Re: [PATCH 00/20] objtool: UACCESS validation v3

Thu, 07 Mar 2019 09:15:52 -0800 

On March 7, 2019 3:45:11 AM PST, Peter Zijlstra <pet...@infradead.org> wrote:
>Teach objtool to validate the UACCESS (SMAP, PAN) rules with are
>currently
>unenforced and (therefore obviously) violated.
>
>UACCESS sections should be small; we want to limit the amount of code
>that can
>touch userspace. Furthermore, UACCESS state isn't scheduled, this means
>that
>anything that directly calls into the scheduler will result in random
>code
>running with UACCESS enabled and possibly getting back into the UACCESS
>region
>with UACCESS disabled and causing faults.
>
>Forbid any CALL/RET while UACCESS is enabled; but provide a few
>exceptions.
>
>This builds x86_64-allmodconfig clean, and I've only got a few
>randconfig
>failures left (GCC-8) that I'm not quite understanding.
>
>---
> arch/x86/ia32/ia32_signal.c                |  29 ++-
> arch/x86/include/asm/asm.h                 |  24 --
> arch/x86/include/asm/nospec-branch.h       |   4 +-
> arch/x86/include/asm/smap.h                |  20 ++
> arch/x86/include/asm/uaccess.h             |   5 +-
> arch/x86/include/asm/uaccess_64.h          |   3 -
> arch/x86/include/asm/xen/hypercall.h       |  26 +-
> arch/x86/kernel/signal.c                   |   2 +-
> arch/x86/lib/copy_user_64.S                |  48 ++++
> arch/x86/lib/memcpy_64.S                   |   3 +-
> arch/x86/lib/usercopy_64.c                 |  20 --
> drivers/gpu/drm/i915/i915_gem_execbuffer.c |   6 +-
> include/linux/uaccess.h                    |   2 +
> kernel/trace/trace_branch.c                |   4 +
> lib/Makefile                               |   1 +
> lib/ubsan.c                                |   4 +
> mm/kasan/Makefile                          |   3 +
> mm/kasan/common.c                          |  10 +
> mm/kasan/report.c                          |   3 +-
> scripts/Makefile.build                     |   3 +
> tools/objtool/Makefile                     |   2 +-
> tools/objtool/arch.h                       |   8 +-
> tools/objtool/arch/x86/decode.c            |  26 +-
> tools/objtool/builtin-check.c              |   4 +-
> tools/objtool/builtin.h                    |   2 +-
>tools/objtool/check.c                      | 382
>++++++++++++++++++++++-------
> tools/objtool/check.h                      |   4 +-
> tools/objtool/elf.c                        |  15 +-
> tools/objtool/elf.h                        |   3 +-
> tools/objtool/special.c                    |  10 +-
> tools/objtool/warn.h                       |   8 +
> 31 files changed, 511 insertions(+), 173 deletions(-)
>
>
> 

This is phenomenal. Thank you so much for digging into this. I'm hoping this 
will greatly reduce the risk of future leakage.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Reply via email to