Re: [PATCH 00/20] objtool: UACCESS validation v3
From: hpa
Date: Thu Mar 07 2019 - 12:15:44 EST
On March 7, 2019 3:45:11 AM PST, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>Teach objtool to validate the UACCESS (SMAP, PAN) rules with are
>currently
>unenforced and (therefore obviously) violated.
>
>UACCESS sections should be small; we want to limit the amount of code
>that can
>touch userspace. Furthermore, UACCESS state isn't scheduled, this means
>that
>anything that directly calls into the scheduler will result in random
>code
>running with UACCESS enabled and possibly getting back into the UACCESS
>region
>with UACCESS disabled and causing faults.
>
>Forbid any CALL/RET while UACCESS is enabled; but provide a few
>exceptions.
>
>This builds x86_64-allmodconfig clean, and I've only got a few
>randconfig
>failures left (GCC-8) that I'm not quite understanding.
>
>---
> arch/x86/ia32/ia32_signal.c | 29 ++-
> arch/x86/include/asm/asm.h | 24 --
> arch/x86/include/asm/nospec-branch.h | 4 +-
> arch/x86/include/asm/smap.h | 20 ++
> arch/x86/include/asm/uaccess.h | 5 +-
> arch/x86/include/asm/uaccess_64.h | 3 -
> arch/x86/include/asm/xen/hypercall.h | 26 +-
> arch/x86/kernel/signal.c | 2 +-
> arch/x86/lib/copy_user_64.S | 48 ++++
> arch/x86/lib/memcpy_64.S | 3 +-
> arch/x86/lib/usercopy_64.c | 20 --
> drivers/gpu/drm/i915/i915_gem_execbuffer.c | 6 +-
> include/linux/uaccess.h | 2 +
> kernel/trace/trace_branch.c | 4 +
> lib/Makefile | 1 +
> lib/ubsan.c | 4 +
> mm/kasan/Makefile | 3 +
> mm/kasan/common.c | 10 +
> mm/kasan/report.c | 3 +-
> scripts/Makefile.build | 3 +
> tools/objtool/Makefile | 2 +-
> tools/objtool/arch.h | 8 +-
> tools/objtool/arch/x86/decode.c | 26 +-
> tools/objtool/builtin-check.c | 4 +-
> tools/objtool/builtin.h | 2 +-
>tools/objtool/check.c | 382
>++++++++++++++++++++++-------
> tools/objtool/check.h | 4 +-
> tools/objtool/elf.c | 15 +-
> tools/objtool/elf.h | 3 +-
> tools/objtool/special.c | 10 +-
> tools/objtool/warn.h | 8 +
> 31 files changed, 511 insertions(+), 173 deletions(-)
>
>
>
This is phenomenal. Thank you so much for digging into this. I'm hoping this will greatly reduce the risk of future leakage.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.