From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 22355C433F5 for ; Thu, 24 Feb 2022 09:17:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=78UWvBY86uZnLGWUq/X0RTrVLpaNj889UmVLv+KIwTg=; b=0c7u5i+2qWQ2vb izX2LKkLh2H5jnlxC+4NyB5WzpPNw+cZsm2DOYi+A6XfkaJvHQwDUrGhY5Z9jcDUVQiQLeCv+/+Po cC6X4Nz8RZzgPETiN0cO8/QhYXMiedxGDnHnyV42NGi/glAE8zbf0KhGJUK7lgmB99ZBAuZ7PQqTY DTDpa/Da0KtKEAdrTHBVH+oqnjuaHJ1VHaWQQAZVX8n2ugvxbhzXdZdr9kCaaV7Gk7mBJEVhw+GQV +hpmvVGAfXTWSKoxz2HTdhXf130wJq1wTIgZ5sawS0xHl8lFQAF4cBTjNWRPm2+YqdpS7Z4RYoT4H nBUm0IQQEqPVFIjKEu4Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nNAET-00HZI4-6k; Thu, 24 Feb 2022 09:16:18 +0000 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.85.151]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nN9xD-00HQBk-No for linux-arm-kernel@lists.infradead.org; Thu, 24 Feb 2022 08:58:29 +0000 Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-216-yFNLSyvJPDmN2lh--r6gzg-1; Thu, 24 Feb 2022 08:58:21 +0000 X-MC-Unique: yFNLSyvJPDmN2lh--r6gzg-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Thu, 24 Feb 2022 08:58:20 +0000 Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id 15.00.1497.028; Thu, 24 Feb 2022 08:58:20 +0000 From: David Laight To: 'Kees Cook' , Matthew Wilcox CC: Josh Poimboeuf , Andrew Morton , "linux-mm@kvack.org" , Muhammad Usama Anjum , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linuxppc-dev@lists.ozlabs.org" , "linux-s390@vger.kernel.org" , "linux-sh@vger.kernel.org" , "linux-hardening@vger.kernel.org" Subject: RE: [PATCH v2] usercopy: Check valid lifetime via stack depth Thread-Topic: [PATCH v2] usercopy: Check valid lifetime via stack depth Thread-Index: AQHYKUROaYEZJJ15GkKlMpPMpHZgQKyiZK3w Date: Thu, 24 Feb 2022 08:58:20 +0000 Message-ID: <85d42900efaa4fdb8c20de2147d938c7@AcuMS.aculab.com> References: <20220224060342.1855457-1-keescook@chromium.org> In-Reply-To: <20220224060342.1855457-1-keescook@chromium.org> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220224_005828_058509_0BA2B05E X-CRM114-Status: GOOD ( 17.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Kees Cook > Sent: 24 February 2022 06:04 > > Under CONFIG_HARDENED_USERCOPY=y, when exact stack frame boundary checking > is not available (i.e. everything except x86 with FRAME_POINTER), check > a stack object as being at least "current depth valid", in the sense > that any object within the stack region but not between start-of-stack > and current_stack_pointer should be considered unavailable (i.e. its > lifetime is from a call no longer present on the stack). > ... > diff --git a/mm/usercopy.c b/mm/usercopy.c > index d0d268135d96..5d28725af95f 100644 > --- a/mm/usercopy.c > +++ b/mm/usercopy.c > @@ -22,6 +22,30 @@ > #include > #include "slab.h" > > +/* > + * Only called if obj is within stack/stackend bounds. Determine if within > + * current stack depth. > + */ > +static inline int check_stack_object_depth(const void *obj, > + unsigned long len) > +{ > +#ifdef CONFIG_ARCH_HAS_CURRENT_STACK_POINTER > +#ifndef CONFIG_STACK_GROWSUP Pointless negation > + const void * const high = stackend; > + const void * const low = (void *)current_stack_pointer; > +#else > + const void * const high = (void *)current_stack_pointer; > + const void * const low = stack; > +#endif > + > + /* Reject: object not within current stack depth. */ > + if (obj < low || high < obj + len) > + return BAD_STACK; > + > +#endif > + return GOOD_STACK; > +} If the comment at the top of the function is correct then only a single test for the correct end of the buffer against the current stack pointer is needed. Something like: #ifdef CONFIG_STACK_GROWSUP if ((void *)current_stack_pointer < obj + len) return BAD_STACK; #else if (obj < (void *)current_stack_pointer) return BAD_STACK; #endif return GOOD_STACK; Although it may depend on exactly where the stack pointer points to - especially for GROWSUP. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales) _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel