Re: [PATCH v4.9.y 10/42] arm64: futex: Mask __user pointers prior to dereference

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg KH <greg@kroah.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: stable@vger.kernel.org, mark.brown@linaro.org,
	ard.biesheuvel@linaro.org, marc.zyngier@arm.com,
	will.deacon@arm.com, catalin.marinas@arm.com,
	ghackmann@google.com, shankerd@codeaurora.org
Subject: Re: [PATCH v4.9.y 10/42] arm64: futex: Mask __user pointers prior to dereference
Date: Tue, 17 Apr 2018 14:10:03 +0200	[thread overview]
Message-ID: <20180417121003.GA10401@kroah.com> (raw)
In-Reply-To: <20180412111138.40990-11-mark.rutland@arm.com>

On Thu, Apr 12, 2018 at 12:11:06PM +0100, Mark Rutland wrote:
> From: Will Deacon <will.deacon@arm.com>
> 
> commit 91b2d3442f6a44dce875670d702af22737ad5eff upstream.
> 
> The arm64 futex code has some explicit dereferencing of user pointers
> where performing atomic operations in response to a futex command. This
> patch uses masking to limit any speculative futex operations to within
> the user address space.
> 
> Signed-off-by: Will Deacon <will.deacon@arm.com>
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Mark Rutland <mark.rutland@arm.com> [v4.9 backport]
> Tested-by: Greg Hackmann <ghackmann@google.com>
> ---
>  arch/arm64/include/asm/futex.h | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h
> index f2585cdd32c2..1d123dd01ee0 100644
> --- a/arch/arm64/include/asm/futex.h
> +++ b/arch/arm64/include/asm/futex.h
> @@ -51,13 +51,14 @@
>  	: "memory")
>  
>  static inline int
> -futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
> +futex_atomic_op_inuser (int encoded_op, u32 __user *_uaddr)
>  {
>  	int op = (encoded_op >> 28) & 7;
>  	int cmp = (encoded_op >> 24) & 15;
>  	int oparg = (encoded_op << 8) >> 20;
>  	int cmparg = (encoded_op << 20) >> 20;
>  	int oldval = 0, ret, tmp;
> +	u32 __user *uaddr = __uaccess_mask_ptr(_uaddr);
>  
>  	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
>  		oparg = 1 << oparg;
> @@ -109,15 +110,17 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
>  }
>  
>  static inline int
> -futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
> +futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *_uaddr,
>  			      u32 oldval, u32 newval)
>  {
>  	int ret = 0;
>  	u32 val, tmp;
> +	u32 __user *uaddr;
>  
> -	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
> +	if (!access_ok(VERIFY_WRITE, _uaddr, sizeof(u32)))
>  		return -EFAULT;
>  
> +	uaddr = __uaccess_mask_ptr(_uaddr);
>  	asm volatile("// futex_atomic_cmpxchg_inatomic\n"
>  ALTERNATIVE("nop", SET_PSTATE_PAN(0), ARM64_HAS_PAN, CONFIG_ARM64_PAN)
>  "	prfm	pstl1strm, %2\n"

This patch doesn't apply at all as it conflicts with commit
d7c5f8c815466fc00785bbff20f25b39643abe01 which was commit 5f16a046f8e1
("arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT
usage") upstream.

Any chance you can provide a correct backport of this?

thanks,

greg k-h

next prev parent reply	other threads:[~2018-04-17 12:10 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-12 11:10 [PATCH v4.9.y 00/42] arm64 spectre patches Mark Rutland
2018-04-12 11:10 ` [PATCH v4.9.y 01/42] arm64: barrier: Add CSDB macros to control data-value prediction Mark Rutland
2018-04-12 11:10 ` [PATCH v4.9.y 02/42] arm64: Implement array_index_mask_nospec() Mark Rutland
2018-04-12 11:10 ` [PATCH v4.9.y 03/42] arm64: move TASK_* definitions to <asm/processor.h> Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 04/42] arm64: Make USER_DS an inclusive limit Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 05/42] arm64: Use pointer masking to limit uaccess speculation Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 06/42] arm64: entry: Ensure branch through syscall table is bounded under speculation Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 07/42] arm64: uaccess: Prevent speculative use of the current addr_limit Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 08/42] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 09/42] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 10/42] arm64: futex: Mask __user pointers prior to dereference Mark Rutland
2018-04-17 12:10   ` Greg KH [this message]
2018-04-18 10:56     ` Mark Rutland
2018-04-19  7:02       ` Greg KH
2018-04-12 11:11 ` [PATCH v4.9.y 11/42] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 12/42] arm64: Run enable method for errata work arounds on late CPUs Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 13/42] arm64: cpufeature: Pass capability structure to ->enable callback Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 14/42] drivers/firmware: Expose psci_get_version through psci_ops structure Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 15/42] arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 16/42] arm64: Move post_ttbr_update_workaround to C code Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 17/42] arm64: Add skeleton to harden the branch predictor against aliasing attacks Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 18/42] arm64: Move BP hardening to check_and_switch_context Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 19/42] mm: Introduce lm_alias Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 20/42] arm64: KVM: Use per-CPU vector when BP hardening is enabled Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 21/42] arm64: entry: Apply BP hardening for high-priority synchronous exceptions Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 22/42] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 23/42] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 24/42] arm64: cpu_errata: Allow an erratum to be match for all revisions of a core Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 25/42] arm64: Implement branch predictor hardening for affected Cortex-A CPUs Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 26/42] arm64: Branch predictor hardening for Cavium ThunderX2 Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 27/42] arm64: KVM: Increment PC after handling an SMC trap Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 28/42] arm/arm64: KVM: Consolidate the PSCI include files Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 29/42] arm/arm64: KVM: Add PSCI_VERSION helper Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 30/42] arm/arm64: KVM: Add smccc accessors to PSCI code Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 31/42] arm/arm64: KVM: Implement PSCI 1.0 support Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 32/42] arm/arm64: KVM: Advertise SMCCC v1.1 Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 33/42] arm64: KVM: Make PSCI_VERSION a fast path Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 34/42] arm/arm64: KVM: Turn kvm_psci_version into a static inline Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 35/42] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 36/42] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 37/42] firmware/psci: Expose PSCI conduit Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 38/42] firmware/psci: Expose SMCCC version through psci_ops Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 39/42] arm/arm64: smccc: Make function identifiers an unsigned quantity Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 40/42] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 41/42] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support Mark Rutland
2018-04-12 11:11 ` [PATCH v4.9.y 42/42] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround Mark Rutland
2018-04-12 16:39 ` [PATCH v4.9.y 00/42] arm64 spectre patches Greg Hackmann
2018-04-17 12:15 ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180417121003.GA10401@kroah.com \
    --to=greg@kroah.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=catalin.marinas@arm.com \
    --cc=ghackmann@google.com \
    --cc=marc.zyngier@arm.com \
    --cc=mark.brown@linaro.org \
    --cc=mark.rutland@arm.com \
    --cc=shankerd@codeaurora.org \
    --cc=stable@vger.kernel.org \
    --cc=will.deacon@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).