From: Ingo Molnar <mingo@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
Eric Biggers <ebiggers3@gmail.com>,
Andy Lutomirski <luto@amacapital.net>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Rik van Riel <riel@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [PATCH 00/10] x86/fpu: Split up "x86/fpu: Tighten validation of user-supplied xstate_header"
Date: Sun, 24 Sep 2017 12:59:03 +0200 [thread overview]
Message-ID: <20170924105913.9157-1-mingo@kernel.org> (raw)
As mentioned before, the patch was too big and too complex, and I've split it
up into 10 smaller, bisectable patches:
Eric Biggers (10):
x86/fpu: Introduce validate_xstate_header()
x86/fpu: Use validate_xstate_header() to validate the xstate_header in xstateregs_set()
x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate()
x86/fpu: Copy the full state_header in copy_kernel_to_xstate()
x86/fpu: Eliminate the 'xfeatures' local variable in copy_kernel_to_xstate()
x86/fpu: Use validate_xstate_header() to validate the xstate_header in copy_kernel_to_xstate()
x86/fpu: Copy the full header in copy_user_to_xstate()
x86/fpu: Eliminate the 'xfeatures' local variable in copy_user_to_xstate()
x86/fpu: Use validate_xstate_header() to validate the xstate_header in copy_user_to_xstate()
x86/fpu: Use using_compacted_format() instead of open coded X86_FEATURE_XSAVES
arch/x86/include/asm/fpu/xstate.h | 4 ++++
arch/x86/kernel/fpu/regset.c | 21 ++++++-----------
arch/x86/kernel/fpu/signal.c | 17 ++++++-------
arch/x86/kernel/fpu/xstate.c | 76 +++++++++++++++++++++++++++++++++--------------------------
4 files changed, 63 insertions(+), 55 deletions(-)
I kept the attribution in place, because the end result is almost the same.
Below is the interdiff from the original version, I uninlined validate_xstate_header(),
because it's way too large to be inlined everywhere, plus I removed a couple of
spurious "!= 0" patterns.
The latest x86/fpu bits can be found in -tip:
git git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master
git git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.x86/fpu
Thanks,
Ingo
===
include/asm/fpu/xstate.h | 23 +----------------------
kernel/fpu/xstate.c | 28 ++++++++++++++++++++++++++--
2 files changed, 27 insertions(+), 24 deletions(-)
diff --git a/arch/x86/include/asm/fpu/xstate.h b/arch/x86/include/asm/fpu/xstate.h
index 3d79d0ee4d30..83fee2469eb7 100644
--- a/arch/x86/include/asm/fpu/xstate.h
+++ b/arch/x86/include/asm/fpu/xstate.h
@@ -54,27 +54,6 @@ int copy_kernel_to_xstate(struct xregs_state *xsave, const void *kbuf);
int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf);
/* Validate an xstate header supplied by userspace (ptrace or sigreturn) */
-static inline int validate_xstate_header(const struct xstate_header *hdr)
-{
- /* No unknown or supervisor features may be set */
- if (hdr->xfeatures & (~xfeatures_mask | XFEATURE_MASK_SUPERVISOR))
- return -EINVAL;
-
- /* Userspace must use the uncompacted format */
- if (hdr->xcomp_bv)
- return -EINVAL;
-
- /*
- * If 'reserved' is shrunken to add a new field, make sure to validate
- * that new field here!
- */
- BUILD_BUG_ON(sizeof(hdr->reserved) != 48);
-
- /* No reserved bits may be set */
- if (memchr_inv(hdr->reserved, 0, sizeof(hdr->reserved)))
- return -EINVAL;
-
- return 0;
-}
+extern int validate_xstate_header(const struct xstate_header *hdr);
#endif
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index 7ebd1a0811b6..f1d5476c9022 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -483,6 +483,30 @@ int using_compacted_format(void)
return boot_cpu_has(X86_FEATURE_XSAVES);
}
+/* Validate an xstate header supplied by userspace (ptrace or sigreturn) */
+int validate_xstate_header(const struct xstate_header *hdr)
+{
+ /* No unknown or supervisor features may be set */
+ if (hdr->xfeatures & (~xfeatures_mask | XFEATURE_MASK_SUPERVISOR))
+ return -EINVAL;
+
+ /* Userspace must use the uncompacted format */
+ if (hdr->xcomp_bv)
+ return -EINVAL;
+
+ /*
+ * If 'reserved' is shrunken to add a new field, make sure to validate
+ * that new field here!
+ */
+ BUILD_BUG_ON(sizeof(hdr->reserved) != 48);
+
+ /* No reserved bits may be set */
+ if (memchr_inv(hdr->reserved, 0, sizeof(hdr->reserved)))
+ return -EINVAL;
+
+ return 0;
+}
+
static void __xstate_dump_leaves(void)
{
int i;
@@ -1127,7 +1151,7 @@ int copy_kernel_to_xstate(struct xregs_state *xsave, const void *kbuf)
memcpy(&hdr, kbuf + offset, size);
- if (validate_xstate_header(&hdr) != 0)
+ if (validate_xstate_header(&hdr))
return -EINVAL;
for (i = 0; i < XFEATURE_MAX; i++) {
@@ -1181,7 +1205,7 @@ int copy_user_to_xstate(struct xregs_state *xsave, const void __user *ubuf)
if (__copy_from_user(&hdr, ubuf + offset, size))
return -EFAULT;
- if (validate_xstate_header(&hdr) != 0)
+ if (validate_xstate_header(&hdr))
return -EINVAL;
for (i = 0; i < XFEATURE_MAX; i++) {
next reply other threads:[~2017-09-24 10:59 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-24 10:59 Ingo Molnar [this message]
2017-09-24 10:59 ` [PATCH 01/10] x86/fpu: Introduce validate_xstate_header() Ingo Molnar
2017-09-26 8:34 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 02/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in xstateregs_set() Ingo Molnar
2017-09-26 8:34 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 03/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header in sanitize_restored_xstate() Ingo Molnar
2017-09-24 18:51 ` Eric Biggers
2017-09-24 19:02 ` Ingo Molnar
2017-09-24 20:08 ` Eric Biggers
2017-09-25 6:07 ` Ingo Molnar
2017-09-25 6:14 ` Ingo Molnar
2017-09-25 7:20 ` Eric Biggers
2017-09-25 7:30 ` Ingo Molnar
2017-09-26 8:35 ` [tip:x86/fpu] x86/fpu: Use validate_xstate_header() to validate the xstate_header in __fpu__restore_sig() tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 04/10] x86/fpu: Copy the full state_header in copy_kernel_to_xstate() Ingo Molnar
2017-09-26 8:35 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 05/10] x86/fpu: Eliminate the 'xfeatures' local variable " Ingo Molnar
2017-09-26 8:35 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 06/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header " Ingo Molnar
2017-09-26 8:36 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 07/10] x86/fpu: Copy the full header in copy_user_to_xstate() Ingo Molnar
2017-09-26 8:36 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 08/10] x86/fpu: Eliminate the 'xfeatures' local variable " Ingo Molnar
2017-09-26 8:37 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 09/10] x86/fpu: Use validate_xstate_header() to validate the xstate_header " Ingo Molnar
2017-09-26 8:37 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 10:59 ` [PATCH 10/10] x86/fpu: Use using_compacted_format() instead of open coded X86_FEATURE_XSAVES Ingo Molnar
2017-09-26 8:37 ` [tip:x86/fpu] " tip-bot for Eric Biggers
2017-09-24 18:04 ` [PATCH 00/10] x86/fpu: Split up "x86/fpu: Tighten validation of user-supplied xstate_header" Linus Torvalds
2017-09-24 19:01 ` Ingo Molnar
2017-09-26 16:28 ` [RFC GIT PULL] x86 FPU fixes and cleanups Ingo Molnar
2017-09-26 18:17 ` Linus Torvalds
2017-09-27 7:40 ` [RFC GIT PULL, v2] " Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170924105913.9157-1-mingo@kernel.org \
--to=mingo@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=ebiggers3@gmail.com \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=riel@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.