lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 May 2019 16:15:00 +0200 From: Marco Elver <elver@...gle.com> To: peterz@...radead.org, aryabinin@...tuozzo.com, dvyukov@...gle.com, glider@...gle.com, andreyknvl@...gle.com, mark.rutland@....com Cc: corbet@....net, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com, x86@...nel.org, arnd@...db.de, jpoimboe@...hat.com, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, kasan-dev@...glegroups.com, Marco Elver <elver@...gle.com> Subject: [PATCH 2/3] x86: Move CPU feature test out of uaccess region This patch is a pre-requisite for enabling KASAN bitops instrumentation: moves boot_cpu_has feature test out of the uaccess region, as boot_cpu_has uses test_bit. With instrumentation, the KASAN check would otherwise be flagged by objtool. This approach is preferred over adding the explicit kasan_check_* functions to the uaccess whitelist of objtool, as the case here appears to be the only one. Signed-off-by: Marco Elver <elver@...gle.com> --- v1: * This patch replaces patch: 'tools/objtool: add kasan_check_* to uaccess whitelist' --- arch/x86/ia32/ia32_signal.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c index 629d1ee05599..12264e3c9c43 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c @@ -333,6 +333,7 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, void __user *restorer; int err = 0; void __user *fpstate = NULL; + bool has_xsave; /* __copy_to_user optimizes that into a single 8 byte store */ static const struct { @@ -352,13 +353,19 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, if (!access_ok(frame, sizeof(*frame))) return -EFAULT; + /* + * Move non-uaccess accesses out of uaccess region if not strictly + * required; this also helps avoid objtool flagging these accesses with + * instrumentation enabled. + */ + has_xsave = boot_cpu_has(X86_FEATURE_XSAVE); put_user_try { put_user_ex(sig, &frame->sig); put_user_ex(ptr_to_compat(&frame->info), &frame->pinfo); put_user_ex(ptr_to_compat(&frame->uc), &frame->puc); /* Create the ucontext. */ - if (boot_cpu_has(X86_FEATURE_XSAVE)) + if (has_xsave) put_user_ex(UC_FP_XSTATE, &frame->uc.uc_flags); else put_user_ex(0, &frame->uc.uc_flags); -- 2.22.0.rc1.257.g3120a18244-goog
Powered by blists - more mailing lists