]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commitdiff
syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
authorThomas Garnier <thgarnie@google.com>
Thu, 7 Sep 2017 15:30:44 +0000 (08:30 -0700)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Wed, 7 Mar 2018 11:13:00 +0000 (12:13 +0100)
Use CHECK_DATA_CORRUPTION instead of BUG_ON to provide more flexibility
on address limit failures. By default, send a SIGKILL signal to kill the
current process preventing exploitation of a bad address limit.

Make the TIF_FSCHECK flag optional so ARM can use this function.

Signed-off-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Pratyush Anand <panand@redhat.com>
Cc: Dave Martin <Dave.Martin@arm.com>
Cc: Will Drewry <wad@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: David Howells <dhowells@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-api@vger.kernel.org
Cc: Yonghong Song <yhs@fb.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/1504798247-48833-2-git-send-email-keescook@chromium.org
(cherry picked from commit bf29ed1567b67854dc13504f685c45a2ea9b2081)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
include/linux/syscalls.h

index 79991ad8eac1e93aef729b252aa7efb74db51ab3..5c4010f5b822cb42910be56f0f3a67d3ae52b610 100644 (file)
@@ -206,21 +206,25 @@ extern struct trace_event_functions exit_syscall_print_funcs;
        }                                                               \
        static inline long SYSC##name(__MAP(x,__SC_DECL,__VA_ARGS__))
 
-#ifdef TIF_FSCHECK
 /*
  * Called before coming back to user-mode. Returning to user-mode with an
  * address limit different than USER_DS can allow to overwrite kernel memory.
  */
 static inline void addr_limit_user_check(void)
 {
-
+#ifdef TIF_FSCHECK
        if (!test_thread_flag(TIF_FSCHECK))
                return;
+#endif
 
-       BUG_ON(!segment_eq(get_fs(), USER_DS));
+       if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS),
+                                 "Invalid address limit on user-mode return"))
+               force_sig(SIGKILL, current);
+
+#ifdef TIF_FSCHECK
        clear_thread_flag(TIF_FSCHECK);
-}
 #endif
+}
 
 asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special,
                               qid_t id, void __user *addr);