| Message ID | 20211208044808.872554-6-pcc@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | kernel: introduce uaccess logging | expand |
On Wed, 8 Dec 2021 at 05:48, Peter Collingbourne <pcc@google.com> wrote: > > arm64 does not use CONFIG_GENERIC_ENTRY, so add the support for > uaccess logging directly to the architecture. > > Link: https://linux-review.googlesource.com/id/I88de539fb9c4a9d27fa8cccbe201a6e4382faf89 > Signed-off-by: Peter Collingbourne <pcc@google.com> > --- > arch/arm64/Kconfig | 1 + > arch/arm64/include/asm/thread_info.h | 7 ++++++- > arch/arm64/kernel/ptrace.c | 7 +++++++ > arch/arm64/kernel/signal.c | 5 +++++ > arch/arm64/kernel/syscall.c | 1 + > 5 files changed, 20 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index c4207cf9bb17..6023946abe4a 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -161,6 +161,7 @@ config ARM64 > select HAVE_ARCH_THREAD_STRUCT_WHITELIST > select HAVE_ARCH_TRACEHOOK > select HAVE_ARCH_TRANSPARENT_HUGEPAGE > + select HAVE_ARCH_UACCESS_BUFFER > select HAVE_ARCH_VMAP_STACK > select HAVE_ARM_SMCCC > select HAVE_ASM_MODVERSIONS > diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h > index e1317b7c4525..0461b36251ea 100644 > --- a/arch/arm64/include/asm/thread_info.h > +++ b/arch/arm64/include/asm/thread_info.h > @@ -82,6 +82,8 @@ int arch_dup_task_struct(struct task_struct *dst, > #define TIF_SVE_VL_INHERIT 24 /* Inherit SVE vl_onexec across exec */ > #define TIF_SSBD 25 /* Wants SSB mitigation */ > #define TIF_TAGGED_ADDR 26 /* Allow tagged user addresses */ > +#define TIF_UACCESS_BUFFER_ENTRY 27 /* thread has non-zero uaccess_desc_addr_addr */ > +#define TIF_UACCESS_BUFFER_EXIT 28 /* thread has non-zero kcur */ > > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) > @@ -98,6 +100,8 @@ int arch_dup_task_struct(struct task_struct *dst, > #define _TIF_SVE (1 << TIF_SVE) > #define _TIF_MTE_ASYNC_FAULT (1 << TIF_MTE_ASYNC_FAULT) > #define _TIF_NOTIFY_SIGNAL (1 << TIF_NOTIFY_SIGNAL) > +#define _TIF_UACCESS_BUFFER_ENTRY (1 << TIF_UACCESS_BUFFER_ENTRY) > +#define _TIF_UACCESS_BUFFER_EXIT (1 << TIF_UACCESS_BUFFER_EXIT) > > #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ > _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \ > @@ -106,7 +110,8 @@ int arch_dup_task_struct(struct task_struct *dst, > > #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ > _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \ > - _TIF_SYSCALL_EMU) > + _TIF_SYSCALL_EMU | _TIF_UACCESS_BUFFER_ENTRY | \ > + _TIF_UACCESS_BUFFER_EXIT) > > #ifdef CONFIG_SHADOW_CALL_STACK > #define INIT_SCS \ > diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c > index 88a9034fb9b5..283372eccaeb 100644 > --- a/arch/arm64/kernel/ptrace.c > +++ b/arch/arm64/kernel/ptrace.c > @@ -29,6 +29,7 @@ > #include <linux/regset.h> > #include <linux/tracehook.h> > #include <linux/elf.h> > +#include <linux/uaccess-buffer.h> > > #include <asm/compat.h> > #include <asm/cpufeature.h> > @@ -1854,6 +1855,9 @@ int syscall_trace_enter(struct pt_regs *regs) > if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) > trace_sys_enter(regs, regs->syscallno); > > + if (flags & _TIF_UACCESS_BUFFER_ENTRY) > + uaccess_buffer_syscall_entry(); > + > audit_syscall_entry(regs->syscallno, regs->orig_x0, regs->regs[1], > regs->regs[2], regs->regs[3]); > > @@ -1866,6 +1870,9 @@ void syscall_trace_exit(struct pt_regs *regs) > > audit_syscall_exit(regs); > > + if (flags & _TIF_UACCESS_BUFFER_EXIT) > + uaccess_buffer_syscall_exit(); > + > if (flags & _TIF_SYSCALL_TRACEPOINT) > trace_sys_exit(regs, syscall_get_return_value(current, regs)); > > diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c > index 8f6372b44b65..5bbd98e5c257 100644 > --- a/arch/arm64/kernel/signal.c > +++ b/arch/arm64/kernel/signal.c > @@ -20,6 +20,7 @@ > #include <linux/tracehook.h> > #include <linux/ratelimit.h> > #include <linux/syscalls.h> > +#include <linux/uaccess-buffer.h> > > #include <asm/daifflags.h> > #include <asm/debug-monitors.h> > @@ -919,6 +920,8 @@ static void do_signal(struct pt_regs *regs) > > void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags) > { > + bool uaccess_buffer_pending = uaccess_buffer_pre_exit_loop(); > + > do { > if (thread_flags & _TIF_NEED_RESCHED) { > /* Unmask Debug and SError for the next task */ > @@ -950,6 +953,8 @@ void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags) > local_daif_mask(); > thread_flags = READ_ONCE(current_thread_info()->flags); > } while (thread_flags & _TIF_WORK_MASK); > + > + uaccess_buffer_post_exit_loop(uaccess_buffer_pending); > } > > unsigned long __ro_after_init signal_minsigstksz; > diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c > index 50a0f1a38e84..d59022b594f2 100644 > --- a/arch/arm64/kernel/syscall.c > +++ b/arch/arm64/kernel/syscall.c > @@ -7,6 +7,7 @@ > #include <linux/ptrace.h> > #include <linux/randomize_kstack.h> > #include <linux/syscalls.h> > +#include <linux/uaccess-buffer.h> This looks strange... Does some other header miss this include? > > #include <asm/daifflags.h> > #include <asm/debug-monitors.h> > -- > 2.34.1.173.g76aa8bc2d0-goog >
On Wed, Dec 8, 2021 at 1:49 AM Dmitry Vyukov <dvyukov@google.com> wrote: > > On Wed, 8 Dec 2021 at 05:48, Peter Collingbourne <pcc@google.com> wrote: > > > > arm64 does not use CONFIG_GENERIC_ENTRY, so add the support for > > uaccess logging directly to the architecture. > > > > Link: https://linux-review.googlesource.com/id/I88de539fb9c4a9d27fa8cccbe201a6e4382faf89 > > Signed-off-by: Peter Collingbourne <pcc@google.com> > > --- > > arch/arm64/Kconfig | 1 + > > arch/arm64/include/asm/thread_info.h | 7 ++++++- > > arch/arm64/kernel/ptrace.c | 7 +++++++ > > arch/arm64/kernel/signal.c | 5 +++++ > > arch/arm64/kernel/syscall.c | 1 + > > 5 files changed, 20 insertions(+), 1 deletion(-) > > > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > > index c4207cf9bb17..6023946abe4a 100644 > > --- a/arch/arm64/Kconfig > > +++ b/arch/arm64/Kconfig > > @@ -161,6 +161,7 @@ config ARM64 > > select HAVE_ARCH_THREAD_STRUCT_WHITELIST > > select HAVE_ARCH_TRACEHOOK > > select HAVE_ARCH_TRANSPARENT_HUGEPAGE > > + select HAVE_ARCH_UACCESS_BUFFER > > select HAVE_ARCH_VMAP_STACK > > select HAVE_ARM_SMCCC > > select HAVE_ASM_MODVERSIONS > > diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h > > index e1317b7c4525..0461b36251ea 100644 > > --- a/arch/arm64/include/asm/thread_info.h > > +++ b/arch/arm64/include/asm/thread_info.h > > @@ -82,6 +82,8 @@ int arch_dup_task_struct(struct task_struct *dst, > > #define TIF_SVE_VL_INHERIT 24 /* Inherit SVE vl_onexec across exec */ > > #define TIF_SSBD 25 /* Wants SSB mitigation */ > > #define TIF_TAGGED_ADDR 26 /* Allow tagged user addresses */ > > +#define TIF_UACCESS_BUFFER_ENTRY 27 /* thread has non-zero uaccess_desc_addr_addr */ > > +#define TIF_UACCESS_BUFFER_EXIT 28 /* thread has non-zero kcur */ > > > > #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) > > #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) > > @@ -98,6 +100,8 @@ int arch_dup_task_struct(struct task_struct *dst, > > #define _TIF_SVE (1 << TIF_SVE) > > #define _TIF_MTE_ASYNC_FAULT (1 << TIF_MTE_ASYNC_FAULT) > > #define _TIF_NOTIFY_SIGNAL (1 << TIF_NOTIFY_SIGNAL) > > +#define _TIF_UACCESS_BUFFER_ENTRY (1 << TIF_UACCESS_BUFFER_ENTRY) > > +#define _TIF_UACCESS_BUFFER_EXIT (1 << TIF_UACCESS_BUFFER_EXIT) > > > > #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ > > _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \ > > @@ -106,7 +110,8 @@ int arch_dup_task_struct(struct task_struct *dst, > > > > #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ > > _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \ > > - _TIF_SYSCALL_EMU) > > + _TIF_SYSCALL_EMU | _TIF_UACCESS_BUFFER_ENTRY | \ > > + _TIF_UACCESS_BUFFER_EXIT) > > > > #ifdef CONFIG_SHADOW_CALL_STACK > > #define INIT_SCS \ > > diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c > > index 88a9034fb9b5..283372eccaeb 100644 > > --- a/arch/arm64/kernel/ptrace.c > > +++ b/arch/arm64/kernel/ptrace.c > > @@ -29,6 +29,7 @@ > > #include <linux/regset.h> > > #include <linux/tracehook.h> > > #include <linux/elf.h> > > +#include <linux/uaccess-buffer.h> > > > > #include <asm/compat.h> > > #include <asm/cpufeature.h> > > @@ -1854,6 +1855,9 @@ int syscall_trace_enter(struct pt_regs *regs) > > if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) > > trace_sys_enter(regs, regs->syscallno); > > > > + if (flags & _TIF_UACCESS_BUFFER_ENTRY) > > + uaccess_buffer_syscall_entry(); > > + > > audit_syscall_entry(regs->syscallno, regs->orig_x0, regs->regs[1], > > regs->regs[2], regs->regs[3]); > > > > @@ -1866,6 +1870,9 @@ void syscall_trace_exit(struct pt_regs *regs) > > > > audit_syscall_exit(regs); > > > > + if (flags & _TIF_UACCESS_BUFFER_EXIT) > > + uaccess_buffer_syscall_exit(); > > + > > if (flags & _TIF_SYSCALL_TRACEPOINT) > > trace_sys_exit(regs, syscall_get_return_value(current, regs)); > > > > diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c > > index 8f6372b44b65..5bbd98e5c257 100644 > > --- a/arch/arm64/kernel/signal.c > > +++ b/arch/arm64/kernel/signal.c > > @@ -20,6 +20,7 @@ > > #include <linux/tracehook.h> > > #include <linux/ratelimit.h> > > #include <linux/syscalls.h> > > +#include <linux/uaccess-buffer.h> > > > > #include <asm/daifflags.h> > > #include <asm/debug-monitors.h> > > @@ -919,6 +920,8 @@ static void do_signal(struct pt_regs *regs) > > > > void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags) > > { > > + bool uaccess_buffer_pending = uaccess_buffer_pre_exit_loop(); > > + > > do { > > if (thread_flags & _TIF_NEED_RESCHED) { > > /* Unmask Debug and SError for the next task */ > > @@ -950,6 +953,8 @@ void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags) > > local_daif_mask(); > > thread_flags = READ_ONCE(current_thread_info()->flags); > > } while (thread_flags & _TIF_WORK_MASK); > > + > > + uaccess_buffer_post_exit_loop(uaccess_buffer_pending); > > } > > > > unsigned long __ro_after_init signal_minsigstksz; > > diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c > > index 50a0f1a38e84..d59022b594f2 100644 > > --- a/arch/arm64/kernel/syscall.c > > +++ b/arch/arm64/kernel/syscall.c > > @@ -7,6 +7,7 @@ > > #include <linux/ptrace.h> > > #include <linux/randomize_kstack.h> > > #include <linux/syscalls.h> > > +#include <linux/uaccess-buffer.h> > > This looks strange... Does some other header miss this include? This was left in unintentionally. I'll remove it in v4. Peter
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index c4207cf9bb17..6023946abe4a 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -161,6 +161,7 @@ config ARM64 select HAVE_ARCH_THREAD_STRUCT_WHITELIST select HAVE_ARCH_TRACEHOOK select HAVE_ARCH_TRANSPARENT_HUGEPAGE + select HAVE_ARCH_UACCESS_BUFFER select HAVE_ARCH_VMAP_STACK select HAVE_ARM_SMCCC select HAVE_ASM_MODVERSIONS diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h index e1317b7c4525..0461b36251ea 100644 --- a/arch/arm64/include/asm/thread_info.h +++ b/arch/arm64/include/asm/thread_info.h @@ -82,6 +82,8 @@ int arch_dup_task_struct(struct task_struct *dst, #define TIF_SVE_VL_INHERIT 24 /* Inherit SVE vl_onexec across exec */ #define TIF_SSBD 25 /* Wants SSB mitigation */ #define TIF_TAGGED_ADDR 26 /* Allow tagged user addresses */ +#define TIF_UACCESS_BUFFER_ENTRY 27 /* thread has non-zero uaccess_desc_addr_addr */ +#define TIF_UACCESS_BUFFER_EXIT 28 /* thread has non-zero kcur */ #define _TIF_SIGPENDING (1 << TIF_SIGPENDING) #define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED) @@ -98,6 +100,8 @@ int arch_dup_task_struct(struct task_struct *dst, #define _TIF_SVE (1 << TIF_SVE) #define _TIF_MTE_ASYNC_FAULT (1 << TIF_MTE_ASYNC_FAULT) #define _TIF_NOTIFY_SIGNAL (1 << TIF_NOTIFY_SIGNAL) +#define _TIF_UACCESS_BUFFER_ENTRY (1 << TIF_UACCESS_BUFFER_ENTRY) +#define _TIF_UACCESS_BUFFER_EXIT (1 << TIF_UACCESS_BUFFER_EXIT) #define _TIF_WORK_MASK (_TIF_NEED_RESCHED | _TIF_SIGPENDING | \ _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \ @@ -106,7 +110,8 @@ int arch_dup_task_struct(struct task_struct *dst, #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \ - _TIF_SYSCALL_EMU) + _TIF_SYSCALL_EMU | _TIF_UACCESS_BUFFER_ENTRY | \ + _TIF_UACCESS_BUFFER_EXIT) #ifdef CONFIG_SHADOW_CALL_STACK #define INIT_SCS \ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 88a9034fb9b5..283372eccaeb 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -29,6 +29,7 @@ #include <linux/regset.h> #include <linux/tracehook.h> #include <linux/elf.h> +#include <linux/uaccess-buffer.h> #include <asm/compat.h> #include <asm/cpufeature.h> @@ -1854,6 +1855,9 @@ int syscall_trace_enter(struct pt_regs *regs) if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) trace_sys_enter(regs, regs->syscallno); + if (flags & _TIF_UACCESS_BUFFER_ENTRY) + uaccess_buffer_syscall_entry(); + audit_syscall_entry(regs->syscallno, regs->orig_x0, regs->regs[1], regs->regs[2], regs->regs[3]); @@ -1866,6 +1870,9 @@ void syscall_trace_exit(struct pt_regs *regs) audit_syscall_exit(regs); + if (flags & _TIF_UACCESS_BUFFER_EXIT) + uaccess_buffer_syscall_exit(); + if (flags & _TIF_SYSCALL_TRACEPOINT) trace_sys_exit(regs, syscall_get_return_value(current, regs)); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 8f6372b44b65..5bbd98e5c257 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -20,6 +20,7 @@ #include <linux/tracehook.h> #include <linux/ratelimit.h> #include <linux/syscalls.h> +#include <linux/uaccess-buffer.h> #include <asm/daifflags.h> #include <asm/debug-monitors.h> @@ -919,6 +920,8 @@ static void do_signal(struct pt_regs *regs) void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags) { + bool uaccess_buffer_pending = uaccess_buffer_pre_exit_loop(); + do { if (thread_flags & _TIF_NEED_RESCHED) { /* Unmask Debug and SError for the next task */ @@ -950,6 +953,8 @@ void do_notify_resume(struct pt_regs *regs, unsigned long thread_flags) local_daif_mask(); thread_flags = READ_ONCE(current_thread_info()->flags); } while (thread_flags & _TIF_WORK_MASK); + + uaccess_buffer_post_exit_loop(uaccess_buffer_pending); } unsigned long __ro_after_init signal_minsigstksz; diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c index 50a0f1a38e84..d59022b594f2 100644 --- a/arch/arm64/kernel/syscall.c +++ b/arch/arm64/kernel/syscall.c @@ -7,6 +7,7 @@ #include <linux/ptrace.h> #include <linux/randomize_kstack.h> #include <linux/syscalls.h> +#include <linux/uaccess-buffer.h> #include <asm/daifflags.h> #include <asm/debug-monitors.h>
arm64 does not use CONFIG_GENERIC_ENTRY, so add the support for uaccess logging directly to the architecture. Link: https://linux-review.googlesource.com/id/I88de539fb9c4a9d27fa8cccbe201a6e4382faf89 Signed-off-by: Peter Collingbourne <pcc@google.com> --- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/thread_info.h | 7 ++++++- arch/arm64/kernel/ptrace.c | 7 +++++++ arch/arm64/kernel/signal.c | 5 +++++ arch/arm64/kernel/syscall.c | 1 + 5 files changed, 20 insertions(+), 1 deletion(-)