lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220310111545.10852-6-bharata@amd.com>
Date:   Thu, 10 Mar 2022 16:45:44 +0530
From:   Bharata B Rao <bharata@....com>
To:     <linux-kernel@...r.kernel.org>
CC:     <linux-mm@...ck.org>, <x86@...nel.org>,
        <kirill.shutemov@...ux.intel.com>, <tglx@...utronix.de>,
        <mingo@...hat.com>, <bp@...en8.de>, <dave.hansen@...ux.intel.com>,
        <catalin.marinas@....com>, <will@...nel.org>, <shuah@...nel.org>,
        <oleg@...hat.com>, <ananth.narayan@....com>,
        "Bharata B Rao" <bharata@....com>
Subject: [RFC PATCH v0 5/6] x86: Untag user pointers in access_ok()

This is a preparatory work to allow passing of tagged user
pointers (with a top few bits other than zeroes) as syscall
arguments.

Since user can provide tagged pointer to syscalls they need
to be untagged before validating them in access_ok().
Untagging is done only if flag TIF_TAGGED_ADDR is set for
the thread. This is set via prctl() option which will be
introduced in a subsequent patch.

get_user() and put_user() don't use access_ok(), but check
access against TASK_SIZE direcly in assembly. Strip tags,
before calling into the assembly helper.

[kirill.shutemov@...ux.intel.com - get/put_user() changes]

Signed-off-by: Bharata B Rao <bharata@....com>
---
 arch/x86/include/asm/thread_info.h |  2 ++
 arch/x86/include/asm/uaccess.h     | 28 +++++++++++++++++++++-------
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index ebec69c35e95..c786103a5325 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -101,6 +101,7 @@ struct thread_info {
 #define TIF_BLOCKSTEP		25	/* set when we want DEBUGCTLMSR_BTF */
 #define TIF_LAZY_MMU_UPDATES	27	/* task is updating the mmu lazily */
 #define TIF_ADDR32		29	/* 32-bit address space on 64 bits */
+#define TIF_TAGGED_ADDR		30	/* Allow tagged user addresses */
 
 #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
 #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
@@ -124,6 +125,7 @@ struct thread_info {
 #define _TIF_BLOCKSTEP		(1 << TIF_BLOCKSTEP)
 #define _TIF_LAZY_MMU_UPDATES	(1 << TIF_LAZY_MMU_UPDATES)
 #define _TIF_ADDR32		(1 << TIF_ADDR32)
+#define _TIF_TAGGED_ADDR	(1 << TIF_TAGGED_ADDR)
 
 /* flags to check in __switch_to() */
 #define _TIF_WORK_CTXSW_BASE					\
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index ac96f9b2d64b..feb2e21c7e09 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -35,11 +35,15 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
 	return unlikely(addr > limit);
 }
 
-#define __range_not_ok(addr, size, limit)				\
-({									\
-	__chk_user_ptr(addr);						\
-	__chk_range_not_ok((unsigned long __force)(addr), size, limit); \
-})
+static inline bool __range_not_ok(const void __user *addr, unsigned long size,
+				  unsigned long limit)
+{
+	if (test_thread_flag(TIF_TAGGED_ADDR))
+		addr = untagged_addr(addr);
+
+	__chk_user_ptr(addr);
+	return __chk_range_not_ok((unsigned long __force)(addr), size, limit);
+}
 
 #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
 static inline bool pagefault_disabled(void);
@@ -152,7 +156,12 @@ extern int __get_user_bad(void);
  * Return: zero on success, or -EFAULT on error.
  * On error, the variable @x is set to zero.
  */
-#define get_user(x,ptr) ({ might_fault(); do_get_user_call(get_user,x,ptr); })
+#define get_user(x,ptr)							\
+({									\
+	__typeof__(*(ptr)) *ptr_untagged = untagged_ptr(ptr);		\
+	might_fault();							\
+	do_get_user_call(get_user,x,ptr_untagged);			\
+})
 
 /**
  * __get_user - Get a simple variable from user space, with less checking.
@@ -249,7 +258,12 @@ extern void __put_user_nocheck_8(void);
  *
  * Return: zero on success, or -EFAULT on error.
  */
-#define put_user(x, ptr) ({ might_fault(); do_put_user_call(put_user,x,ptr); })
+#define put_user(x, ptr)						\
+({									\
+	__typeof__(*(ptr)) *ptr_untagged = untagged_ptr(ptr);		\
+	might_fault();							\
+	do_put_user_call(put_user,x,ptr_untagged);			\
+})
 
 /**
  * __put_user - Write a simple value into user space, with less checking.
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ