From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751794AbdGROgf (ORCPT ); Tue, 18 Jul 2017 10:36:35 -0400 Received: from mail-sn1nam02on0042.outbound.protection.outlook.com ([104.47.36.42]:19088 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751596AbdGROg3 (ORCPT ); Tue, 18 Jul 2017 10:36:29 -0400 Authentication-Results: spf=fail (sender IP is 192.88.158.2) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=fail action=none header.from=nxp.com; Message-ID: <1500388566.11612.74.camel@nxp.com> Subject: Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return From: Leonard Crestez To: Thomas Garnier , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andy Lutomirski , Paolo Bonzini , Rik van Riel , Oleg Nesterov , Josh Poimboeuf , Petr Mladek , Miroslav Benes , Kees Cook , Al Viro , Arnd Bergmann , Dave Hansen , David Howells , Russell King , "Andy Lutomirski" , Will Drewry , "Will Deacon" , Catalin Marinas , Mark Rutland , Pratyush Anand , Chris Metcalf CC: , , , , , Octavian Purdila Date: Tue, 18 Jul 2017 17:36:06 +0300 In-Reply-To: <20170615011203.144108-2-thgarnie@google.com> References: <20170615011203.144108-1-thgarnie@google.com> <20170615011203.144108-2-thgarnie@google.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Matching-Connectors: 131448621780670682;(91ab9b29-cfa4-454e-5278-08d120cd25b8);() X-Forefront-Antispam-Report: CIP:192.88.158.2;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(336005)(39400400002)(39380400002)(39450400003)(39410400002)(39860400002)(39850400002)(39840400002)(2980300002)(1109001)(1110001)(339900001)(24454002)(377424004)(189002)(199003)(45074003)(9170700003)(53936002)(77096006)(34040400001)(966005)(54906002)(6306002)(104016004)(4326008)(33646002)(50226002)(69596002)(47776003)(38730400002)(5660300001)(498600001)(5820100001)(6246003)(103116003)(229853002)(356003)(305945005)(7416002)(7406005)(50986999)(76176999)(8656003)(105606002)(189998001)(36756003)(8936002)(106466001)(23676002)(8676002)(85426001)(2870700001)(626005)(86362001)(575784001)(81166006)(2950100002)(50466002)(2906002)(99106002)(921003)(1121003)(473944003)(414714003);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR0301MB2120;H:az84smr01.freescale.net;FPR:;SPF:Fail;MLV:ovrnspm;MX:1;A:1;PTR:InfoDomainNonexistent;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjFCRkZPMTFGRDAwNjsxOjQvaTE4cEUwaG5heHdwWkNkdkwrWGJLY282?= =?utf-8?B?NEJwa1RHdzZTdmE2c0pPRUpzT0NWYnFseUV5V2IzNjIwbHNOeERTdkRmZC9l?= =?utf-8?B?aCs1bW9TQWEyQTQ1eUpWWWNJaW0vQ2QxNE5iMWFqaE1uYTFBaUxUUDVYdEQ0?= =?utf-8?B?bncxeDNuMEppbG5WTmRkaHd5Q25Wak1pdDE3VGRKOXk3UUwzcjFHKzBzb2ZM?= =?utf-8?B?dXdJYTBEZVlVamcrL3BrMjFMa0J0Q1kzOXhtdUUvOU1hVU45MTVSaFdCek1E?= =?utf-8?B?NGRpTVNsYjd1eThWWDR2K3JreHQxZ2lXN3Z4NWtEWDNnU0RtZTR2TjBydmx6?= =?utf-8?B?L1hhMnlSb1lzdHh6dmJNblp0L0tabHhQT1Jub2FhOVpEaTNNd1FnU1pwOEY2?= =?utf-8?B?OXVISUtvOEhoaThRcHk2b0E1eWw0c1pYZnp5c1o3RFBnRUVGeGwwNjlFRjVr?= =?utf-8?B?TzZ5eFBScVJLdGVjNkNLVDk1UFI2eHNITnJWYWxNZ0dIbzZkeHFJQ2N1eXZT?= =?utf-8?B?aGN5akxOZmJPU3RnVFpQUG5YN0Q0Q210b2w5MU9teVhSYWhoR1Z3YXYvODFR?= =?utf-8?B?VHpJb0pLYTgxSmVQVGtuVDlzTEg4eS9JRFJuS1kvYThyOEVRTkRJZm94dFlK?= =?utf-8?B?TGFPaXFwWU56ZkloVENEU09PeXZTYWp4cUx6U1ZWMkRnL3dSSFJlV2FTWjRU?= =?utf-8?B?WVJMT2JrWUhwM0gvMyttVStmb0JHUEdCNlFPeUcrT3l4WllCWXlvcFR1TytS?= =?utf-8?B?ZENGcTgzYi9CL1ovaktVTHo0T1NBVWRXQVNaQ1pWb1p5N2ZLM0RZa1IzbGEr?= =?utf-8?B?MnA2YUVFRUJzME9CL1V5YW9lbWpZQjZJQ3BqeFA2SldiNlUrRjV2RkVSTU5I?= =?utf-8?B?c0FFTFFqNDlUNmtFUGZYdlR4YVNtS0hiUm1UeklXaUIwc1Y4MFBUWmNUcUE5?= =?utf-8?B?ei9aQkpnQTdYbHFMTTg5VzZXOUJmU1RZSGlVdUZmVEd1WktNbnNzbjVlRitu?= =?utf-8?B?UHowb09Fak1rNFBUMjlZNWpZTUVlanA3VlV2TU1ROFdRSzNpZkc3Yml5YlN0?= =?utf-8?B?bTMzampRdW9NZmN1Q0xrcElqVWxWRGNkYUtoU3lGOFF6WHhUR3dyR2lNb2xs?= =?utf-8?B?bjZMYzdUdDVZZ1ZoQS81ZzBHL0g5cUpOcWl0ajh3OGZuYmNKYXgzQTNQRy84?= =?utf-8?B?Vk43NmxzaElkNUZQN1A2ODdZcGFsSlpkcEdSOERLUkpoM21LMVNOV2N2UnVh?= =?utf-8?B?c08yeVpZbkNGQWhEY2dtUGtLSWh1OXlGVGJhbEp2dG5qK1B4RDMxQVpqeWVj?= =?utf-8?B?RkVxM1lFZDY3cWlIM0lERVl0QmROOXcvcndrdmJ0amQ2ODNTNThjTXp2a0Mv?= =?utf-8?B?VkdXaEptVWhaRk10N1hEMnJWaHV1OHdrRkFjSHVuci80ZVhpaHhiZHkxZUNC?= =?utf-8?Q?6GtpepXo5XEQuiGlOB/6Jyk3v5g?= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 584686c2-ae77-48a8-377a-08d4cdea59e8 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603031)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:BY2PR0301MB2120; X-Microsoft-Exchange-Diagnostics: 1;BY2PR0301MB2120;3:QlRZLGXaAuewuBzvx+PFR8++b2DY7qopR96VOGvQhUWDoEXWFq0cN1e6bXgOcGMPvPBvEKpHb51gngX/KOaJDJ4K4IeZSWJDrcsRovZF5OE7Ul7KGwFV+3Zv/FPCTIKTdfXHUI+p4chnVc9WK1a/+5+9dMCz3Bhf2aCP++p5+7NR2RnWg2akmgQLxz31YNPJ8ntBj9Q/W6khvvUf/SCrN1LNARCVdYG/YLSLhFtRktMCr7NJbBuiFfc9wTnIUspx55Yjcyq3oaY3SRHHMD6E6eykhxWxoEGRie3skP6IApNdpBviyNTvL/zHKtH8KdetjtIFwTyh22Hv8qP+N+g/PUOrlHSBvMFKjzdfjCwbo7DTH34mGTNAGsktviJAbZEbw4ad5S4VCi6/nhJ6VNvwzMclMpgHYPNdC5xYc8dTcb2PtO1+MsFzGswDU7gw++euUdu+WpxLWz7H3GupvsMGSU48TQNtaPnXlN0L19wbhd5oQZCMi7+0c/LPR1+WM8h0aX5a1R5Bcc2P3N8ylEmP6YuFvMspXLeUiS6YtVK17wvVMsk6kR+OzBBh5z7VdyKcMPMp2mrUCI/cIfTqZ1HqMyumnRipVEMVL73Cuo16/igTYE+61pbCq8avAHd8LWR1QSctKD5NBliX3IgV7iEXE6AvygF5I9CLEUHoOHmo5RdSpRiI9KuWm22WfadlMi6YnMXzLRpHpbsnXp1ZOs5QCA3POd6tbc7gnBTBpluUXTujze5ecGD8Xfl/YKtpd2fBwcUEXwz/VMPaaTwVZUjXvvSDUgBqpIJvljrnXTXKf258nKbPsk3V1UBvIew4EMAe6dAiCqF/Mb+4noD4QsY1zVJbEsbttEyqii3Vyhp5kQqUzv42mYDOhV1K4DM6eQ8l X-MS-TrafficTypeDiagnostic: BY2PR0301MB2120: X-Microsoft-Exchange-Diagnostics: 1;BY2PR0301MB2120;25:hbCxQo2xZUTo22gnhNHToUOW/37kuV1XIfkgjOIjtkJoyR5E1DyAgm1hBKo383gZEYGx5zXanx9g9ZuRLRf0aWOI5R5+OUZrUaEPMBQRTe8N2l3Cfjq3OCPYqS15R2cK/MYIIlf+DmMNUO9LLxVAS7WecoDggsy04gI2Hzg1kLjyQe1brcQCx5QiumM9vUrGAq7vM4HCoPRplEv2rgyIkskj0h9+D923f9T3JjM3GUSUnYBJ41abs7JOhdXmNF0JgwHiOpwH0wBvX9CENsOEY1/ehOigNxp9aiLYTIOtrewP+DGMBLj2rrRtl5w1Bx2D8o+VYBlcqlZFw7koOVYs/k0V4zpFfMa4g0zEvbhL+hpAYuUSOqvOr8sIlcbk4VwwRiInirirRtRD2gAt+2e11GqBwmkVUaMM6KnpzU+PL38wTv5Gwki8Uq0Sdqxm5/kgAQWhioOfA1YA/0gReIadDS1NryrasJAjRR2V7pxRp/doB5WKHvARGkzSS+wiGl33qMLMBprH4a/hcdjKkcdq2R7IDueNfgb4iQwiXLJZgjk2Mr/gM2MUOybKK+y9oSpip0q2bqzTsWgCFAjAJqzRz4bfFf7ivUb82ncCe87LRh3FFeOr7i3DtchuvR4QSOUc1Oe2CXHG8XJjTmEXSKDEkGhJWYqlHyo0kbZhyZsRtsTF5dJkkmVJhGlKgllLMXXteajAs9pQh5y7HvNQ8UaPNXT3Oy01r2NAbnCxMNPXFMvu6oxmGPKLN5vfnzJ8vOnnVA9qX4OpIGluSV2gq9u2naWRujJGD7biTKciU5Wlxyl5rIe3fO5+F+5avsH+kH2Zm3mMR2AOkitbANftP4MAR92hEi47sT0wZ0R2yIGEzAlIdcehc3b+CvGp62PZCWXBNfHCD1wj5OmllGo7yxeJwM/o2vGq5LxlHl5BhMm4DPg= X-Microsoft-Exchange-Diagnostics: 1;BY2PR0301MB2120;31:oYuj2kI7YlJvyTrxfA67Oz+HqR6+1+DrZvpwdFo5lf8QVqyxgto1rPjoO9afaRgOLtw5ss/gWedxEEd6l5ZJdP8JzywwOGtnvRclgBK71za6WBXojL2nn6ZOoMNC1YWRNk1bjKVKQxY5uikstAnvbhS7sSBV5BJ9w/vtcANJhV8Yugt/G5FP8pYG4tWo5U4mNIorfJzqsnO+CSvG/nZ2ufmHNPCSVYIRBPASBzW5VUfsROkiYwlQDxOrvNGtQqy74jFyFzrVyZuDtDjyjUuW6DX14H0vXf+uBo3OXQ2ttGjGbIEH68D91IpDCyYx+hTbkGNWb5ABUaJyMmw/GHdsCbV0dQbh1p6GcTQYq8Raffb6EPpdICiGi8tQeGu7eQdmXD4xqqt60OI+JBQiV0/T3mSPEP+2SaKM0WutYKrWhMe3Z7GPKi5ShiqUXRoPVRbVv2yChnlOSFIsex2/Hu7MckA/mrPf/FqfIw2ymomk15+fgPdoQ0fGlwSphK8PCZs/4b/o61CmLr19g43HFZbjnV+hBc0rJJHo+1SlbB58TtcevqIzZ8y9E2l3XSkRMR5o/z5niVWaRkUZbMr6sLLCZB+kXBY6Ok86+NMaiFencW8hGVvlnpIR8W8K9lR6At1wq6ciuhzuaK80nsnXjC67CJlfDbI8VkUYp94aAwfzGtzcUIxxAXaBjvkYRqlph3U2gf3bTUxjg3XVydxG76Uf/w== X-Exchange-Antispam-Report-Test: UriScan:(236129657087228)(211936372134217)(167848164394848)(17755550239193); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(601004)(2401047)(13016025)(8121501046)(5005006)(2017060910075)(13018025)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(920507026)(6055026)(6096035)(20161123561025)(201703131430075)(201703131433075)(201703131441075)(201703131448075)(201703161259150)(20161123556025)(20161123565025)(20161123559100)(20161123563025)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:BY2PR0301MB2120;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:BY2PR0301MB2120; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjAzMDFNQjIxMjA7NDpoODlESWc4R21FQW9OemFEdW0zUEQ3dzBU?= =?utf-8?B?VWZ4VG5adXJRTmRWU3RvVmw1d2VXeno5MExWK2dUMW9tS2N1SXJtYnpkZDRu?= =?utf-8?B?Q0NxTkNOT1RSLzIxQ2ZSa2xzbkMya0ZYZnJyRzl6OVpjV3RubnNaS08vYXk0?= =?utf-8?B?V09sMXRFOGg0eHVEeGp6cWlxaSsrTldpclNVOFhQUCtFb05UMkVIYXRwNzlm?= =?utf-8?B?RDQ3b2J6eDlIMWJsdXE3S1R3MlVOUWVGWUloVEVKWmdiMnNQenNZdWZiMVhr?= =?utf-8?B?MGJ3djFiajR6eHhJTkFJZFJVU0tKc1p5ZFIzV1RBUm1OeG96NkE2cDIwdS84?= =?utf-8?B?bkxGbFpuaDhPRlM4Q04zQUU2Y0t3bXpWRWJuMEg5Z0doWi9ZbTJjZDRGeFVN?= =?utf-8?B?dXlLZ2V2Y0dDN0cwSG5PT1pBazJXSUZOWjBibnhXSHp3bE4xMFBNMXM1K3NL?= =?utf-8?B?MkZwUHNZak9uYTgwc0Rsc2s1UmZNRkxqelRNTXNYWlNMNUZudVVjTWFyRFVU?= =?utf-8?B?cEJobUl0NnRDS1lESFI2TjNObmtDQWRHUlAyMXUxc2pQZVpLdVVud2FkaEQv?= =?utf-8?B?cXpiWFNPcEtLSGN3SVovbUtSMHdkNW1KUDQ4Umlma1pCVHdYSWIwQ2xnMkU4?= =?utf-8?B?LzR5S1FrQ0t4MitrQ0RUVVBzVGdjcEdveThWMGhSL0JYc2JrenU2M0F0YTI2?= =?utf-8?B?djRoL1l1amFEb1V5aXp2UW1mVjZsNXVaenVNMHNmZ0ZrdWpzNU1zNGNUaTdI?= =?utf-8?B?cEgzM2pZZVJvV3NIWFA4VnJ0dUI3c3lwcWJSTXZLNzYxMDlRRGFTZGk2V0RO?= =?utf-8?B?Y1JNMk9NTTI3cVFhK1RnQ1lqRDlkclpxSnVzQUFWdFlwNEpFR1hNSkdMMVM5?= =?utf-8?B?WlQwc1QzcDdsNi8wUTF4S3JpYjFYc1ZnaytaQ0YzMVBOK1RnT3FCTWhCOGNI?= =?utf-8?B?RnZEelRmNEpmczhKS2I0NG1YU1NIWXdIdFRydldubmpGWSsrTUJtL0NaZ1Zk?= =?utf-8?B?S3V1KzF0UmpRUzlmSEVoaDV0bDlLQ2lQUG5Hc0hLaWx5cXJsUWZTZ3FPcEFL?= =?utf-8?B?WGxKbmFUMDRZZ3IxSU11WkIvTkpsd3AvK2cvSFBra1UzUXZGUFVzS1cxRXha?= =?utf-8?B?RUt6d3d4L0NZaVhib0NCTm5sSXF6NVprL3g5My9SRzJlTVVoTWRhL2Q5UCt4?= =?utf-8?B?NFJkUDFGVml5R1FrZXRrTmQ1dnlhdW1FdXNndFZJNkNOVFc4QUxFSi84aEhH?= =?utf-8?B?aEZUbnd5aDVKZWt5TmZSOU91QlY5YU9VV0o4RGVibDRrZFM3QUwxY3V4UUEw?= =?utf-8?B?THBxcFBFNHN4QmRtY2dWYS9KT21XM0lab1QyMnpQVExVS2lxYjZYSnFsVzZN?= =?utf-8?B?VzlPTUlhUFJ3TFdnanlyQ1lLck4yZThDNUduUGV4MnVoKzlKekx4VExJTGl0?= =?utf-8?B?c3kxcExiTzgvZ3JoYXJqN3hjVit3cU5nZWF1NDB6RVZHUmh1K3ZlZEZBaEdO?= =?utf-8?B?eXBmSTQ4NWtyRnRJbDNrbjNWSGhFUkgxUXc3R0p6alR3eHFveXJkRHpBVTNv?= =?utf-8?B?WlRYYTJnc2JodWYrWVFtL0p0UDFVMGZNL3d2WDJxOEk5NXo2SDRlamxFYXZH?= =?utf-8?B?VmpWdEpOTHZ3NGltdEFTVGY3bTF2UEdIRFVxTjN5UlRwZjNySGt6a0ZvYUow?= =?utf-8?B?QzRQRks5cjQrbHp5M2pZRVhud1FKVGZtdXprNVFiZjBjK1RrdWdqWkNVNTFo?= =?utf-8?B?MkhJNWZvZDJkUkVsZXU1anFRaEdGWEpDQlF4STY3MGIyZkhYa1gxOEVOa1ph?= =?utf-8?B?ejcxWVkzU0hCc1F4aFJpVHlWUnM0aE1GWStxVGtrSFM1UHIwdlowaDJhRlRJ?= =?utf-8?B?Y3cySGZqSUYvUWMycXRFZEZYS1ZGa3NveXNtSkZqNE9SVThZQTdqYkhsQkxM?= =?utf-8?B?MUt4U2x5a3hRUT09?= X-Forefront-PRVS: 037291602B X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjAzMDFNQjIxMjA7MjM6RWx1N202ajlaTlEyVG5XRm5XZC9uRndC?= =?utf-8?B?d0dDZkJFL3IvYjVJSnJLZi9WSnJYbXdmVEthaGxBRUVZRHVnQkpWRG94ZVho?= =?utf-8?B?Smo2TXJiSHpRMGpTb3R5ZzBnQkJOZittcVgydVVxd1dpeTFGa25OdmcrTXJE?= =?utf-8?B?b1NkcERzMGI2cVBrN0NHc3hOcTNqVXVwM2tvQ1cyc29XalpETUg0cUQreUNp?= =?utf-8?B?UGRhc2laQzBKMG1ZMWNpcjl5UDJ6VGVLTDBDU0lFeDlZNVAwQW9VSFVHdmg0?= =?utf-8?B?THdXbUpZNC93K0pDZlRNWVgrSmYrWVR5RCtKTmpxWkdGci9ybmZQL0pobW5C?= =?utf-8?B?Y0tuL2h6UXN5Tno4UUpSZVcrM0o0VjRLV3g3NElrcmlsVDZjY1VFdGtzSXBK?= =?utf-8?B?R1BaR1RCeUVRZ29QNENlcGZ6VENGeFVlbi91N3d1WkoxZFZqdnZPTklUcUts?= =?utf-8?B?VFJoYUxRWmk3NXdUSFhCZnVjNjMzNUF2c2tvbElYR1g4U0h1L1ZYZTlKUld2?= =?utf-8?B?aFkwQUswc2FYeU42dXJmOGpXc015eHRZSHBIN1A5aFVtWFQ5OURSTldLeWJ3?= =?utf-8?B?Y1grTThCQUx2SUpzbXgweUxMc1VXSmhReDhvbC8vZkdLZHV5L2dkZnNkVGtU?= =?utf-8?B?YmJCcEo3Y1pGV3E3cmNOd3M4RlBuaUtSWGJEaWtIenR6eTRyTG1TVnYwYS9M?= =?utf-8?B?YVVYTnFUY0l4TmtVV2J5enFxbW9Gbi9TMC9KSHhLWjMwcUF0a3dvUFhTVTQy?= =?utf-8?B?QWlTSHVEdWhibkxpUDF6L2RlVE9DcHFjK2h5T1NpcWdKZGJVTldlZmhQT1VI?= =?utf-8?B?QkFsK2FzSVg2ZDZEdGlaRjEwSTFIR2EzQ3g0V0dUR2s5alE2d054QjhCSXF4?= =?utf-8?B?YUlpVXV5aFdDL1JJMkEvalo0Y28wMjExT0FNZ1ZxeHVnb21YbkFYVGlBVWR2?= =?utf-8?B?a3hBTVRtbk1BakhOdFNRL1dsdXQ2cFF6ckhuMnhhTTVkdWcxSFZsNEcrNTFM?= =?utf-8?B?dVNaKzJqZ05IWlBxVGVFVHh3dWZMVEUvR1M1M1IwS0w5emtoUUxoUVhncTRh?= =?utf-8?B?d0grdDRvSnJtM3o0bm9iUlk4R0dERlV6Y3daaER3RHNxMU53dVAwTHpPT29M?= =?utf-8?B?Yy80SnBrdEpYUExMeXFWbUUvN1MrQXc3MDZMYzlxMUlsckRrMThVQWNrZHYz?= =?utf-8?B?NWttL0l0eTVUUWh1RFJPQXVWSTloTmk2ZUQ5ZjdRM1BpRGFIUitrQU90UkhF?= =?utf-8?B?MEtwZnNZNVBMYk5lWjhyR1NBYTFadHdNT3ZadUh6UjhrbnZCQ3JRVEViMFNi?= =?utf-8?B?Q2pzdlFRMDNMcFdTeW5ScmdELzdLbDd2VHREeCtaRklXbFR5TGg2ME81TG9P?= =?utf-8?B?dzIvV0xWQjZ0NW42T2JadkVPdEJOc2JvVGtYdUx4bjYvKzgyYVpCWnY3T2hu?= =?utf-8?B?NlpXZTFXOSt0STRJR3UyR2grbWxJOWVyZlV2anlGbi9oU0tNaXk5ZWJ1MEZ0?= =?utf-8?B?aUNYdDMzZm9ZNzVJSzlFQjdiVm8zODZ5RTMyRmJNT0MyTVFLaHRsMTFVOGlI?= =?utf-8?B?RzdTMnVXdzlhRFZyM3J5VlRFVWtObW1sdjhpeW9maXJEQ0tlVTA4NzVIblox?= =?utf-8?B?WG9MUGMyQVgxMXRrNE10SWhFMlFpbS9pdE9rUXRaTFJqSDVWS2pKMzhKQzMx?= =?utf-8?B?UzQxUHFvell6dU1hUGxPMkt2RkxmOVZNaitnSzRnYTk3cUdFZGxVUGQ4b0ZM?= =?utf-8?B?VzJPS3RWNHllWHA4TWxjYSt6R25WVHVZL3V5bVVlUFpac0kvWUs5aHhFaGIz?= =?utf-8?B?M2xnWk9PbEZDYWdmREx3aTBGb1ZMWGFTY1hqUElYajhHSXVMK2kyeERYdFJP?= =?utf-8?B?aFQvU0NybzZZUlVXS2d1ampLZmhPRXhVYnNiamJReCtLVndqWHBJT2loY3JE?= =?utf-8?B?YmpjTVl2R0g2bFpST2pUMXFrWER4RkFEYzNGYVlvVVh0cW4zYTE1Y2cxNzZo?= =?utf-8?B?Rmhzc2I3TjNHUDF3OXMxeEdkYXFGT014N1NWUjN1bVJhNG9NeXVsQ1RuR0Jx?= =?utf-8?B?TmpXWHNCNTRLdWlReDNuUE4zZld6S2VIL0cxL3hJTEJuZ3R6eml3OStpTHZ5?= =?utf-8?Q?+y1ImXBq5pPQ//WsG7UiFXBo0=3D?= X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjAzMDFNQjIxMjA7NjpsenpTR1I4QUllUE1xbCt2anlnNEViQ1Zw?= =?utf-8?B?MHJaZGgyN3dUUEw1bkFRajNSNllqdGtTblphZGNxR0RuMG9UZ1BpcFJXWFVj?= =?utf-8?B?RE1sVjlnMkh4M3FodHFycTJuVWJGdUl5cUNCeDQ5RlVVUXBvRHBBMm5lVENj?= =?utf-8?B?UVpUS3VSZmxhMDVsNzFkRUZKR1YvK1RDVlorQ2NlbWZyZnpmN0gxVWthMVZE?= =?utf-8?B?eUhMdHZDeldzSjZZNnR4R09WSXdFRlhPZnpJNktuR3gzbnhycktwSDZCV1FU?= =?utf-8?B?MkdydmNwTHdhWFU3VUowZ2JKYlFZK0hMR09RKys2OFBGK0hub1ZLY25WQzFw?= =?utf-8?B?TnZ3clh4QlE4T0JRMm9qOVNzWlpuaVNCek5oQmt6bGRJTnNDT1hqMGRwM2ZV?= =?utf-8?B?cEd0dlRBUXcxekxvZEUvL1ZveWtWRmhRRm5LejVFbDNpa05zVnVRRDZhOUg0?= =?utf-8?B?aW1sTWhaanhEWGZxenpFbjhwZkVTTEpPeTFDRTdtdWdjalJqVDV3ek1RNCs0?= =?utf-8?B?RXlMYjdnRStzQ203MHVsb3RVcmFVVWREVGR5aXE5aWxRb21xQzd1a3MyMG1O?= =?utf-8?B?TDFBSy84cytVSjV0NDRFTzd1N1Bib3U1L29kY2U1MWcyNmJKcUpXSGl5Sk5M?= =?utf-8?B?Z0JjZUpuR3dxcCtnUVFNV25TbDZsNmVBTjF3YUdGTVdmVGRlQ2R3c1MyWGh2?= =?utf-8?B?NDFVUldMdW9tckVnak41S1NLY3JGcUZsMGdVS2pNY285MGVBNXgxc3NWTWxx?= =?utf-8?B?YTU4Zmg1MUYwY251Q3JPSG1HQmhQRWZOR0kzUmRITVB0TlYzcTZaMVR0aVNh?= =?utf-8?B?M1AzWUlMbnN0eFJVL1c2aVZZOWJlYU1GS3lmM0c1K3BEQXVMWStXc1lOWkVU?= =?utf-8?B?Rm1RL3JQOUNvcmRNajl6UXVpS1lpdUZ6RktjZWxEQXhTdm9FcDBLYkRldEdH?= =?utf-8?B?Rk5EMGJUaVVXVlNWVWxnLytzN3VaUWFuVEo5Wjd5TytYTFlhUGdFMXRjYm9N?= =?utf-8?B?ZG5nYldoTUJPTVl3aWtmdnZ3ZTJwbW1zeGFPY0Q0UkZYY29TeW5qQU84d1pQ?= =?utf-8?B?S3NvQWRKa21wak8rWDZvSFBUOVV3M2ZrSUNzWXk1L2I2SnYzSU85dVNaVHlj?= =?utf-8?B?dG9BcVlCRFdWbjdIcFhiVzhTdFhIbVFNTURPeEwrNUp4Sk93Wm5ncStJUG1W?= =?utf-8?B?NlBWdmY5a3dEKzRIb29hd0FDc2NYR0dVRVZCL1M4LzRsYmp4aDlWdGtWRGsv?= =?utf-8?B?MHVPR1JjNDBoM24veGRTMXZweUFYQTFCUXZNcE83eWJ4a1NFd3dHSXRoRGZk?= =?utf-8?Q?as3XHrA28xHCSy//PNPxO1SHkB+AwUmAQ=3D?= X-Microsoft-Exchange-Diagnostics: 1;BY2PR0301MB2120;5:mSuvYynXbj26vyJFqNRqcSBIZ9vH2V4yxEoxC6nuT2wa/umY222xniEu2navxOiM8WZpqWIY78mrAbXcM4qkica5SRyJsbgQQH79kJES/+rQ2PuDmu6Mwy8wFgiKOrb848x5XJU7FJjEhQX4/HM0HukWYNr11xVu9OTiALzCYLrq92cvbhfsy92WMFbwZwp6xl5jcKvfWkp8Ul1+N1EbF9dMqVtxId2iyvZI6u2vPW1dH+MorO6XG6Lwb4Ig7cX8/w7cfLQNk39cSMvB0e8yYB3iOalcdszglg5bI6o6Hc5z6OtVN5OE7fbHldE0/r1jOivqTdkrxR/vTOy47UIxc91WISLJitBuRRy1NieUVTHPSCN9hoHihjAoEBevh+DA2DEeg+iiMosoVqw+SR/QZXUt8uq+0ULE9WNFqy/Kp+/5wgnlTc3y9Sg0LNeLsMYJB7WxWkWzj9smqW7yUepBemULslv890wC50HcrX3ocVOhJJMXb885otKMk5x5/1PZKiCp6kT/T+k9iZBRjdL/Lw==;24:+s6HMW+jhB4wxCulR0qwINgLse4euCJVM337pXCquQhOrgeFLLwHnK57CWuz7iUqicKXBfpqzX83XR2rnTnSAVVj7mGTG0o+g0XDaFcNwpc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BY2PR0301MB2120;7:Hn97I79MMWmNZ2QGB4QiFmHfX21/UU+J224ejwEz/MMIeejRMUyprVdOclbtxyOymap/uQbMGopyzpHktku2IukXTlvotA8cayP2S0JxYQ/F4T2o7kjVrGdLoXaq/sviNGK7jHK8xhXyUwWJrpeH2mYx+dNwiT3p+ntRJj5AueHM2y6ij/463YYUfDUd2OFyHbMbPC0Gr2znxzcBhEzfT49f9/3yFnWKDMSk1KYSXh0uYYTDqslm2t6Gtgk60r8g62qm3tFDRWEKgWhpWxpR92XaV+bBzmE5htdxYyeLZF5+0Mmw8KMv3H1Legn+QZAWlih62LTZnn2nbCHD6rj14Pu+Iu+bIfHSmbGCf5exERTaLUCMhTgI3yWlah2HeZFGDnhI3LZQQtBV06gl26gKV7uj4zSjgwQDjChk/Fmg6hcZ3i6K7pStaItIP0uzRtbOtEQPmaJE/65zE7NbZGnTMFwHr9DzHqWiN2ST8ghv1DezyzziaGfrsb2aCdHEgv6OuFR1kNazhQD+KEoRI4K8p9mcWdyy6dvPgwy+CXf3Zsx8N7DnzC7o2aUWapQTqk8KYxbLA8KiCQ5+ksJ2lcaRu+/3+Ueqch5tanh8oj8gpjKYG8V69Qa07u3e3xSuvHNTDQ5sQPBntFsznPaFxeUh6mWfuF+ndv1KSevsosfcZvW4LRruCU9Gu/p4ETLQYMo2vtP2yKRkrWzSPuEHu5aqA0milcfqEVRg/2SN0nlQWZCjwfHgzDPTdZO8k9ccLwBQBejW3maU9NHUEi0jwTaTHdafhVNbyUP2iz9T2+bXKmM= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Jul 2017 14:36:17.5054 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e;Ip=[192.88.158.2];Helo=[az84smr01.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0301MB2120 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: > Ensure the address limit is a user-mode segment before returning to > user-mode. Otherwise a process can corrupt kernel-mode memory and > elevate privileges [1]. > > The set_fs function sets the TIF_SETFS flag to force a slow path on > return. In the slow path, the address limit is checked to be USER_DS if > needed. > > The TIF_SETFS flag is added to _TIF_WORK_MASK shifting _TIF_SYSCALL_WORK > for arm instruction immediate support. The global work mask is too big > to used on a single instruction so adapt ret_fast_syscall. > > [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=990 > > Signed-off-by: Thomas Garnier > --- > v10 redesigns the change to use work flags on set_fs as recommended by > Linus and agreed by others. > > Based on next-20170609 > --- >  arch/arm/include/asm/thread_info.h | 15 +++++++++------ >  arch/arm/include/asm/uaccess.h     |  2 ++ >  arch/arm/kernel/entry-common.S     |  9 +++++++-- >  arch/arm/kernel/signal.c           |  5 +++++ >  4 files changed, 23 insertions(+), 8 deletions(-) > > diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h > index 776757d1604a..1d468b527b7b 100644 > --- a/arch/arm/include/asm/thread_info.h > +++ b/arch/arm/include/asm/thread_info.h > @@ -139,10 +139,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, >  #define TIF_NEED_RESCHED 1 /* rescheduling necessary */ >  #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ >  #define TIF_UPROBE 3 /* breakpointed or singlestepping */ > -#define TIF_SYSCALL_TRACE 4 /* syscall trace active */ > -#define TIF_SYSCALL_AUDIT 5 /* syscall auditing active */ > -#define TIF_SYSCALL_TRACEPOINT 6 /* syscall tracepoint instrumentation */ > -#define TIF_SECCOMP 7 /* seccomp syscall filtering active */ > +#define TIF_FSCHECK 4 /* Check FS is USER_DS on return */ > +#define TIF_SYSCALL_TRACE 5 /* syscall trace active */ > +#define TIF_SYSCALL_AUDIT 6 /* syscall auditing active */ > +#define TIF_SYSCALL_TRACEPOINT 7 /* syscall tracepoint instrumentation */ > +#define TIF_SECCOMP 8 /* seccomp syscall filtering active */ >   >  #define TIF_NOHZ 12 /* in adaptive nohz mode */ >  #define TIF_USING_IWMMXT 17 > @@ -153,6 +154,7 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, >  #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) >  #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) >  #define _TIF_UPROBE (1 << TIF_UPROBE) > +#define _TIF_FSCHECK (1 << TIF_FSCHECK) >  #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) >  #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) >  #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) > @@ -166,8 +168,9 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, >  /* >   * Change these and you break ASM code in entry-common.S >   */ > -#define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ > -  _TIF_NOTIFY_RESUME | _TIF_UPROBE) > +#define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ > +  _TIF_NOTIFY_RESUME | _TIF_UPROBE | \ > +  _TIF_FSCHECK) >   >  #endif /* __KERNEL__ */ >  #endif /* __ASM_ARM_THREAD_INFO_H */ > diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h > index 2577405d082d..6cc882223e34 100644 > --- a/arch/arm/include/asm/uaccess.h > +++ b/arch/arm/include/asm/uaccess.h > @@ -77,6 +77,8 @@ static inline void set_fs(mm_segment_t fs) >  { >   current_thread_info()->addr_limit = fs; >   modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); > + /* On user-mode return, check fs is correct */ > + set_thread_flag(TIF_FSCHECK); >  } >   >  #define segment_eq(a, b) ((a) == (b)) > diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S > index eb5cd77bf1d8..e33c32d56193 100644 > --- a/arch/arm/kernel/entry-common.S > +++ b/arch/arm/kernel/entry-common.S > @@ -41,7 +41,9 @@ ret_fast_syscall: >   UNWIND(.cantunwind ) >   disable_irq_notrace @ disable interrupts >   ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing > - tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK > + tst r1, #_TIF_SYSCALL_WORK > + bne fast_work_pending > + tst r1, #_TIF_WORK_MASK >   bne fast_work_pending >   >   /* perform architecture specific actions before user return */ > @@ -67,12 +69,15 @@ ret_fast_syscall: >   str r0, [sp, #S_R0 + S_OFF]! @ save returned r0 >   disable_irq_notrace @ disable interrupts >   ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing > - tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK > + tst r1, #_TIF_SYSCALL_WORK > + bne fast_work_pending > + tst r1, #_TIF_WORK_MASK >   beq no_work_pending >   UNWIND(.fnend ) >  ENDPROC(ret_fast_syscall) >   >   /* Slower path - fall through to work_pending */ > +fast_work_pending: >  #endif >   >   tst r1, #_TIF_SYSCALL_WORK > diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c > index 7b8f2141427b..3a48b54c6405 100644 > --- a/arch/arm/kernel/signal.c > +++ b/arch/arm/kernel/signal.c > @@ -14,6 +14,7 @@ >  #include >  #include >  #include > +#include >   >  #include >  #include > @@ -571,6 +572,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) >    * Update the trace code with the current status. >    */ >   trace_hardirqs_off(); > + > + /* Check valid user FS if needed */ > + addr_limit_user_check(); > + >   do { >   if (likely(thread_flags & _TIF_NEED_RESCHED)) { >   schedule(); This patch made it's way into linux-next next-20170717 and it seems to cause hangs when booting some boards over NFS (found via bisection). I don't know exactly what determines the issue but I can reproduce hangs if even if I just boot with init=/bin/bash and do stuff like # sleep 1 & sleep 1 & sleep 1 & wait; wait; wait; echo done! When this happens sysrq-t shows a sleep task hung in the 'R' state spinning in do_work_pending, so maybe there is a potential infinite loop here? The addr_limit_user_check at the start of do_work_pending will check for TIF_FSCHECK once and clear it but the function loops while (thread_flags & _TIF_WORK_MASK), so it if TIF_FSCHECK is set again then the loop will never terminate. Does this make sense? I added some instrumentation to check if TIF_FSCHECK can show up during the do_work_pending loop and the answer seems to be yes. I also tried to get a stack with a set_fs call from inside do_work_pending and got the following: [  227.582402] CPU: 0 PID: 829 Comm: sleep Not tainted 4.12.0-01057-g93af8f7-dirty #332 [  227.590171] Hardware name: Freescale i.MX6 SoloLite (Device Tree) [  227.596275] Backtrace:  [  227.598754] [] (dump_backtrace) from [] (show_stack+0x18/0x1c) [  227.606339]  r7:00000000 r6:60070113 r5:00000000 r4:c105a958 [  227.612016] [] (show_stack) from [] (dump_stack+0xb4/0xe8) [  227.619258] [] (dump_stack) from [] (mydbg_set_fs+0x40/0x48) [  227.626671]  r9:c08cf35c r8:ee1cda7c r7:ee1e3dce r6:bf000000 r5:00000000 r4:ffffe000 [  227.634433] [] (mydbg_set_fs) from [] (__probe_kernel_read+0x44/0xd0) [  227.642629] [] (__probe_kernel_read) from [] (do_alignment+0x8c/0x75c) [  227.650909]  r10:ef085000 r9:c08cf35c r8:00000001 r7:ee1e3dce r6:c011b84c r5:ee1cdbe0 [  227.658748]  r4:00000000 r3:00000000 [  227.662338] [] (do_alignment) from [] (do_DataAbort+0x40/0xc0) [  227.669921]  r10:ef085000 r9:ee1cc000 r8:ee1cdbe0 r7:ee1e3dce r6:c011b84c r5:00000001 [  227.677760]  r4:c100dd3c [  227.680308] [] (do_DataAbort) from [] (__dabt_svc+0x64/0xa0) [  227.687714] Exception stack(0xee1cdbe0 to 0xee1cdc28) [  227.692780] dbe0: 9064a8c0 ee1e3de2 d82727d8 00000000 ee1b20c0 ee1e3dce 00000000 ef08572c [  227.700971] dc00: c0bb2034 c10c75ea ef085000 ee1cdc74 ee1cdc00 ee1cdc30 c01761a8 c08cf35c [  227.709158] dc20: 40070113 ffffffff [  227.712661]  r8:c0bb2034 r7:ee1cdc14 r6:ffffffff r5:40070113 r4:c08cf35c [  227.719382] [] (inet_gro_receive) from [] (dev_gro_receive+0x2f0/0x618) [  227.727746]  r10:ef085000 r9:00000001 r8:00000000 r7:ef085710 r6:c1008b88 r5:ee1b20c0 [  227.735585]  r4:c1009f78 [  227.738132] [] (dev_gro_receive) from [] (napi_gro_receive+0x78/0x1f4) [  227.746410]  r10:ef085000 r9:00000001 r8:c10d15ec r7:c100792c r6:ef085710 r5:c10c744e [  227.754249]  r4:ee1b20c0 [  227.756801] [] (napi_gro_receive) from [] (fec_enet_rx_napi+0x39c/0x988) [  227.765253]  r9:00000001 r8:f0c8a960 r7:00000000 r6:00000000 r5:ef086000 r4:ee1b20c0 [  227.773010] [] (fec_enet_rx_napi) from [] (net_rx_action+0x21c/0x474) [  227.781201]  r10:ee1cdd78 r9:c0fa7b80 r8:ef7dab80 r7:0000012c r6:00000040 r5:00000001 [  227.789039]  r4:ef085710 [  227.791593] [] (net_rx_action) from [] (__do_softirq+0x158/0x534) [  227.799437]  r10:00000008 r9:ee1cc000 r8:c10ce568 r7:c100792c r6:c10247bd r5:00000003 [  227.807275]  r4:c100208c [  227.809824] [] (__do_softirq) from [] (irq_exit+0xec/0x168) [  227.817147]  r10:c1007ea0 r9:ef010400 r8:00000001 r7:00000000 r6:c1007d3c r5:00000000 [  227.824984]  r4:c0fa534c [  227.827534] [] (irq_exit) from [] (__handle_domain_irq+0x74/0xe8) [  227.835377] [] (__handle_domain_irq) from [] (gic_handle_irq+0x58/0xbc) [  227.843742]  r9:f080b100 r8:c105ae80 r7:ee1cde80 r6:000003ff r5:000003eb r4:f080b10c [  227.851498] [] (gic_handle_irq) from [] (__irq_svc+0x70/0x98) [  227.858990] Exception stack(0xee1cde80 to 0xee1cdec8) [  227.864056] de80: ee7a1140 00000001 00000000 000012a9 ee7a1140 ee9d9f10 ee76edc0 ee9d9f60 [  227.872248] dea0: 00000000 ee9d9f10 00000010 ee1cdeec ee1cdeb8 ee1cded0 c038a77c c0389688 [  227.880434] dec0: 60070013 ffffffff [  227.883937]  r10:00000010 r9:ee1cc000 r8:00000000 r7:ee1cdeb4 r6:ffffffff r5:60070013 [  227.891775]  r4:c0389688 [  227.894327] [] (nfs_file_clear_open_context) from [] (nfs_file_release+0x54/0x60) [  227.903558]  r7:ee9a78a0 r6:ee68f010 r5:ee9d9f10 r4:ee76edc0 [  227.909235] [] (nfs_file_release) from [] (__fput+0x94/0x1e0) [  227.916734] [] (__fput) from [] (____fput+0x10/0x14) [  227.923448]  r10:c10d4298 r9:00000000 r8:00000000 r7:ef2ed780 r6:ef2edc00 r5:c10d5180 [  227.931286]  r4:ef2edbd4 [  227.933839] [] (____fput) from [] (task_work_run+0xc8/0xec) [  227.941166] [] (task_work_run) from [] (do_work_pending+0x12c/0x1c4) [  227.949271]  r9:ee1cdfb0 r8:00000000 r7:00000000 r6:ee1cc000 r5:00000000 r4:00000000 [  227.957029] [] (do_work_pending) from [] (slow_work_pending+0xc/0x20) [  227.965219]  r10:00000000 r9:ee1cc000 r8:c0107e24 r7:0000005b r6:b6f76568 r5:b6f741f0 [  227.973058]  r4:b6f76904 Maybe the reason this reproduces easily in this particular setup is that ethernet causes lots of alignment faults? -- Regards, Leonard