| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Feb 2019 17:59:33 +0000
From: Will Deacon <will.deacon@....com>
To: linux-kernel@...r.kernel.org
Cc: Will Deacon <will.deacon@....com>,
Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Matthew Wilcox <willy@...radead.org>,
Michal Hocko <mhocko@...e.com>,
Peter Zijlstra <peterz@...radead.org>
Subject: [RFC PATCH 2/4] mm: Expose user stack pointer checking via prctl()
Hook up a prctl() option to control the level of user stack pointer
checking for the current task. By default, no checking is performed, but
checks can be independently controlled for system calls and page faults.
The option is inherited across fork() and preserved across exec().
Cc: Kees Cook <keescook@...omium.org>
Cc: Jann Horn <jannh@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Matthew Wilcox <willy@...radead.org>
Cc: Michal Hocko <mhocko@...e.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Signed-off-by: Will Deacon <will.deacon@....com>
---
include/linux/mm.h | 5 +++++
include/uapi/linux/prctl.h | 5 +++++
kernel/sys.c | 5 +++++
mm/memory.c | 22 ++++++++++++++++++++++
4 files changed, 37 insertions(+)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 9fa02d47a270..7a668447c01f 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1483,8 +1483,13 @@ int generic_error_remove_page(struct address_space *mapping, struct page *page);
int invalidate_inode_page(struct page *page);
#ifdef CONFIG_USER_STACK_POINTER_CHECKS
+long prctl_sp_check(struct task_struct *tsk, unsigned long flags);
bool usp_check_syscall(void);
#else
+static inline long prctl_sp_check(struct task_struct *tsk, unsigned long flags)
+{
+ return -EINVAL;
+}
static inline bool usp_check_syscall(void) { return true; }
#endif
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index b4875a93363a..3c4d93856f2a 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -228,4 +228,9 @@ struct prctl_mm_map {
# define PR_PAC_APDBKEY (1UL << 3)
# define PR_PAC_APGAKEY (1UL << 4)
+/* User stack pointer sanity checking */
+#define PR_SP_CHECK 55
+# define PR_SP_CHECK_PAGE_FAULT (1UL << 0)
+# define PR_SP_CHECK_SYSCALL (1UL << 1)
+
#endif /* _LINUX_PRCTL_H */
diff --git a/kernel/sys.c b/kernel/sys.c
index f7eb62eceb24..bd507eebed54 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2485,6 +2485,11 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
return -EINVAL;
error = PAC_RESET_KEYS(me, arg2);
break;
+ case PR_SP_CHECK:
+ if (arg3 || arg4 || arg5)
+ return -EINVAL;
+ error = prctl_sp_check(me, arg2);
+ break;
default:
error = -EINVAL;
break;
diff --git a/mm/memory.c b/mm/memory.c
index e0b449f520da..700d9fd03c88 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -71,6 +71,7 @@
#include <linux/userfaultfd_k.h>
#include <linux/dax.h>
#include <linux/oom.h>
+#include <linux/prctl.h>
#include <asm/io.h>
#include <asm/mmu_context.h>
@@ -3949,6 +3950,27 @@ bool usp_check_syscall(void)
up_read(&mm->mmap_sem);
return ret;
}
+
+long prctl_sp_check(struct task_struct *tsk, unsigned long flags)
+{
+ if (flags & ~(PR_SP_CHECK_PAGE_FAULT | PR_SP_CHECK_SYSCALL))
+ return -EINVAL;
+
+ if (flags & PR_SP_CHECK_PAGE_FAULT)
+ tsk->usp_checks |= USP_CHECK_FAULT;
+ else
+ tsk->usp_checks &= ~USP_CHECK_FAULT;
+
+ if (flags & PR_SP_CHECK_SYSCALL) {
+ if (!IS_ENABLED(CONFIG_ARCH_HAS_USP_CHECK_SYSCALL))
+ return -EINVAL;
+ tsk->usp_checks |= USP_CHECK_SYSCALL;
+ } else {
+ tsk->usp_checks &= ~USP_CHECK_SYSCALL;
+ }
+
+ return 0;
+}
#else
static bool usp_check_fault(unsigned int flags) { return true; }
#endif
--
2.11.0
Powered by blists - more mailing lists