From patchwork Thu Sep 7 17:36:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tycho Andersen X-Patchwork-Id: 9942573 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5C79F600CB for ; Thu, 7 Sep 2017 17:37:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4E718285B5 for ; Thu, 7 Sep 2017 17:37:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 43235285C2; Thu, 7 Sep 2017 17:37:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 3EF45285B5 for ; Thu, 7 Sep 2017 17:37:56 +0000 (UTC) Received: (qmail 20174 invoked by uid 550); 7 Sep 2017 17:37:19 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 20010 invoked from network); 7 Sep 2017 17:37:16 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=docker.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KHojqUOWmJDz9tfe9IwDWkUKreubtBkPO5Jqkvo52Oo=; b=fpEmzV21qixxAj5Y2Y/Sl8LeOin2ilgtKlxfeU6Sga/4j3kAopRloiMUIVvD/Af6xz E4ZB4zNmdtMYSEd+6Ysv7rsOSqNRRBssXEY6e3nY2sV0o8bgylCsBPa8lPWGjIzVHSlU IZhE8zabWm6lAeUgHK3LqsF7KhYMCi80B+xRA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KHojqUOWmJDz9tfe9IwDWkUKreubtBkPO5Jqkvo52Oo=; b=nvcF8ngfO8M9XLQ58gO6M40v6SD8vnTW8B9k9ztqMH7kZlFcJPMKvPoFujxR5+RTQf arZlErNQzbuvrpT04fSwemnnx55+xkV0L3UClViaP05WMzG8AMJLY+8EYP9VVSzaKX2e 0IPEexm52HxoCGY3Ny6ncVxjXUJbVZSPcVK45Ink9OtG3nolVF5SvVI3M21lg0fdtdfN T6Ug4NuNbOmEAYVwzwC4ZqaErEuAqb/0ZGDY70IOynFvnVU0S6evKncx9R9J83yet68u 5GwBxBUq+TTWvl6q+4Fx+QkgYntgzOZewIn4vlyGBF5zMIQrV1FfuVk6dG1d94uGZQGX IasA== X-Gm-Message-State: AHPjjUihnZmvW1IRpJvgJTy8OlgnajZCuXC3Au01X3IBo+gw+Wb6NqWJ XFixEpn/6q7f/lOP0WKQSA== X-Google-Smtp-Source: AOwi7QBmOmUzK9bT4tob1NWM+0WjGxnANngQ4mCXdVlwmS8DnlE4Y3HSEG5hpjwJDe1Yco5AqaaMWw== X-Received: by 10.107.20.20 with SMTP id 20mr78410iou.229.1504805824932; Thu, 07 Sep 2017 10:37:04 -0700 (PDT) From: Tycho Andersen To: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, kernel-hardening@lists.openwall.com, Marco Benatto , Juerg Haefliger , Tycho Andersen , x86@kernel.org Date: Thu, 7 Sep 2017 11:36:00 -0600 Message-Id: <20170907173609.22696-3-tycho@docker.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170907173609.22696-1-tycho@docker.com> References: <20170907173609.22696-1-tycho@docker.com> Subject: [kernel-hardening] [PATCH v6 02/11] x86: always set IF before oopsing from page fault X-Virus-Scanned: ClamAV using ClamSMTP Oopsing might kill the task, via rewind_stack_do_exit() at the bottom, and that might sleep: Aug 23 19:30:27 xpfo kernel: [ 38.302714] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:33 Aug 23 19:30:27 xpfo kernel: [ 38.303837] in_atomic(): 0, irqs_disabled(): 1, pid: 1970, name: lkdtm_xpfo_test Aug 23 19:30:27 xpfo kernel: [ 38.304758] CPU: 3 PID: 1970 Comm: lkdtm_xpfo_test Tainted: G D 4.13.0-rc5+ #228 Aug 23 19:30:27 xpfo kernel: [ 38.305813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014 Aug 23 19:30:27 xpfo kernel: [ 38.306926] Call Trace: Aug 23 19:30:27 xpfo kernel: [ 38.307243] dump_stack+0x63/0x8b Aug 23 19:30:27 xpfo kernel: [ 38.307665] ___might_sleep+0xec/0x110 Aug 23 19:30:27 xpfo kernel: [ 38.308139] __might_sleep+0x45/0x80 Aug 23 19:30:27 xpfo kernel: [ 38.308593] exit_signals+0x21/0x1c0 Aug 23 19:30:27 xpfo kernel: [ 38.309046] ? blocking_notifier_call_chain+0x11/0x20 Aug 23 19:30:27 xpfo kernel: [ 38.309677] do_exit+0x98/0xbf0 Aug 23 19:30:27 xpfo kernel: [ 38.310078] ? smp_reader+0x27/0x40 [lkdtm] Aug 23 19:30:27 xpfo kernel: [ 38.310604] ? kthread+0x10f/0x150 Aug 23 19:30:27 xpfo kernel: [ 38.311045] ? read_user_with_flags+0x60/0x60 [lkdtm] Aug 23 19:30:27 xpfo kernel: [ 38.311680] rewind_stack_do_exit+0x17/0x20 To be safe, let's just always enable irqs. The particular case I'm hitting is: Aug 23 19:30:27 xpfo kernel: [ 38.278615] __bad_area_nosemaphore+0x1a9/0x1d0 Aug 23 19:30:27 xpfo kernel: [ 38.278617] bad_area_nosemaphore+0xf/0x20 Aug 23 19:30:27 xpfo kernel: [ 38.278618] __do_page_fault+0xd1/0x540 Aug 23 19:30:27 xpfo kernel: [ 38.278620] ? irq_work_queue+0x9b/0xb0 Aug 23 19:30:27 xpfo kernel: [ 38.278623] ? wake_up_klogd+0x36/0x40 Aug 23 19:30:27 xpfo kernel: [ 38.278624] trace_do_page_fault+0x3c/0xf0 Aug 23 19:30:27 xpfo kernel: [ 38.278625] do_async_page_fault+0x14/0x60 Aug 23 19:30:27 xpfo kernel: [ 38.278627] async_page_fault+0x28/0x30 When a fault is in kernel space which has been triggered by XPFO. Signed-off-by: Tycho Andersen CC: x86@kernel.org --- arch/x86/mm/fault.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 2a1fa10c6a98..7572ad4dae70 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -864,6 +864,12 @@ no_context(struct pt_regs *regs, unsigned long error_code, /* Executive summary in case the body of the oops scrolled away */ printk(KERN_DEFAULT "CR2: %016lx\n", address); + /* + * We're about to oops, which might kill the task. Make sure we're + * allowed to sleep. + */ + flags |= X86_EFLAGS_IF; + oops_end(flags, regs, sig); }