From patchwork Mon Aug 28 21:35:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 9926319
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2E0D660375 for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 28 Aug 2017 21:44:22 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 219E1283C7
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 28 Aug 2017 21:44:22 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 166B82855D; Mon, 28 Aug 2017 21:44:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 92EFD283C7
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Mon, 28 Aug 2017 21:44:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=cCYT9t5T4UOOKd9Iw2MMNDRlcXjHdKLncNVH4YkorM0=;
	b=EB+Oj1+N9vw3VTv3ElU3Q2Oqfa
	6epf6n4sgdCL/VuX6LI4ShDLRR/sh70XuDFalTn2OcCxBBSSH7ZKRNnXrKuvfsZh0WTVi18WLSkkl
	rThWwvdabJsL+36w4sgt/eoFraOgMfSJ88D8kV9Qjpqoahzoy4HOvnETy7o8sX8yBBu/M3x/VdnLn
	WTsy7AnqBwkpEwINVKbJchH17Olun7Jz1eU9JlJQlriZfhkWDnGj/JHRxgmiL8jyhiq/UC3hEYoWC
	TioTwrAxqS4vorksX5+Hzowy+Tu95q2DDY5Ha5h3Dgb9nNJNyfo+39BH39vesEVXxS70HU/uVBodr
	FrVoxQSA==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1dmRpQ-0004Rr-U0; Mon, 28 Aug 2017 21:44:16 +0000
Received: from mail-pg0-x22a.google.com ([2607:f8b0:400e:c05::22a])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1dmRpM-0004PK-Rl for linux-arm-kernel@lists.infradead.org;
	Mon, 28 Aug 2017 21:44:14 +0000
Received: by mail-pg0-x22a.google.com with SMTP id b8so4990447pgn.5
	for <linux-arm-kernel@lists.infradead.org>;
	Mon, 28 Aug 2017 14:43:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org;
	s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=O9xPKz20LY1tV1ER5S/OnObJf6vUSLUjoiyD6T2RSes=;
	b=jff2HyRRKp3Gn8+hbruLeEOs7tfJRJZMnUzDBlhoF1AcLtAguTk401aJVWb6T+ZE9x
	F8hiGAekHDaIogrib73YtHfs6FzfWKeG/uXR2ihGbcxgslhJ45fL5QdBV7aKIRTCI7J/
	AEBEdbOAl9aS0NefYTPwPVxI6uPklTfB7RfbY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=O9xPKz20LY1tV1ER5S/OnObJf6vUSLUjoiyD6T2RSes=;
	b=EpHxMSEuwrRxUibL3v8x3vqevY9LY+vAoAlyZBE+2jIpD9qtk+EGENiN1XCxkaq4vs
	517UmSnB9Zg8kkCSSNg0Sp1QrZkESzrTe0ATC7NScsalPCzE20ap9DbcbJ+oHEGccShC
	n2gPj6wgCvRorIW7y5KjUh2SvFmVoxK8SQ2lxj7CBILyS8ozz3l9oHApLAlj/ohn/TRs
	nh+UULOpxNytf5Z7kqJt44C85xkJsYNzd12Y+P3MtWb6FbRv7JLrO7HOEUV7/iUHkgk4
	9LLUi0pt3hlSV5PT+UVkSNzw8waMOey0/R+e7ZhOivbsMpebsepT0PIxE3bCCC3CkGMX
	NKuw==
X-Gm-Message-State: AHYfb5gWy6ExEwbW5pyJarVRxIcNjV/RuW6RJhgkwSLo9kwIjfZQCOOX
	bsX48lCKbyTZlnUU
X-Received: by 10.99.0.73 with SMTP id 70mr1816936pga.219.1503956631906;
	Mon, 28 Aug 2017 14:43:51 -0700 (PDT)
Received: from www.outflux.net
	(173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
	by smtp.gmail.com with ESMTPSA id
	g30sm1890305pgn.65.2017.08.28.14.43.50
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 28 Aug 2017 14:43:50 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Subject: [PATCH v2 29/30] arm: Implement thread_struct whitelist for hardened
	usercopy
Date: Mon, 28 Aug 2017 14:35:10 -0700
Message-Id: <1503956111-36652-30-git-send-email-keescook@chromium.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1503956111-36652-1-git-send-email-keescook@chromium.org>
References: <1503956111-36652-1-git-send-email-keescook@chromium.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170828_144412_954317_1D18C9D7 
X-CRM114-Status: GOOD (  11.22  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: David Windsor <dave@nullcore.net>, Kees Cook <keescook@chromium.org>,
	linux-mm@kvack.org, "Peter Zijlstra \(Intel\)" <peterz@infradead.org>,
	kernel-hardening@lists.openwall.com,
	Russell King <linux@armlinux.org.uk>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Ingo Molnar <mingo@kernel.org>, linux-arm-kernel@lists.infradead.org
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

ARM does not carry FPU state in the thread structure, so it can declare
no usercopy whitelist at all.

Cc: Russell King <linux@armlinux.org.uk>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/arm/Kconfig                 | 1 +
 arch/arm/include/asm/processor.h | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index a208bfe367b5..3781f08d00fa 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -48,6 +48,7 @@ config ARM
 	select HAVE_ARCH_KGDB if !CPU_ENDIAN_BE32 && MMU
 	select HAVE_ARCH_MMAP_RND_BITS if MMU
 	select HAVE_ARCH_SECCOMP_FILTER if (AEABI && !OABI_COMPAT)
+	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
 	select HAVE_ARCH_TRACEHOOK
 	select HAVE_ARM_SMCCC if CPU_V7
 	select HAVE_CBPF_JIT
diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h
index c3d5fc124a05..d6dc45c92ee5 100644
--- a/arch/arm/include/asm/processor.h
+++ b/arch/arm/include/asm/processor.h
@@ -45,6 +45,13 @@ struct thread_struct {
 	struct debug_info	debug;
 };
 
+/* Nothing needs to be usercopy-whitelisted from thread_struct. */
+static inline void arch_thread_struct_whitelist(unsigned long *offset,
+						unsigned long *size)
+{
+	*offset = *size = 0;
+}
+
 #define INIT_THREAD  {	}
 
 #ifdef CONFIG_MMU