Commit-ID: bf29ed1567b67854dc13504f685c45a2ea9b2081 Gitweb: http://git.kernel.org/tip/bf29ed1567b67854dc13504f685c45a2ea9b2081 Author: Thomas Garnier <thgar...@google.com> AuthorDate: Thu, 7 Sep 2017 08:30:44 -0700 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate: Sun, 17 Sep 2017 19:45:32 +0200
syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check Use CHECK_DATA_CORRUPTION instead of BUG_ON to provide more flexibility on address limit failures. By default, send a SIGKILL signal to kill the current process preventing exploitation of a bad address limit. Make the TIF_FSCHECK flag optional so ARM can use this function. Signed-off-by: Thomas Garnier <thgar...@google.com> Signed-off-by: Kees Cook <keesc...@chromium.org> Signed-off-by: Thomas Gleixner <t...@linutronix.de> Cc: Pratyush Anand <pan...@redhat.com> Cc: Dave Martin <dave.mar...@arm.com> Cc: Will Drewry <w...@chromium.org> Cc: Arnd Bergmann <a...@arndb.de> Cc: Catalin Marinas <catalin.mari...@arm.com> Cc: Will Deacon <will.dea...@arm.com> Cc: Russell King <li...@armlinux.org.uk> Cc: Andy Lutomirski <l...@amacapital.net> Cc: David Howells <dhowe...@redhat.com> Cc: Dave Hansen <dave.han...@intel.com> Cc: Al Viro <v...@zeniv.linux.org.uk> Cc: linux-...@vger.kernel.org Cc: Yonghong Song <y...@fb.com> Cc: linux-arm-ker...@lists.infradead.org Link: http://lkml.kernel.org/r/1504798247-48833-2-git-send-email-keesc...@chromium.org --- include/linux/syscalls.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 95606a2..a78186d 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -221,21 +221,25 @@ static inline int is_syscall_trace_event(struct trace_event_call *tp_event) } \ static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__)) -#ifdef TIF_FSCHECK /* * Called before coming back to user-mode. Returning to user-mode with an * address limit different than USER_DS can allow to overwrite kernel memory. */ static inline void addr_limit_user_check(void) { - +#ifdef TIF_FSCHECK if (!test_thread_flag(TIF_FSCHECK)) return; +#endif - BUG_ON(!segment_eq(get_fs(), USER_DS)); + if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS), + "Invalid address limit on user-mode return")) + force_sig(SIGKILL, current); + +#ifdef TIF_FSCHECK clear_thread_flag(TIF_FSCHECK); -} #endif +} asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special, qid_t id, void __user *addr);