[{"id":1767282,"web_url":"http://patchwork.ozlabs.org/comment/1767282/","msgid":"<20170912182727.GB27652@arm.com>","list_archive_url":null,"date":"2017-09-12T18:27:28","subject":"Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop","submitter":{"id":7916,"url":"http://patchwork.ozlabs.org/api/people/7916/","name":"Will Deacon","email":"will.deacon@arm.com"},"content":"Hi Kees,\n\nOn Thu, Sep 07, 2017 at 08:30:47AM -0700, Kees Cook wrote:\n> From: Thomas Garnier <thgarnie@google.com>\n> \n> A bug was reported on ARM where set_fs might be called after it was\n> checked on the work pending function. ARM64 is not affected by this bug\n> but has a similar construct. In order to avoid any similar problems in\n> the future, the addr_limit_user_check function is moved at the beginning\n> of the loop.\n> \n> Fixes: cf7de27ab351 (\"arm64/syscalls: Check address limit on user-mode return\")\n> Reported-by: Leonard Crestez <leonard.crestez@nxp.com>\n> Signed-off-by: Thomas Garnier <thgarnie@google.com>\n> Signed-off-by: Kees Cook <keescook@chromium.org>\n> ---\n>  arch/arm64/kernel/signal.c | 6 +++---\n>  1 file changed, 3 insertions(+), 3 deletions(-)\n\nWhat's the plan for this series? It looks like somehow an old v2 of the\noriginal series made it into mainline, so I'd like to see these fixes get\nin ASAP. I'm still slightly nervous about pathological setting of the\nFSCHECK flag due to e.g. a PMU IRQ causing a livelock in do_notify_resume,\nbut that's at least less likely with this fix :/\n\nWill","headers":{"Return-Path":"<linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming-imx@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming-imx@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.infradead.org\n\t(client-ip=65.50.211.133; helo=bombadil.infradead.org;\n\tenvelope-from=linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org\n\theader.b=\"kRnkyUZN\"; dkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xsCvp3KHwz9s81\n\tfor <incoming-imx@patchwork.ozlabs.org>;\n\tWed, 13 Sep 2017 04:27:50 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drpuU-0001Rf-C2; Tue, 12 Sep 2017 18:27:46 +0000","from foss.arm.com ([217.140.101.70])\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drpuQ-0001OG-Gz for linux-arm-kernel@lists.infradead.org;\n\tTue, 12 Sep 2017 18:27:44 +0000","from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])\n\tby usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5963D1529;\n\tTue, 12 Sep 2017 11:27:19 -0700 (PDT)","from edgewater-inn.cambridge.arm.com\n\t(usa-sjc-imap-foss1.foss.arm.com [10.72.51.249])\n\tby usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id\n\t241C23F578; Tue, 12 Sep 2017 11:27:19 -0700 (PDT)","by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000)\n\tid 766B51AE37A8; Tue, 12 Sep 2017 19:27:28 +0100 (BST)"],"DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:\n\tMessage-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=daciA85vcY23MQtlgO9pkrRmhqSD6eNdxfW6vWZCQtk=;\n\tb=kRnkyUZN5Zk2S+\n\taHcjbw12gjwhiDrE7t5kW9Tj6CFpnSpGe2CzhYRA4Zo1d/qqmjn0P0KaX3P4v8Iji81LfN7n3TjVx\n\tWcWUhUz3m8pIGE2wSe+TXsws/g/gH4nLdsynhBADIxiFV3wna5uTsMcHkOkdvDWBzuVKxZTTaa1EO\n\tEvXGcLKpcMrPS6yY08qYoccobksVDy+2ZK5vPWWyEe7K5MY6wuRjX9NP4ayFOowG8bbDZ0sLPjCkd\n\ts8cRB7pHxkley+Qb02aE3/Z3cV0MCdlolynjRW05XniC+IeB9awXz9A579MwK4jx+QXifSSzHaMVs\n\tCiN9YLJfj0cYZ7q86bSA==;","Date":"Tue, 12 Sep 2017 19:27:28 +0100","From":"Will Deacon <will.deacon@arm.com>","To":"Kees Cook <keescook@chromium.org>","Subject":"Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop","Message-ID":"<20170912182727.GB27652@arm.com>","References":"<1504798247-48833-1-git-send-email-keescook@chromium.org>\n\t<1504798247-48833-5-git-send-email-keescook@chromium.org>","MIME-Version":"1.0","Content-Disposition":"inline","In-Reply-To":"<1504798247-48833-5-git-send-email-keescook@chromium.org>","User-Agent":"Mutt/1.5.23 (2014-03-12)","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170912_112742_574771_45F081F6 ","X-CRM114-Status":"GOOD (  15.04  )","X-Spam-Score":"-6.9 (------)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details:   (-6.9 points)\n\tpts rule name              description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/,\n\thigh trust [217.140.101.70 listed in list.dnswl.org]\n\t-0.0 SPF_PASS               SPF: sender matches SPF record\n\t-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay\n\tdomain\n\t-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]","X-BeenThere":"linux-arm-kernel@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/linux-arm-kernel>,\n\t<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/linux-arm-kernel/>","List-Post":"<mailto:linux-arm-kernel@lists.infradead.org>","List-Help":"<mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,\n\t<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>","Cc":"Pratyush Anand <panand@redhat.com>, Thomas Garnier <thgarnie@google.com>,\n\tWill Drewry <wad@chromium.org>, Arnd Bergmann <arnd@arndb.de>,\n\tCatalin Marinas <catalin.marinas@arm.com>, linux-kernel@vger.kernel.org, \n\tRussell King <linux@armlinux.org.uk>,\n\tAndy Lutomirski <luto@amacapital.net>, \n\tDavid Howells <dhowells@redhat.com>,\n\tDave Hansen <dave.hansen@intel.com>, \n\tAl Viro <viro@zeniv.linux.org.uk>, linux-api@vger.kernel.org,\n\tYonghong Song <yhs@fb.com>, Thomas Gleixner <tglx@linutronix.de>,\n\tIngo Molnar <mingo@kernel.org>, linux-arm-kernel@lists.infradead.org, \n\tDave Martin <Dave.Martin@arm.com>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"linux-arm-kernel\" <linux-arm-kernel-bounces@lists.infradead.org>","Errors-To":"linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org","List-Id":"linux-imx-kernel.lists.patchwork.ozlabs.org"}},{"id":1767283,"web_url":"http://patchwork.ozlabs.org/comment/1767283/","msgid":"<CAGXu5jLXSxoFLnP-YHab0raYjt8nY_tfnCYmE1_9XOAio4MRCw@mail.gmail.com>","list_archive_url":null,"date":"2017-09-12T18:28:50","subject":"Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop","submitter":{"id":10641,"url":"http://patchwork.ozlabs.org/api/people/10641/","name":"Kees Cook","email":"keescook@chromium.org"},"content":"On Tue, Sep 12, 2017 at 11:27 AM, Will Deacon <will.deacon@arm.com> wrote:\n> Hi Kees,\n>\n> On Thu, Sep 07, 2017 at 08:30:47AM -0700, Kees Cook wrote:\n>> From: Thomas Garnier <thgarnie@google.com>\n>>\n>> A bug was reported on ARM where set_fs might be called after it was\n>> checked on the work pending function. ARM64 is not affected by this bug\n>> but has a similar construct. In order to avoid any similar problems in\n>> the future, the addr_limit_user_check function is moved at the beginning\n>> of the loop.\n>>\n>> Fixes: cf7de27ab351 (\"arm64/syscalls: Check address limit on user-mode return\")\n>> Reported-by: Leonard Crestez <leonard.crestez@nxp.com>\n>> Signed-off-by: Thomas Garnier <thgarnie@google.com>\n>> Signed-off-by: Kees Cook <keescook@chromium.org>\n>> ---\n>>  arch/arm64/kernel/signal.c | 6 +++---\n>>  1 file changed, 3 insertions(+), 3 deletions(-)\n>\n> What's the plan for this series? It looks like somehow an old v2 of the\n> original series made it into mainline, so I'd like to see these fixes get\n> in ASAP. I'm still slightly nervous about pathological setting of the\n> FSCHECK flag due to e.g. a PMU IRQ causing a livelock in do_notify_resume,\n> but that's at least less likely with this fix :/\n\nHi! I resent this to Ingo to pick up for -tip. I think he's waiting\nfor -rc1, IIUC. Ingo, can you comment on timing for this getting sent\nto Linus?\n\n-Kees","headers":{"Return-Path":"<linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming-imx@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming-imx@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.infradead.org\n\t(client-ip=65.50.211.133; helo=bombadil.infradead.org;\n\tenvelope-from=linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"ONOENFcS\"; \n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=google.com header.i=@google.com\n\theader.b=\"ibCoheya\"; \n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=chromium.org header.i=@chromium.org\n\theader.b=\"QuGL1NbZ\"; dkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xsCxW6RZnz9s81\n\tfor <incoming-imx@patchwork.ozlabs.org>;\n\tWed, 13 Sep 2017 04:29:19 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drpvw-00026Z-MR; Tue, 12 Sep 2017 18:29:16 +0000","from mail-it0-x229.google.com ([2607:f8b0:4001:c0b::229])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drpvs-0001rK-L4 for linux-arm-kernel@lists.infradead.org;\n\tTue, 12 Sep 2017 18:29:14 +0000","by mail-it0-x229.google.com with SMTP id c195so647754itb.1\n\tfor <linux-arm-kernel@lists.infradead.org>;\n\tTue, 12 Sep 2017 11:28:51 -0700 (PDT)","by 10.107.178.131 with HTTP; Tue, 12 Sep 2017 11:28:50 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:\n\tReferences:In-Reply-To:MIME-Version:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=riCdKGEgy66VY85VvCUf279NIiFo3peZqbEqFFES0E8=;\n\tb=ONOENFcSdhRv2h\n\tCbYjPN8Hld3INPLYmMXFUm7/LPJgnlyrOga3yzgFLVPMxW6LhwpavWp25nFBXS3p2WaIYhlwl0tLG\n\tUq5w/oKYOMSv+1NZUe3YRhKw2HkLShSWc2rMSeo9non5oYSGaUPz4kKuCFP8B5isbp5JugrZeNUfY\n\tdr+4yA2MX0Ro7I52Sgcf6RXAOT45AueEG48otrxTq9D+0foGsaadOAdl5FoBW9hSORBBU8RM07HBQ\n\tDveCjgBpFiAC+12S8LWwHbOYxy8NcPeOr6OMFPOby7fZlJvoRbeeGT92PsWNKBh8rbGLzvqobZ7pH\n\tBZmXeJV+XJwtZRHPadnQ==;","v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n\ts=20161025; \n\th=mime-version:sender:in-reply-to:references:from:date:message-id\n\t:subject:to:cc;\n\tbh=qjMxRYiVrFCW245/KjXdOm0yFxIDR2SQSJEce65dpUE=;\n\tb=ibCoheyaiiHF5Y2aXVMT+Fm1Se6OQVt0am8PBfJyKmGC0gziTn5Id+gw44lFNHYQ/F\n\tIvGdnqS6x7sDdSKUgvP4YqvOVasURQSOnMFeKvWqXG7C9h8Q2Iy8slyfKALYrMXA3KZX\n\tz9LSM+ijpNEDclkJ3bmATEWX7+rjGAFxi7T4j2zKsU5fdzu3bzDuAzrGLLprbWRnCz2f\n\tp7E/zYLqOTl79gWRvzyPqaNPX/gAD2SRzRJhu+HFHEDLawLJ4SsivTGeO1xMQ1OG3xto\n\tqRW9FHQfpE9kTKR+n5UO77qoNaC47rXLVWPK4u19uWIeAG/tKbvnPkoxVK0Nfi3xgQl2\n\tqbFg==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org;\n\ts=google; \n\th=mime-version:sender:in-reply-to:references:from:date:message-id\n\t:subject:to:cc;\n\tbh=qjMxRYiVrFCW245/KjXdOm0yFxIDR2SQSJEce65dpUE=;\n\tb=QuGL1NbZ1x8W47s0IziePqVcKWEbKQR+7QiV7ti5Z5f8RakzkvJEBZ5E+HZw2jboSq\n\t03Z4yrUdIKy9+wm3RNDONxlanVAA2wJ9uz31LmpzVR7mQ3eILqKlnzDsUALVnQQTdYxR\n\tGZho87oKjULlT7JoI8slzPNnOdrUmhM1wFdP8="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:mime-version:sender:in-reply-to:references:from\n\t:date:message-id:subject:to:cc;\n\tbh=qjMxRYiVrFCW245/KjXdOm0yFxIDR2SQSJEce65dpUE=;\n\tb=qRgB6+KAM3OiHcGoTel0KMLUSmmNEtIJlCT2OcPhLapfx2w2xjrZqR1LJyXSSqt13Y\n\tgkCn6T+azo9OR7CicxtWS1R/HIMxPNsdtvUN6DRbc0reI919wkRIeCn/a5cNcYPYbqGP\n\tTYCnvNeFAzlEeqXYjqoaypGXbOv6w8yxPZcKXroKoI1/R2/8NXkhRf0i9zUV/c46QGnI\n\tfcQh5UkPYLl+QDDOQzEQBgCVTw4FF8DosFbeIlLtInI9ZqWUHIXoG5RYVu/+f6ZaqY2B\n\tb6CQLkA2yOh8UjyWzL4tbpiLkWwLCahyc4HHdtguZwqD1ijn5Uk9RjvrEWFwUtPtTXuw\n\t80Mg==","X-Gm-Message-State":"AHPjjUg0wruzij3iOCFciGoNmlivaBQsGx/DjJotG37PUz4rHgFJBlk0\n\twfzongkTf9PSakJXJxAih0kzuVA5j1QeOQus2qncCg==","X-Google-Smtp-Source":"AOwi7QAQgKU7vbrXWqYcwW1YAg589wYwr/0yt3IxPEB1iakVahgk9234vfk7I06vEDOfSGrvydT/WrCVB+XUBf0fVuQ=","X-Received":"by 10.36.121.202 with SMTP id z193mr751641itc.110.1505240931027; \n\tTue, 12 Sep 2017 11:28:51 -0700 (PDT)","MIME-Version":"1.0","In-Reply-To":"<20170912182727.GB27652@arm.com>","References":"<1504798247-48833-1-git-send-email-keescook@chromium.org>\n\t<1504798247-48833-5-git-send-email-keescook@chromium.org>\n\t<20170912182727.GB27652@arm.com>","From":"Kees Cook <keescook@chromium.org>","Date":"Tue, 12 Sep 2017 11:28:50 -0700","X-Google-Sender-Auth":"p2-E6hO864xOseFN_8zsdRQW3U0","Message-ID":"<CAGXu5jLXSxoFLnP-YHab0raYjt8nY_tfnCYmE1_9XOAio4MRCw@mail.gmail.com>","Subject":"Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop","To":"Will Deacon <will.deacon@arm.com>, Ingo Molnar <mingo@kernel.org>","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170912_112912_828724_C2392FC9 ","X-CRM114-Status":"GOOD (  18.08  )","X-Spam-Score":"-2.0 (--)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details:   (-2.0 points)\n\tpts rule name              description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.0 SPF_PASS               SPF: sender matches SPF record\n\t-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay\n\tdomain\n\t0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level\n\tmail domains are different\n\t-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]\n\t-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature\n\t0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n\tnot necessarily valid\n\t-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n\tauthor's domain","X-BeenThere":"linux-arm-kernel@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/linux-arm-kernel>,\n\t<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/linux-arm-kernel/>","List-Post":"<mailto:linux-arm-kernel@lists.infradead.org>","List-Help":"<mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,\n\t<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>","Cc":"Pratyush Anand <panand@redhat.com>, Will Drewry <wad@chromium.org>,\n\tArnd Bergmann <arnd@arndb.de>,\n\tCatalin Marinas <catalin.marinas@arm.com>, \n\tLKML <linux-kernel@vger.kernel.org>,\n\tRussell King <linux@armlinux.org.uk>, \n\tAndy Lutomirski <luto@amacapital.net>,\n\tDavid Howells <dhowells@redhat.com>, \n\tDave Hansen <dave.hansen@intel.com>, Al Viro <viro@zeniv.linux.org.uk>,\n\tLinux API <linux-api@vger.kernel.org>, Yonghong Song <yhs@fb.com>,\n\tThomas Gleixner <tglx@linutronix.de>,\n\tThomas Garnier <thgarnie@google.com>, \n\t\"linux-arm-kernel@lists.infradead.org\"\n\t<linux-arm-kernel@lists.infradead.org>, \n\tDave Martin <Dave.Martin@arm.com>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"linux-arm-kernel\" <linux-arm-kernel-bounces@lists.infradead.org>","Errors-To":"linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org","List-Id":"linux-imx-kernel.lists.patchwork.ozlabs.org"}},{"id":1767663,"web_url":"http://patchwork.ozlabs.org/comment/1767663/","msgid":"<20170913080011.cxydu4ptal53okzm@gmail.com>","list_archive_url":null,"date":"2017-09-13T08:00:11","subject":"Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop","submitter":{"id":13421,"url":"http://patchwork.ozlabs.org/api/people/13421/","name":"Ingo Molnar","email":"mingo@kernel.org"},"content":"* Kees Cook <keescook@chromium.org> wrote:\n\n> On Tue, Sep 12, 2017 at 11:27 AM, Will Deacon <will.deacon@arm.com> wrote:\n> > Hi Kees,\n> >\n> > On Thu, Sep 07, 2017 at 08:30:47AM -0700, Kees Cook wrote:\n> >> From: Thomas Garnier <thgarnie@google.com>\n> >>\n> >> A bug was reported on ARM where set_fs might be called after it was\n> >> checked on the work pending function. ARM64 is not affected by this bug\n> >> but has a similar construct. In order to avoid any similar problems in\n> >> the future, the addr_limit_user_check function is moved at the beginning\n> >> of the loop.\n> >>\n> >> Fixes: cf7de27ab351 (\"arm64/syscalls: Check address limit on user-mode return\")\n> >> Reported-by: Leonard Crestez <leonard.crestez@nxp.com>\n> >> Signed-off-by: Thomas Garnier <thgarnie@google.com>\n> >> Signed-off-by: Kees Cook <keescook@chromium.org>\n> >> ---\n> >>  arch/arm64/kernel/signal.c | 6 +++---\n> >>  1 file changed, 3 insertions(+), 3 deletions(-)\n> >\n> > What's the plan for this series? It looks like somehow an old v2 of the\n> > original series made it into mainline, so I'd like to see these fixes get\n> > in ASAP. I'm still slightly nervous about pathological setting of the\n> > FSCHECK flag due to e.g. a PMU IRQ causing a livelock in do_notify_resume,\n> > but that's at least less likely with this fix :/\n> \n> Hi! I resent this to Ingo to pick up for -tip. I think he's waiting\n> for -rc1, IIUC. Ingo, can you comment on timing for this getting sent\n> to Linus?\n\nWill accelerate them - didn't realize the urgency.\n\nThanks,\n\n\tIngo","headers":{"Return-Path":"<linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming-imx@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming-imx@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.infradead.org\n\t(client-ip=65.50.211.133; helo=bombadil.infradead.org;\n\tenvelope-from=linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"eFNsJ5uI\"; \n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"UsJhFANn\"; dkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xsZ7r1r3Xz9sPm\n\tfor <incoming-imx@patchwork.ozlabs.org>;\n\tWed, 13 Sep 2017 18:09:28 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1ds2jZ-0004Qg-Rj; Wed, 13 Sep 2017 08:09:21 +0000","from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1ds2bA-0000YG-U9 for linux-arm-kernel@lists.infradead.org;\n\tWed, 13 Sep 2017 08:00:48 +0000","by mail-wm0-x244.google.com with SMTP id r136so6691wmf.3\n\tfor <linux-arm-kernel@lists.infradead.org>;\n\tWed, 13 Sep 2017 01:00:20 -0700 (PDT)","from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213])\n\tby smtp.gmail.com with ESMTPSA id\n\tn57sm6287447wrn.29.2017.09.13.01.00.12\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tWed, 13 Sep 2017 01:00:13 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:\n\tMessage-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=+/qgFnaJ8cjCrv0tLv+knwFIB/M3PsXffqRtD7nB2MI=;\n\tb=eFNsJ5uImXtp5G\n\tMeV9jiGCoDBPDQeFV4QoTPZ4rPCDQLVmvcWFtukjSCO71xAKtZQlWt1kI52rdysOPKp4RorWf8JFL\n\tpbAE68WQeCI67EUuig8SRjAwNhbdhr4nH4lmbTieLcakEgX2wO7DkT9jitqDEIuzDjYSD5BiHjUD1\n\tysnYTXnXeCrwUDQDwlZa2QuYZbXXi+EcGzZeq4tM87lqFyXTimMLcPF5jQS/4GSWty/QOSjvu70OS\n\tJZrKjDLIL0koIC4K4RoL1VVWrK5+MUIFma6Y5Jpp0CEvZ8EeenmaOl+EwxAZIGPD3eENLPCu3STPF\n\tkAhwZ623CtBr1C6V37rQ==;","v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:date:from:to:cc:subject:message-id:references:mime-version\n\t:content-disposition:in-reply-to:user-agent;\n\tbh=Sx/DRSxeh3J7IIoCtDpudyMvesXs0AJxe0KQ8beoYHg=;\n\tb=UsJhFANnYu7w8H5ueZsqFZI5Eo57iuMMWCvy3ASbBeBCv6+HNeY3upLpHppqBW5Jgt\n\tIuDAdG9AjI1YE4s9qju/7rShwaoFC6Xiq6x6yZdBNMXCCEABZmhi3I2aeMmCt7BABaAq\n\ttbVpVPDwtfHjcCR1VceTVXnbC3cWEABZg40NC5/J7lHoUKIXkUGJAx7dRqhyuJMN0ef9\n\tPzoQB6qOFvF0317M3oK0pE9Gxgore7IYuIlz1QkoPlU2ZQtRkMRF42BKq/+kWmMPcYTL\n\t5PxRFoPxmulg20LEg9FR22zeSiNvNTPYji2FibzLLhMCmz9aIrfHfafC25lwsM7N9a7N\n\t0iHw=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:date:from:to:cc:subject:message-id\n\t:references:mime-version:content-disposition:in-reply-to:user-agent; \n\tbh=Sx/DRSxeh3J7IIoCtDpudyMvesXs0AJxe0KQ8beoYHg=;\n\tb=bA4e7RvD7vWM9DwhaM5BmoxFjFSoWsLf/uiNofEgQlpNwMl7yc381//ysMiKTT811j\n\tvNz84d1c/LiM8R9RDCiEQ3oO3tkzJKBBjmnkU2orEIvThYZN1gO822E7AlTjeCw3Zxhn\n\tUag2vf8spdY66MaclZuJo+aDPeUxklU2Pvuh86DagtCCYboSkwLLeqI5rJXIz3xJc2v2\n\t417ES8Qqnz1o7nJjMbtar3CUsm/8rwx+O25hU4NZxwWKbuTRs1MlPGHMwOeikIM5+u2c\n\tnUysyT9get4pSqncgcyvCQ5iaW9iCVc2q+pp82cAnE6zFhlFoY1TJEmqDA2j6/TKswxJ\n\t06Mg==","X-Gm-Message-State":"AHPjjUiQCPjXLCVbyCeaeGPuUL85OcaFQjrUVxPz4QLIPY6VxfcNoSTI\n\t3AYfqfO8Yl8VbQ==","X-Google-Smtp-Source":"AOwi7QDK1fs4oZse6aA/rC7yd1VZ11b2M//GCYVKaXaqdcYU0rkwZdRwBvCytRZOgGatgYLmgdNm4w==","X-Received":"by 10.28.142.82 with SMTP id q79mr1863474wmd.106.1505289614174; \n\tWed, 13 Sep 2017 01:00:14 -0700 (PDT)","Date":"Wed, 13 Sep 2017 10:00:11 +0200","From":"Ingo Molnar <mingo@kernel.org>","To":"Kees Cook <keescook@chromium.org>","Subject":"Re: [PATCH 4/4] arm64/syscalls: Move address limit check in loop","Message-ID":"<20170913080011.cxydu4ptal53okzm@gmail.com>","References":"<1504798247-48833-1-git-send-email-keescook@chromium.org>\n\t<1504798247-48833-5-git-send-email-keescook@chromium.org>\n\t<20170912182727.GB27652@arm.com>\n\t<CAGXu5jLXSxoFLnP-YHab0raYjt8nY_tfnCYmE1_9XOAio4MRCw@mail.gmail.com>","MIME-Version":"1.0","Content-Disposition":"inline","In-Reply-To":"<CAGXu5jLXSxoFLnP-YHab0raYjt8nY_tfnCYmE1_9XOAio4MRCw@mail.gmail.com>","User-Agent":"NeoMutt/20170113 (1.7.2)","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170913_010041_409972_03C76D3D ","X-CRM114-Status":"GOOD (  19.81  )","X-Spam-Score":"-1.7 (-)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details:   (-1.7 points)\n\tpts rule name              description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,\n\tno\n\ttrust [2a00:1450:400c:c09:0:0:0:244 listed in] [list.dnswl.org]\n\t-0.0 SPF_PASS               SPF: sender matches SPF record\n\t0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\n\tprovider (mingo.kernel.org[at]gmail.com)\n\t0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level\n\tmail domains are different\n\t-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]\n\t-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature\n\t0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n\tnot necessarily valid\n\t0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and\n\tEnvelopeFrom freemail headers are different","X-BeenThere":"linux-arm-kernel@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/linux-arm-kernel>,\n\t<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/linux-arm-kernel/>","List-Post":"<mailto:linux-arm-kernel@lists.infradead.org>","List-Help":"<mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,\n\t<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>","Cc":"Pratyush Anand <panand@redhat.com>, Will Drewry <wad@chromium.org>,\n\tLKML <linux-kernel@vger.kernel.org>, Arnd Bergmann <arnd@arndb.de>,\n\tCatalin Marinas <catalin.marinas@arm.com>,\n\tWill Deacon <will.deacon@arm.com>, Russell King <linux@armlinux.org.uk>,\n\tAndy Lutomirski <luto@amacapital.net>, \n\tDavid Howells <dhowells@redhat.com>,\n\tDave Hansen <dave.hansen@intel.com>, Al Viro <viro@zeniv.linux.org.uk>,\n\tLinux API <linux-api@vger.kernel.org>, \n\tYonghong Song <yhs@fb.com>, Thomas Gleixner <tglx@linutronix.de>,\n\tThomas Garnier <thgarnie@google.com>,\n\t\"linux-arm-kernel@lists.infradead.org\"\n\t<linux-arm-kernel@lists.infradead.org>, \n\tDave Martin <Dave.Martin@arm.com>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"linux-arm-kernel\" <linux-arm-kernel-bounces@lists.infradead.org>","Errors-To":"linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org","List-Id":"linux-imx-kernel.lists.patchwork.ozlabs.org"}}]