From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754084AbdGSO6h (ORCPT ); Wed, 19 Jul 2017 10:58:37 -0400 Received: from mail-sn1nam01on0051.outbound.protection.outlook.com ([104.47.32.51]:7616 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752288AbdGSO6d (ORCPT ); Wed, 19 Jul 2017 10:58:33 -0400 Authentication-Results: spf=fail (sender IP is 192.88.158.2) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=fail action=none header.from=nxp.com; Message-ID: <1500476300.22834.13.camel@nxp.com> Subject: Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return From: Leonard Crestez To: Thomas Garnier , Thomas Gleixner , Stephen Rothwell CC: Ingo Molnar , "H . Peter Anvin" , "Andy Lutomirski" , Paolo Bonzini , "Rik van Riel" , Oleg Nesterov , Josh Poimboeuf , Petr Mladek , Miroslav Benes , Kees Cook , Al Viro , Arnd Bergmann , Dave Hansen , David Howells , Russell King , Andy Lutomirski , Will Drewry , Will Deacon , Catalin Marinas , Mark Rutland , "Pratyush Anand" , Chris Metcalf , Linux API , the arch/x86 maintainers , LKML , , Kernel Hardening , Octavian Purdila Date: Wed, 19 Jul 2017 17:58:20 +0300 In-Reply-To: References: <20170615011203.144108-1-thgarnie@google.com> <20170615011203.144108-2-thgarnie@google.com> <1500388566.11612.74.camel@nxp.com> <1500398311.12096.30.camel@nxp.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-Matching-Connectors: 131449499109163201;(91ab9b29-cfa4-454e-5278-08d120cd25b8);() X-Forefront-Antispam-Report: CIP:192.88.158.2;IPV:NLI;CTRY:US;EFV:NLI;SFV:NSPM;SFS:(10009020)(6009001)(336005)(39860400002)(39840400002)(39380400002)(39410400002)(39400400002)(39850400002)(39450400003)(2980300002)(1109001)(1110001)(339900001)(377454003)(189002)(199003)(45074003)(24454002)(51444003)(377424004)(76104003)(9170700003)(7416002)(33646002)(356003)(76176999)(77096006)(53546010)(50986999)(626005)(5660300001)(498600001)(50466002)(103116003)(69596002)(104016004)(4326008)(229853002)(85426001)(5820100001)(38730400002)(50226002)(2906002)(36756003)(53936002)(106466001)(23676002)(8936002)(54906002)(2950100002)(47776003)(2870700001)(105606002)(86362001)(93886004)(6246003)(7406005)(305945005)(8656003)(81166006)(189998001)(8676002)(99106002);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR0301MB0911;H:az84smr01.freescale.net;FPR:;SPF:Fail;MLV:ovrnspm;MX:1;A:1;PTR:InfoDomainNonexistent;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjFBRkZPMTFGRDAyMzsxOnp6U0hsdXhTV3E1Qm1mN1NDR3FyVFZ5bkZl?= =?utf-8?B?Y2JyLzRjeE41cWl5MHVzMTdzckFyNWkrYmRXeEw5YXM4ckR3eU14Tk1EMkhZ?= =?utf-8?B?cEE0YlA4Y1dLeVozdDI3NjNsaEExaUZQd3d4aXYxQ2pGVURkU1NpKzh1UEVJ?= =?utf-8?B?TkVqazd1WFF1TTFXMWgvREhBcVhBZXhQQnpvWllrM3dXdklyV2EyanRsVmd2?= =?utf-8?B?NHlDRWhrOVYxVXdIWTNsNGJCMWo1ZmROb1lDdnFRSjZYUnRKQVh5YXhNYnNz?= =?utf-8?B?emYvKzdxNXkvdE5LUUZtaVA2cnpaZmxyUzYzamt2VklvWFQ1Vnl6R2dWc1ZD?= =?utf-8?B?cnpPOG5HdFYzN3VHL3E4UDVhMmJBUC9SdE5kNnBNZE4rZkxHbXhpM3k3VkVu?= =?utf-8?B?WElPMCtjN0xMTTE3dGdXbVd3NjR5NGtBbS93emg5djhURkJDZHUrUzk4aW5n?= =?utf-8?B?SFV5dU5DR0Z1ZVZHSml2emJoSk5RcThmSXhVNXV6M29CUnNZaUlUMlhEakNV?= =?utf-8?B?MDdiTzFocWdLdG1xNnlHSk4wSGRmdXZDa3lzWnhUeERmeHNXc05ZcGMrSUVh?= =?utf-8?B?NzJDWElENWV5T3FQb3h4UytXdjQrM2cyVW5xTW5adjRyUmxNa21YQzFjTUNm?= =?utf-8?B?Qk1tTndScThFN1U5RTZCZm9GOS90WENiSkZRZ3NUMUNLUkxmTW5rdzE4ZHFq?= =?utf-8?B?ajluQ0o3M0FLVlZ6eXorOTlaWCtnMm1zeWQ5N3A3NXZVZ2VETXZ5RlpxQUJ6?= =?utf-8?B?S0FLbFpwUTVOMnd6ZU9SSFdkSFM0ei9tVkw2TkMzOW5Ld2dodzRDaHd2aUNw?= =?utf-8?B?clhVRVdoZDNqaXhORFZRUEdubVpvaS9SZ0pCU1ZIL1hkRmpKYlQxWmhnbzlt?= =?utf-8?B?MG81bHJwYTVwd0E3Q3phUEJlVTljejRPdVZ4ZGtOdENVVkU1SzVja2FQK2xW?= =?utf-8?B?M2M2bU81ZHVzL1RsRldmU1A2NnBYaU5YYmQ0amJmY2YzSkFlVEtFNmFoNWlz?= =?utf-8?B?QzhIc0ZQaGtJZUZlV2U0RGdUT0Nuc3JlbnZTMHRraFpGUXFKVG5ZNFRRYkxL?= =?utf-8?B?S0I4eUVDbTE5Smp4d2dxU00rUGI5TTYrYzViSTBuTTlMRThSL1BKN2NDM1dG?= =?utf-8?B?bWFYWnZjZ1BsdHJGTFdCdVdZKzQ5d25yQ3g1cUV4SEJ5cG1xdnM4ZjF3MUdu?= =?utf-8?B?bnlsTjc4VitPVmt0ZnJFVTZJRHNBb1JWUVlhcCtzTVdZQmhtbzJHREZMWlJQ?= =?utf-8?B?d2ZWTU1DeXNuaFgrUVVVc3pMbHBnS2w4VUgrai9TTHowckpiMitocXpHUkQw?= =?utf-8?B?U1B4d2ppak9iU0N3dUhCUXJnSW4vKzZrQm9URWlxNHlhRVFuV2xmUVhWUGlS?= =?utf-8?B?R0NmZ1VWakVyWjFiUGtGbG9TM0ZlVGxTZ3JMZU4wOVA2V1BZMmIzN29YeEFj?= =?utf-8?Q?622RGPza1p1joaacbPvxBzL8ZSS?= X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 522c05c1-2a70-441a-f5b9-08d4ceb69eb1 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(2017052603031)(201703131430075)(201703131517081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:DM2PR0301MB0911; X-Microsoft-Exchange-Diagnostics: 1;DM2PR0301MB0911;3:rp2IMe/lZEHjFjmdOhO+h1xBeyGFMMJOSWKziXFfCvEpcziskIlhfJRNrBWEfRZvcmETgpd5Ly3GYYKHyfGiT76Vs9eYUdFlD5GLOE1gqH7bxnB5rbLA2BdIcryf6lXOeakkg5NtXMkrRnwIJb5zpw6sRpkJC2+tmB4STV1GOpvQpFm3O3CTAaU8RLEVKoblZZatieIS2F1gGa7H/19hDRcdGCNYV6A+UcSpuhsO49qMNcjvp8awOsLWclSUx+GHYlfrDTUqGEcVL4xA2aQubsf+WjNZfe24/+mpQOHhpM6guZeCxETefW4bOD21181NIDxOJDQSQ7pIAZ/9ZEBmVSV6r4cfNBV6FsKbSZywcaoOApFH+A+oB9nLU1PrdU/tesgqRMmmw31mjfXKe/CbV3eOxKE9bjYFHjPuup+jELniYOEUxMzVxhZaOTKJhwr73hmr/W+z33OFbUfpqnlgJfU2pzBYpI/jC9YCD8QdD3l2rwdp+qAdhxCPHywfa+xYMFac+/021Ht3Rxp21OGotcY680NZU7w3LYSuO2DHQ6ZXs1pyKG6OvBmjX4eVenHMosDm4YqyLjoM8ObOkNB1kTJW9Ur98157LyEwZnm2BdOCbK8bRQ3jlJ84T7QX/uwmDiLzzFYmOntRSfnxsjg54zYsVT4xlDB5TtnbR5RrV42g3CSYdvAsEZYyZtNFxC7UrsOS31oBUaVbHLuSRwhK+JGVngLF4OS6O9w3qBfc+43RL/+oUdNGCXOhffI8KEMab1+gYKNUKoWuUNmpC3Ezrcs5sf8TuiTxHH9Y15+l295encRNIcdYmz/misTSBSs4RbEGreiOwnhDyiWSRQEPbYtmdp/HmerczZbRsvVYSAc= X-MS-TrafficTypeDiagnostic: DM2PR0301MB0911: X-Microsoft-Exchange-Diagnostics: 1;DM2PR0301MB0911;25:TRzjJviruEP325cBC83gJiunkuVk3QJH9XEtDIXxF6M03skOh7rkVg7NP0MsqauJH5GA04eHKeJDlLyUYoEdQGvvYElna3ALh+eMisYbrJlGaR1t0dd3B+abDH5G+JEBmnZ2WqiSGADUla0l+RT+Hiqz7oien8mLjJEiGF+3IwVWzoTRkRI7d/MANHamX9LDIbuY9zzcldpeGE4vyzlTEHprnqnnRLgFbxUJf4KWHzistAcoJx+2wA1bD1F2ElFqn1Q0cq9SUQ3ZS2AS+lY5hMLZ5f7KTBwQxnGyy2Cas/VO3O0rl29vqPIiGWCxdVUYhxcWU+EEI1mIsNOxi+WMmxBMQBShoMsXWKcYGrhniji+DmjI3uz8ioGdoQebrDJTJWIj0zvs9ybR7EBxE3Nwd2a5R5NVyM98Olq2Mj4IQzzi5+jnlCZAHQOx7XTKSz2dYq00B5DWNA9ASQBSdV5pYx8fWozszL4MNtN30AVKhwiQHH6Q3/tzXhi9MZNbiM1Ng7i/n9/dxfLqOWTa2qkV8v2ty9Pv5qF96WelY9hyXq8hSxbEEXzXdxYen+v792u1nFHdln3j1ZQAHwiZ8Ro1TJVRL9Bf/vj0YYVvqVIPfcMOGj5yFkBnP4It4Q7lhbdi+4ZekCfpzPX90oBAfsg6c+hBc415QbnKSERXRvRaPiclkHGCC6VNEPirjz6uTSuy4QVOoc99RAcvC95KRqBoipeR9QNsNKRBIwUlZQWJ7qR8zjaFZDNU35fsyjS8yQDZ91rbZ6PTv8BIK4g0f+2SBRy614FL219o+Jhq6YXpOMKngiLKBDig4lf8+ieHVy9uwvL3F7MlIVYzsEPr7lnTFXNLkIC/6t17hrDkKmeLFr1q5QCgT2pO8nS2zhtBlISTZsGgYxAffwHXTQt8xeO8/WmAmru5K4t4S1WVGFYhqxQ= X-Microsoft-Exchange-Diagnostics: 1;DM2PR0301MB0911;31:2n53fGTwF3/ok95GkU0gtbNFwIM+sjsVs5fwfwX3rcyn5N/Vw532GRU5utcIaIY+DFuv8d1GO7+VikUF7NoBXKB8+qPbHcFtAcs+rO3+L8C/QMSuSPNyzFu5dfcT6v61KSV67Y0oQSMba6fTBQNko4h585Ng8UtIiHoZMhPAO/fjGDlqbWUvldXX2evsKtgUW98OPIdPIjfSvk+cpa/RugPXZhtqBIw1rRyI0E4wEo8VFM1SK9WN6v9xPrNuK5+7rAk9IXP7lv05Sexar5Gni+9zLz7TmgBGgy+lhk1n6js31kSVKLCd/ruvU072Tf2P66k/hyifkUi7ReYV1C+9sSRKdTaY2eUnxFVyQ9NGeA3u7rqUxea0Wvja6dIAkIJHEq2jcaM1xXLfUb1yOl9ppDhfohIHjprmlm4fQZsH0awYlUJhukwa5zIin6Om31J4OuIImsKV6WnW7emxgpi1Z9DmIY8CoG1dc9OSsVhXe24i8iEyjiwGy9mcS44kv+RQOeZB3w1KhxIxAti2OJ3kRNO6XnqnuKI9chps8PsLGtVGwYQ7vHiKzTviWGFYJTWaIrB/ehjShcqdwnH1udBAXICuoxCWvaVqWkDQEfB3dWR5p1ZgTvAF7JbHxekdapU1ZT3i173k6f92G0HFsZDatK9yWsgf19WYHjHZSiAibCKm4oE0FveakEdnW5vQ9nuVuHpsisKhZiOCYAw5mrtjLQ== X-Exchange-Antispam-Report-Test: UriScan:(236129657087228)(192374486261705)(185117386973197)(148574349560750)(167848164394848); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6095135)(601004)(2401047)(2017060910075)(13018025)(13016025)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(10201501046)(93006095)(93001095)(6055026)(6096035)(20161123556025)(20161123565025)(20161123559100)(20161123561025)(201703131430075)(201703131433075)(201703131441075)(201703131448075)(201703161259150)(20161123563025)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM2PR0301MB0911;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(400006)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM2PR0301MB0911; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjAzMDFNQjA5MTE7NDpPOEJTS2dnNWVLUmpwanVaeFFkL2hpMDFB?= =?utf-8?B?Qmk1aFp1VE01M2dXUEFLQkYxcHV3TkJhUGZEdlNzNjRPeTE0Mk9tS25YdU5x?= =?utf-8?B?OGxsNloyWHN4UE5hZm5Jbkx3SGtadzNZbittSW1OdGs4WHArQmFXSFBwS0Ju?= =?utf-8?B?dEpLWCsyRE5jVy83VFlzaG01dXhaYjE4TEJGV2djc2pUNGtVTUVrSmdJZm83?= =?utf-8?B?elZqZm1IRjNaOHNJdmt0d2pVNEZsQVIvZ2lRL1dSSVYwMkpKMVhXL25xZFVW?= =?utf-8?B?cDQ4dDhaQjJ3bXhNVzFucGdWY0ZWQkdLS1J6ejhtM09hSlVxN2NrbjJFeWg4?= =?utf-8?B?cGlqWmF5dkZGdzhid25ZREJWZEhNdzh3RUp0WHpFQ3JrWXl3WUVLb3o1aFdL?= =?utf-8?B?K1dPMjQ4QVNaV3phdmNVMXZWdzYybzZvOXdjekxpczdGS1ltdC9kU1QxdytK?= =?utf-8?B?WkNhMzVVSmRHTnJEbWZBeFU5dGdEK1FieGVYUEgwWHJYY283ZXpta1A0TU5k?= =?utf-8?B?dm9VK2JlWnN5LzhHZmx5b21KazQ3djFHRlVsZVBYTTRQSzAzbkU0dTA5eUN5?= =?utf-8?B?WmJqSml3dmtJdDY1azVUNnlCWFUyRWNQOFV4T1J3Yk5DanlrL1d3SnJ5L0Rp?= =?utf-8?B?NFZ5Tm9SdmgzeUoxREdrUDFxY0ZYSExnSzlzODFZemxBSG1WTHBlUWg4OTlu?= =?utf-8?B?Z3ljNTFiMUtBQjdLcVVQYlY0SDRCOWcvRGlCWnpybWtJb1FadjZrd1pOeVZQ?= =?utf-8?B?U0h2L2hwNFQzdTJ2am1TRm9RT1E5cDhEVGM0UExzUFZOaVZsek5EM25sUmp1?= =?utf-8?B?S1JrWE1Jd3hQckdSdkppZ09hcmwzTGxPWWRnaXRLN1NhdkVLRHlWMDdjTVp2?= =?utf-8?B?dmdIQVZ6TzdvcUhJSThuSXo3UnhzM0EvdkR6QWhOSStHVHBlZUlTREQvYlV4?= =?utf-8?B?dkdEcHR6WnY1dlhlbGdnRnhTZC9SYk5kTHV5QkN5UStYZG12bFRyVVN1VkIv?= =?utf-8?B?MXhXUysySHlYUzRjN3JaTTBBc3dxNGhxVWREamdjaGIyRUpyOW5IM2I5VjRF?= =?utf-8?B?RlVrdTJ2RFFRUHh2TUhGYWkwZGtqWHZnMnRuNE4vWVd6Rm1lK0Iwdy9MYmJ6?= =?utf-8?B?RkxMSkd5RjlWcmZSVTZnSDBuZ1laN0prYXlla0VtTi9rd2RkZXlWWG5JK0t0?= =?utf-8?B?WnhYelZQMEhGV2dLQkNHSm42YVdlekcyQTNVS05SK2NHRjlycks4NXdZRHl1?= =?utf-8?B?c2FZa2pWbFBrSDMwOXJ2d2U3bHV6dUNZWXk2RjlwdFRyQnp1UzM1dVFteXlj?= =?utf-8?B?cWQrK3FJbEl6MFBRcnM5Wk9HYzNSYkhpMWlyNmxWdXBvQ1VxU2xjYjJOTk1I?= =?utf-8?B?NytyTXZWbklIMjRvaVFCZXo2MWIxUTMwbXlhZ2ltRDhzOFVvSUJ1UTVTbE9i?= =?utf-8?B?dmMxZHpTOHl4V1U2NXlaWUw0ZmNGVGxiTXhkaW0wQjFxdUdzTFN5bUtqSW1X?= =?utf-8?B?dmFkVVE2ZURZRlhGcW5VZTBwVFFpRGgzc1dxeE84S2MzZzVmOTZGaXlqWVAw?= =?utf-8?B?Q1cycURJV3REMVN4Ly9pZVd1SmtKcTNGYmQ5SUxZN0ZGQUNjYzRUWjBMSWZr?= =?utf-8?B?V0dNcm1ON0JnVTFVVC9pYS9DTGp4QU16YmNiekd4MStQV0NXRGQ4TlUzZURQ?= =?utf-8?B?RDRWUFJpVXR5NEMwTi9sOEFvcVdicXpoby9vSGdXN29Xem5WTSttU1luZk93?= =?utf-8?B?SHp5d3ZpL29NaXFUd3VNWEZKZ1FDaFZvLzlqWXZQaU5PYnhJS3NvazI1V25m?= =?utf-8?B?QnBqNVgxeHhnMkhDRzRpNXl5eDIrdzJ0WjBjSU03a3NIL1lqUDJ2WkZ1RGly?= =?utf-8?B?YXkwWGpWU2JGa01HdzY4QnloM25BRlZIelZ1WjlGZUZoU3ZBbDZLT3NIR2Jh?= =?utf-8?Q?DVo9i8P7ut0x1Qhb4doU8TENRyKG2ko=3D?= X-Forefront-PRVS: 0373D94D15 X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjAzMDFNQjA5MTE7MjM6VGZsM2dEcFVnOENaazNrYjJxemF2UTgr?= =?utf-8?B?TnE0MG81WGFBNlJrTlkzVFBYdmFLSlowZTFmWW5EOXF0UklJeE55N0ZHTFBh?= =?utf-8?B?ZmtVNkxvcUREREVJS1dNQld0ZzlOQXZDVCsxYWVLNnl4R2xSK2l2OU5ZWWEw?= =?utf-8?B?UlpjNEZVM2FXMWoxVmxnMVRQV2wvcit4czh5eDVVKzJwaHpFQ0FmS3pjZW1l?= =?utf-8?B?NzVpU3ZoM3ZSRENzUTZIM1dwVGZxYXI3RGI1QTRsYzQ1Q0VzWHBZOS9VcE12?= =?utf-8?B?LzNtVGgrSnhlYUJBdHVOdE40T1oxcEwweVFaQ3ZjZEczOURDQkkwN2VlYmlt?= =?utf-8?B?Nk5zUGV3anE3NTdSL2NyTFRwMW5rbzV6S0pFU0ErUDdQVmsrVG91Y3NxNE1a?= =?utf-8?B?bDZWTGdVZTg2U1RRemFaTnNZSC9LOFRhN21vWnlxZXZDNGpJNFJsTkVoYzNu?= =?utf-8?B?R3hEaGdyYTRVYVRrL1MwVFEwR2NzSnVNTlYwUlFjNnNXT1U1UitMMlg1WnB2?= =?utf-8?B?RFF3ZlNBMnU3d0U1YUhJbFlWQ3l6dTJza1N3NmtiMUczVTFVbmtQdHhLRkZG?= =?utf-8?B?T3NjQkR3WkFmd1Jpaks4K3JpaklhK3MzaTdrTWFwY05ST1M1MEE4OXQ4UENN?= =?utf-8?B?VzVqcWJhVVRFbTFUSk02d2tZWGlaS0oxRDkrZHB1ajJleFUxVTFsekZCNE1R?= =?utf-8?B?ZWlaVjNTcjdCTkVnL1RYU0gyTEgzTFZhVnlmaGlKTi9XRmhzbXVneWhlU2NF?= =?utf-8?B?V1NpdDI0a3hGdzBNSFFRV3pPVjUvTDcrY0J1cTlrUGs3bUtReW4xZ1FEM2ta?= =?utf-8?B?TDZKZkxSNndCTFZnZk91MWpCL0h1K09MOENPdkpWMEorVDNpNjZWa2hKSXlY?= =?utf-8?B?b01JVGltanpCUUlxa2JQUHY4c1NkRmtHTFNXelpCdHhMbk5FaVB3dUExbGRH?= =?utf-8?B?S2c0QnU4RGlQcG5xOTVKUlFTZHlmK0x3bFdqbXNkRkNBK0hudTlEL3dBcVQy?= =?utf-8?B?NG9FRmpOM0NjUjNSd0xWNUhOWWNqa0Uxc3NIUkUxa3IvamVUSjJKRTAxMnZa?= =?utf-8?B?RGhIK0FHdWhHb21ITnB2MnhaaEZzTlU1R3FYNUpkMlNKbklrWHZGeTI5T0Q0?= =?utf-8?B?REdpYnNnc1lvbThNcjVRemdvbnN3d2s3Yzc5SnRxczNTWWY4M2RpT0tHU3pj?= =?utf-8?B?Qml4bEZsNU1WeUNRSU8waEpzUWlJV2IvWWhvYjlzR1ZXUW41OTFOc3ArbXU5?= =?utf-8?B?ZXdDR2RXcUxuU09ab2VMZWZDWEEyb2I4MlB2M3kxYzlqdlJxTFhjNUszWGJx?= =?utf-8?B?VWRTZXoxWU42OHN6V3JWQXQwaC9VS3h0Uys4endmcUVPaStvMU54V253TGow?= =?utf-8?B?YWF3NmVlYlhEOXhkemYvMUI2V1V0TzNBdXpCT1lTbGp4L1QxR1p4Y203Z2g5?= =?utf-8?B?WmtiMTlnMXdZMnpFQUxCRGJ2ZUFpUlJXZC9SbnV5SUMzRmQ1Ui8yellObGov?= =?utf-8?B?SzFZNkplNVlZTmtHaW14dGV2akViNmtBTHJRc0htMkxHb1RLT2xKVll2Uzdo?= =?utf-8?B?akIvNmZMRlpiUHBoK2NyellkTlF2eEd2d2FNeGtCU2NobXN0eGRxK3RFajJa?= =?utf-8?B?OC9lN0cxQXFHV05WcDdKU2VkRUtIODB1VXBmU0ZoNWc2K0JFK2t1RG9XUkVI?= =?utf-8?B?b0lDU3JZVExnUXNOQWcyQlVWeE9IMVdpRlpLNGlEbys1V1MzeWpTQXRna0ti?= =?utf-8?B?eWVzb0piYU1HR1NIMzgzczlNdkFEd0RKbTlHMU5WWm5BOGZGZnZod1A2YU9Y?= =?utf-8?B?aXhPSFZOSEZEQkFDQVJEcXJrVUZBbk9pVlp5ME5DK3RRNGxRTGl6UWVGNDJQ?= =?utf-8?B?akVjZ3YvZzhwdU1qQjJpOTZxQ0R5NXQybjVsNTJ2TXVVOExCWGxGVituSDkv?= =?utf-8?B?SlBEcW9IYnZPVnVUeFp1OHNkeWcybU1ZbjJZdHdOblczU3o4SEhqNmt2Zm90?= =?utf-8?B?TW5EQWpNbE9jSXhkcjZhdVIyeGlISVM0VWlUSFdaWldnOFBuU2FMRTI0U0xQ?= =?utf-8?Q?XFPiDD8JDpY5NmdkjsGLNO8FPtF?= X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjAzMDFNQjA5MTE7Njp1a2JWM0E2bDFXS3B3NXJMa1VQZU45WGVs?= =?utf-8?B?TGdRSENFNG9oOXlEaE93MUhvalQyNk9CNHBXM05RNnBmeXcvVTdCd0FlWkZO?= =?utf-8?B?WG9qSkxSRHJyV08vZnIrdW1lM2FoZ3BtOE00UlFjTUR6V1NWSUEwVXZQbUdp?= =?utf-8?B?NTJWNzNpR1hXMUc0bDFnZjVhQWs2MzNRSW54L1pqT24xNm40UERodTJvd1E0?= =?utf-8?B?LzdrNE1sdzQ1NS9QK0VwcG9UNk53VEVUQkthTE90ZDRpd2VRSEFsMERJOFMx?= =?utf-8?B?cVBUemhpNmpML1JSbVo1R1VKck1Tek16VHY5NWdYbU5jZElKaTIwUkZ0ellP?= =?utf-8?B?cktPaDF5T2s2dExZRnNRU21DdndiaFVHUlI0QmxkbXZoVU90RDliVmMrVFd5?= =?utf-8?B?Q0luZXJpbUZLa1hjZTRHdDlCR0RFT3JoUXl1ZnRoL0RKWC83aFBRZm1KR1J6?= =?utf-8?B?ajg2cTBZdmxPam5mckZJMVlLNnZyZVkwZXhRckVCMzVwbnorYjdqRE1FRVo3?= =?utf-8?B?Z0RHNEtkd3liRm1MTEljK3hNTWlqYmZpTjBwYnFMZkx0YmVrT0VKTDlYdVBD?= =?utf-8?B?aXExZ3k3L3BIRjRta2dxQTI4VjgvTDdxM240MGFaSTFhaVJ3eDk0dFJwc05R?= =?utf-8?B?aDZjVDgxZ0hueUtTUktaZkIzZ2tieFZkUmJKSmtKKzd4bi9HOU53VWJXUmVW?= =?utf-8?B?NVgvSGt2UlJkYjhlQ1RxWDlvZ0NoRUhXYVpybEJ3OGQvbDhvMUFYV1lOT1ZD?= =?utf-8?B?Qk5DaEJlMWp4OVZzOVVySlQvTlpqL1hBREQyVFhhVzRQbjVyc0RCZkZYbEVw?= =?utf-8?B?M2FEOFRRdmJoMlMza3ppSE05LzJJU3ZxTUtFUkthYnR4TTY5WEhZSmZDL2dw?= =?utf-8?B?YmFwdXJkS0RwdFNVTVZVQStjaHhxUFVHc1d6Mi9YaTNRWHlHYjZycFN3TFJr?= =?utf-8?B?cHVDTm5jYXpGazh3eThaa0xON2wvNVlTaTBpUGpXN2czazVrTGV6K1Z4S21Y?= =?utf-8?B?MXF1UGhYS0xYQ3BtcTBvMkdXR1p2V3B1QVdHNVhRVFozSlRDbFNLZVhLaXla?= =?utf-8?B?N2hBSmdheTRZcDVkalA3dUpmSSt6Y2U5MHBSMWZRUStHNXh6d0pVK2FBcEht?= =?utf-8?B?ZzgxOFdXS0tiaTBsZERDSXcrQVNlVXRJczRqVWJka0ZhUlhRWFBhQm1OTVRs?= =?utf-8?B?Y245TVY3b1c0UW9oSllNSUtReWRvYnZ4bTNQRkFEWDI0cGVWYytYcHQvWW9N?= =?utf-8?B?U1hJYTczOXdDeFE4Zmw1aTVtMEUvSDhVYmJVeVFBOHVQUEozczRNZ2dhUDRD?= =?utf-8?B?Q3dmdk5iNEo2SXZ3PT0=?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR0301MB0911;5:cG+LyYSh/rfZ57nXT94SCPNqQi8G7/8jynlRtyR216Nn3Z1QcUphuZSGU4xerwNvhnhrx+7hOe66Hfb+YFU8wsUfdd2SUTTnhthaPKTWchqHPQ9eRXkppOaHfZ4KRUabQdpmIOEVsLAfOiDDyKJa1bLCSJZj5y97N+NuTSV+7FhfdVNYzSYv4vVc7rJyREjlfZchLxma329ve06zGCz26Yrjp8+eRTc6EXtgrgJWB6IINTFD2MPeHdYQGRyndVVozCye2EpEMGjwAMPAeO1TFzwq3AxKhVG3rsjjWexpHkvn+EDsAY8a9cQUhDxYMxJdvJyI0vMuJ1wVhTFBylEao/aDFaUPezIVJvIE1TMQAsoCO/lVzz6he9zm81O1I6M8c3wbD20BlybRk4h/THYq7TOHNUJN1xyiCnA5GD4FLhHdPrwKAXKESWiGFvGWAvDDi1KhilCUgAQJ5ZxAj+LYYOeYnbN5PPiVVZYiHIte02EiztFu2pt8dlRHem/SxgVU6XqvNYEebqQZ7ySmRjGJ4Q==;24:P0xhkgQZqzRFufHlGeoOdaioGZrOP5uCh8oCvueQRwgTO6fiAGKUGJ0sQRsJmphOKhtVp+LJxkZq1pFp7d7Owg5INDknj+YnDTKe2z9XROw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM2PR0301MB0911;7:0s+JFe1cFMrHtpO9uNeKyJ7XkcvsjaawmjtoJ12HNlpm0YZbTbBTx1tdIFa+wgW/mkp7ET0NvuqL9O8OxNBlLekZ/GmpDyGG4XCvwBJJAC/lilJ+HQQ7BmesTcUQLcUsrOFrnqIQjwDd39zKJNTr89cjN6OFR+arY0P4gGCKqLnlo+ZVRGBvURVRLB9Gi5deVzeTL7zVpLbq/0uCQcqUhLCyFvbbu5qDIBr9LmjDC0cfH0R1Xv0rqmKkFhJXQ2VDT7aT3ERWvkkGuUKMIxHuxQuBUBUhqhQYjt8d2d1zpVfsEDJSU58BkW9FjC5f4Fy7KeGVej6iXc+Tx6Y8FyNCYeU+42P7qJ6vBIk4KEKQWTnKr3nLpyIg1XQGujg2DSrV/Ubt5BJ+e5Zjgnd+MW0tPHbyrtUfXiLb3GTzvEEx1glYMIMJcp4qgKv4L2nvb70yl5N9HaCUtaIYzY3hV/MOp4rnFQjo167O2S1xWzE+9R1iCes9YIJ3XTXS3owtZwZ9zVZTJfQRS5mr+xgh9lS36iGy5IIfZTT2274lt4/Hne51ZCJM6LJwyk0mgvSdPX1Mw5bpJ/akysKMc/o5EzmfJMJGHtqyBnX+qXEbHQDJ88mqMoKiNXzmPNBBlNc1TNA644K5uTcS7ZdPHVsVq274iGoVwUDMtSofeXKLBjselvT4/QdunxzYj2iuQwUWk6MkfLNHgpvwgsXpxa/ZhkOrwLgLABzod7lxEW5Fe9LrRsTNqr/rAsIel45pyetQq3+Vr5tHrFCFqs2OAcaP5+LtMAixiAObFYUPvUsWzW1s2Q8= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2017 14:58:30.3703 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e;Ip=[192.88.158.2];Helo=[az84smr01.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0911 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2017-07-18 at 12:04 -0700, Thomas Garnier wrote: > On Tue, Jul 18, 2017 at 10:18 AM, Leonard Crestez wrote: > > On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote: > > > On Tue, Jul 18, 2017 at 7:36 AM, Leonard Crestez wrote: > > > > On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: > > > > > > > > > > Ensure the address limit is a user-mode segment before returning to > > > > > user-mode. Otherwise a process can corrupt kernel-mode memory and > > > > > elevate privileges [1]. > > > > > > > > > > The set_fs function sets the TIF_SETFS flag to force a slow path on > > > > > return. In the slow path, the address limit is checked to be USER_DS if > > > > > needed. > > > > > > > > > > The TIF_SETFS flag is added to _TIF_WORK_MASK shifting _TIF_SYSCALL_WORK > > > > > for arm instruction immediate support. The global work mask is too big > > > > > to used on a single instruction so adapt ret_fast_syscall. > > > > > > > > > > @@ -571,6 +572,10 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) > > > > >        * Update the trace code with the current status. > > > > >        */ > > > > >       trace_hardirqs_off(); > > > > > + > > > > > +     /* Check valid user FS if needed */ > > > > > +     addr_limit_user_check(); > > > > > + > > > > >       do { > > > > >               if (likely(thread_flags & _TIF_NEED_RESCHED)) { > > > > >                       schedule(); > > > > This patch made it's way into linux-next next-20170717 and it seems to > > > > cause hangs when booting some boards over NFS (found via bisection). I > > > > don't know exactly what determines the issue but I can reproduce hangs > > > > if even if I just boot with init=/bin/bash and do stuff like > > > > > > > > # sleep 1 & sleep 1 & sleep 1 & wait; wait; wait; echo done! > > > > > > > > When this happens sysrq-t shows a sleep task hung in the 'R' state > > > > spinning in do_work_pending, so maybe there is a potential infinite > > > > loop here? > > > > > > > > The addr_limit_user_check at the start of do_work_pending will check > > > > for TIF_FSCHECK once and clear it but the function loops while > > > > (thread_flags & _TIF_WORK_MASK), so it if TIF_FSCHECK is set again then > > > > the loop will never terminate. Does this make sense? > > > > > > Yes, it does. Thanks for looking into this. > > > > > > Can you try this change? > > > > > > diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c > > > index 3a48b54c6405..bc6ad7789568 100644 > > > --- a/arch/arm/kernel/signal.c > > > +++ b/arch/arm/kernel/signal.c > > > @@ -573,12 +573,11 @@ do_work_pending(struct pt_regs *regs, unsigned > > > int thread_flags, int syscall) > > >   */ > > >   trace_hardirqs_off(); > > > > > > - /* Check valid user FS if needed */ > > > - addr_limit_user_check(); > > > - > > >   do { > > >   if (likely(thread_flags & _TIF_NEED_RESCHED)) { > > >   schedule(); > > > + } else if (thread_flags & _TIF_FSCHECK) { > > > + addr_limit_user_check(); > > >   } else { > > >   if (unlikely(!user_mode(regs))) > > >   return 0; > > This does seem to work, it no longer hangs on boot in my setup. This is > > obviously only a very superficial test. > > > > The new location of this check seems weird, it's not clear why it > > should be on an else path. Perhaps it should be moved to right before > > where current_thread_info()->flags is fetched again? > I was hitting bug when I tried that.I think that's because you > basically let the signal handler do pending work before you check the > flag, that's not a good idea. > > If the purpose is hardening against buggy kernel code doing bad set_fs > > calls shouldn't this flag also be checked before looking at > > TIF_NEED_RESCHED and calling schedule()? > I am not sure to be honest. I expected schedule to only schedule the > processor to another task which would be fine given only the current > task have a bogus fs. I will put it first in case there is an edge > case scenario I missed. > > What do you think? Let me know and I will look at changes all > architectures and testing them. I don't know and I'd rather not guess on security issues. It's better if someone else reviews the code. Unless there is a very quick fix maybe this series should be removed or reverted from linux-next? A diagnosis of "system calls can sometimes hang on return" seems serious even for linux-next. Since it happens very rarely in most setups I can easily imagine somebody spending a lot of time digging at this. -- Regards, Leonard