From patchwork Wed Jul 19 17:59:00 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Garnier <thgarnie@google.com>
X-Patchwork-Id: 9852927
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2A2D2602C8 for <patchwork-linux-arm@patchwork.kernel.org>;
	Wed, 19 Jul 2017 18:00:28 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2E4DD286DD
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Wed, 19 Jul 2017 18:00:28 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 224512870D; Wed, 19 Jul 2017 18:00:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,DKIM_VALID autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 910ED286DD
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Wed, 19 Jul 2017 18:00:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=SQDTQFGPPANZcfb49YOauYj1SCzKiaAHhJtqwnEZUSU=;
	b=UenEp6wvQ/kOoNqVSDVwQEGiAx
	3t2Tdzy8SmBPYdIo1DbWo9jOopze3J4jmRqbBs3BpN1mflAbLHQQ0n+KMYNN3Q3HpagFgkdteaTf/
	wGh3UOxroaa0GSvxCJdX5QeHSBjN6S47EkUEI7jCAm79/eIRj8dkpGI2kQxQiYJEGZ4wZQQ/XkVlv
	yCUMwmAMt2EneiX8hTBF0y+5ibIe6WHEFy1KPDQLRyaSnqCBhSNRQ9KKzqox+r62MU1ItFQ1oA+Pv
	P/9ppG5XhkSwxn9NEj/fRMV7PmWe5dwGnZC/Zw8oHllIVYzLHFU/LST2f81cq9+vZ3vbL/srinGac
	jOf+6IHw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1dXtGq-0008Cf-40; Wed, 19 Jul 2017 18:00:24 +0000
Received: from mail-pg0-x232.google.com ([2607:f8b0:400e:c05::232])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1dXtG9-0006PO-Kf for linux-arm-kernel@lists.infradead.org;
	Wed, 19 Jul 2017 17:59:43 +0000
Received: by mail-pg0-x232.google.com with SMTP id k14so3479616pgr.0
	for <linux-arm-kernel@lists.infradead.org>;
	Wed, 19 Jul 2017 10:59:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=dFI8/sIJIrksVz/ZnS2pCHBgFXbz5CUM6qpa6hh5liw=;
	b=l/qrjDpvg+RGm7CkDFrl/qjVvkwlO7sRpFRJ94WR+orhqWGRpZ743Wppx3rkqiEmuu
	vDyhW3wxIMXRBWvy7irc53v+P6P4kc8vv3koXA4uuSpDu1bPlRzJAe0RiRoKTLl+//9C
	N++h3VSp1VAFOt0BpwI+BrNywrzhCU/OnDIzjiwUjBrUl1l+KyOTElJUcHd33j+qABJA
	KTZ9lMhxqoCTRKGhP/r8/YhjvCJnER7ihN/MjCNITdxgU6ZclpY7cn53iOojiowTSZk7
	bAIvLxI0PFE+GL7gYNJGdKssJOYllYyN+fQuZF6D5ntwOyj1tx3qDLyM9FdZ7Tu7HVxU
	307A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=dFI8/sIJIrksVz/ZnS2pCHBgFXbz5CUM6qpa6hh5liw=;
	b=XE55HHAJkfirgK15vYQvIrBHbeTL2MTyoUPlKx0L9h78ehYfYWFpvUoeOb/CHM13n8
	6gwPQCcVMpKdF0TibiaAhjpMQpvbOsFCpadxgbyG3AQZe3Q0zMKox0lILTG/5TemmsUf
	cvLRUD/uTossgDm/ukny5kePDxeTsZuIlDeHScjFs8VmR5dAJRVGSpKygnzPbk0WdmnF
	kx4q3q9aODrcfX+ysbBA09Zj7Cj7dN7naQj53dXvRheCLb06dcp+UeWInUx9igonqBbQ
	EIcP5EftM3adTj51X+PC1Khyw7XcOq3iTG2a3i+bgyrx5fHpQPohsQfLeJikTTmWwmaZ
	UKbw==
X-Gm-Message-State: AIVw110w8zOlY8cyts3YIZQvffm3KNlpYHM+jonKuVKNOeLbAg0JqD+z
	d4/GgIdIEqBglWLF
X-Received: by 10.84.164.225 with SMTP id l30mr945637plg.376.1500487159734;
	Wed, 19 Jul 2017 10:59:19 -0700 (PDT)
Received: from skynet.sea.corp.google.com ([100.100.206.164])
	by smtp.gmail.com with ESMTPSA id
	c62sm858546pfb.93.2017.07.19.10.59.18
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 19 Jul 2017 10:59:18 -0700 (PDT)
From: Thomas Garnier <thgarnie@google.com>
To: Russell King <linux@armlinux.org.uk>,
	Thomas Garnier <thgarnie@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will.deacon@arm.com>, Dave Martin <Dave.Martin@arm.com>,
	Chris Metcalf <cmetcalf@mellanox.com>,
	Pratyush Anand <panand@redhat.com>, leonard.crestez@nxp.com
Subject: [PATCH 3/3] arm64/syscalls: Move address limit check in loop
Date: Wed, 19 Jul 2017 10:59:00 -0700
Message-Id: <20170719175900.124074-3-thgarnie@google.com>
X-Mailer: git-send-email 2.14.0.rc0.284.gd933b75aa4-goog
In-Reply-To: <20170719175900.124074-1-thgarnie@google.com>
References: <20170719175900.124074-1-thgarnie@google.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20170719_105941_705986_048D6BBE 
X-CRM114-Status: GOOD (  13.04  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	kernel-hardening@lists.openwall.com
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

The original bug was reported on arm but I am fixing arm64 too because
it has a similar code pattern.

The work pending loop can call set_fs after addr_limit_user_check
removed the _TIF_FSCHECK flag. To prevent the infinite loop, move the
addr_limit_user_check call at the beginning of the loop.

Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode return")
Reported-by: Leonard Crestez <leonard.crestez@nxp.com>
Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
 arch/arm64/kernel/signal.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index e3e3293d1123..8e2705983e1d 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -751,10 +751,10 @@ asmlinkage void do_notify_resume(struct pt_regs *regs,
 	 */
 	trace_hardirqs_off();
 
-	/* Check valid user FS if needed */
-	addr_limit_user_check();
-
 	do {
+		/* Check valid user FS if needed */
+		addr_limit_user_check();
+
 		if (thread_flags & _TIF_NEED_RESCHED) {
 			schedule();
 		} else {