 5JjA== X-Gm-Message-State: AIVw1131R+iLJ9Kv0lIDJLYm+V0Z5APM/bcYNV8/+Aw+S6kWC4aoLzW1 dpNgcqrarw6VlvLEYcyP3Q== X-Received: by 10.223.135.42 with SMTP id a39mr2975947wra.78.1499870710406; Wed, 12 Jul 2017 07:45:10 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, kernel-hardening@lists.openwall.com Cc: mark.rutland@arm.com, labbott@fedoraproject.org, will.deacon@arm.com, dave.martin@arm.com, catalin.marinas@arm.com, Ard Biesheuvel Date: Wed, 12 Jul 2017 15:44:21 +0100 Message-Id: <20170712144424.19528-9-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170712144424.19528-1-ard.biesheuvel@linaro.org> References: <20170712144424.19528-1-ard.biesheuvel@linaro.org> Subject: [kernel-hardening] [RFC PATCH 08/10] arm64/kernel: dump entire stack if sp points elsewhere X-Virus-Scanned: ClamAV using ClamSMTP Before adding handling for out of bounds stack accesses, update the stack dumping logic to disregard regs->sp if it does not point into the task stack anymore, and simply dump the entire stack instead. Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/traps.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index c7c7088097be..017c92b2d707 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -257,7 +257,14 @@ static int __die(const char *str, int err, struct pt_regs *regs) end_of_stack(tsk)); if (!user_mode(regs)) { - dump_mem(KERN_EMERG, "Stack: ", regs->sp, + u64 task_sp = regs->sp; + + /* dump the entire stack if sp no longer points into it */ + if (task_sp < (u64)task_stack_page(tsk) || + task_sp > (u64)task_stack_page(tsk) + THREAD_SIZE) + task_sp = (u64)task_stack_page(tsk); + + dump_mem(KERN_EMERG, "Stack: ", task_sp, THREAD_SIZE + (unsigned long)task_stack_page(tsk)); dump_backtrace(regs, tsk); dump_instr(KERN_EMERG, regs);