From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1621C43331 for ; Wed, 13 Nov 2019 01:54:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 97D7F2245A for ; Wed, 13 Nov 2019 01:54:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573610051; bh=ccBzI2Hxcp+UN6EicYvhJ9LXXZoZN5mA1p4W63Ng3vg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=p2M7D3Phk2ty5rQ9FESUxvksToHMXABtkXbohVtYq8SwYwlAoORUBiSY/fBG+lAhj lbQbP2cwHJJWhoBFCsPY23dwOmHl5b91p/93JTzrwKM/ZcyJ+h1qJLfYWwHiXMjuCa nIemoSnBK4uuDEq0fJOOoANjfTrq3S6qrDEM/uCY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728774AbfKMByK (ORCPT ); Tue, 12 Nov 2019 20:54:10 -0500 Received: from mail.kernel.org ([198.145.29.99]:44592 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728771AbfKMByK (ORCPT ); Tue, 12 Nov 2019 20:54:10 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A735B20674; Wed, 13 Nov 2019 01:54:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1573610049; bh=ccBzI2Hxcp+UN6EicYvhJ9LXXZoZN5mA1p4W63Ng3vg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aXAFnsfn5zsn/L0JGxpq7uExFgBcRndNIDRqFcqrzw0BHpWX3NQAHNZbUPapHxDdj C/5Z3C3669CCwD/LfMdae+sP3s1yv3UC0DIbXnGruGwwXmITh36Di/N1qLNjlwNlc5 extz/w9v0rRYCZOjTkIL9QdqFyqpBMQfLfL/HrCQ= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Andy Lutomirski , "Chang S . Bae" , Andy Lutomirski , Borislav Petkov , Brian Gerst , Dave Hansen , Denys Vlasenko , "H . Peter Anvin" , Linus Torvalds , Markus T Metzger , Peter Zijlstra , Ravi Shankar , Rik van Riel , Thomas Gleixner , Ingo Molnar , Sasha Levin Subject: [PATCH AUTOSEL 4.19 136/209] x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately Date: Tue, 12 Nov 2019 20:49:12 -0500 Message-Id: <20191113015025.9685-136-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191113015025.9685-1-sashal@kernel.org> References: <20191113015025.9685-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Andy Lutomirski [ Upstream commit 07e1d88adaaeab247b300926f78cc3f950dbeda3 ] On 64-bit kernels ptrace can read the FS/GS base using the register access APIs (PTRACE_PEEKUSER, etc.) or PTRACE_ARCH_PRCTL. Make both of these mechanisms return the actual FS/GS base. This will improve debuggability by providing the correct information to ptracer such as GDB. [ chang: Rebased and revised patch description. ] [ mingo: Revised the changelog some more. ] Signed-off-by: Andy Lutomirski Signed-off-by: Chang S. Bae Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Dave Hansen Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Markus T Metzger Cc: Peter Zijlstra Cc: Ravi Shankar Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537312139-5580-2-git-send-email-chang.seok.bae@intel.com Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin --- arch/x86/kernel/ptrace.c | 62 +++++++++++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 516ec7586a5fb..8d4d506453106 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -40,6 +40,7 @@ #include #include #include +#include #include "tls.h" @@ -343,6 +344,49 @@ static int set_segment_reg(struct task_struct *task, return 0; } +static unsigned long task_seg_base(struct task_struct *task, + unsigned short selector) +{ + unsigned short idx = selector >> 3; + unsigned long base; + + if (likely((selector & SEGMENT_TI_MASK) == 0)) { + if (unlikely(idx >= GDT_ENTRIES)) + return 0; + + /* + * There are no user segments in the GDT with nonzero bases + * other than the TLS segments. + */ + if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) + return 0; + + idx -= GDT_ENTRY_TLS_MIN; + base = get_desc_base(&task->thread.tls_array[idx]); + } else { +#ifdef CONFIG_MODIFY_LDT_SYSCALL + struct ldt_struct *ldt; + + /* + * If performance here mattered, we could protect the LDT + * with RCU. This is a slow path, though, so we can just + * take the mutex. + */ + mutex_lock(&task->mm->context.lock); + ldt = task->mm->context.ldt; + if (unlikely(idx >= ldt->nr_entries)) + base = 0; + else + base = get_desc_base(ldt->entries + idx); + mutex_unlock(&task->mm->context.lock); +#else + base = 0; +#endif + } + + return base; +} + #endif /* CONFIG_X86_32 */ static unsigned long get_flags(struct task_struct *task) @@ -436,18 +480,16 @@ static unsigned long getreg(struct task_struct *task, unsigned long offset) #ifdef CONFIG_X86_64 case offsetof(struct user_regs_struct, fs_base): { - /* - * XXX: This will not behave as expected if called on - * current or if fsindex != 0. - */ - return task->thread.fsbase; + if (task->thread.fsindex == 0) + return task->thread.fsbase; + else + return task_seg_base(task, task->thread.fsindex); } case offsetof(struct user_regs_struct, gs_base): { - /* - * XXX: This will not behave as expected if called on - * current or if fsindex != 0. - */ - return task->thread.gsbase; + if (task->thread.gsindex == 0) + return task->thread.gsbase; + else + return task_seg_base(task, task->thread.gsindex); } #endif } -- 2.20.1