From patchwork Mon Apr 4 23:59:25 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cyril Bur X-Patchwork-Id: 606197 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3qf8L45M1dz9sBR for ; Tue, 5 Apr 2016 10:07:08 +1000 (AEST) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3qf8L44c5MzDqhR for ; Tue, 5 Apr 2016 10:07:08 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Received: from ozlabs.org (ozlabs.org [103.22.144.67]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3qf8Cs4NVJzDqKL for ; Tue, 5 Apr 2016 10:01:45 +1000 (AEST) Received: by ozlabs.org (Postfix) id 3qf8Cs3btVz9sCp; Tue, 5 Apr 2016 10:01:45 +1000 (AEST) Delivered-To: linuxppc-dev@ozlabs.org Received: from e23smtp01.au.ibm.com (e23smtp01.au.ibm.com [202.81.31.143]) (using TLSv1.2 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3qf8Cs2gDKz9sC4 for ; Tue, 5 Apr 2016 10:01:45 +1000 (AEST) Received: from localhost by e23smtp01.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 5 Apr 2016 10:01:44 +1000 Received: from d23dlp01.au.ibm.com (202.81.31.203) by e23smtp01.au.ibm.com (202.81.31.207) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 5 Apr 2016 10:01:42 +1000 X-IBM-Helo: d23dlp01.au.ibm.com X-IBM-MailFrom: cyrilbur@gmail.com X-IBM-RcptTo: linuxppc-dev@ozlabs.org Received: from d23relay09.au.ibm.com (d23relay09.au.ibm.com [9.185.63.181]) by d23dlp01.au.ibm.com (Postfix) with ESMTP id 01E412CE8054 for ; Tue, 5 Apr 2016 10:01:42 +1000 (EST) Received: from d23av02.au.ibm.com (d23av02.au.ibm.com [9.190.235.138]) by d23relay09.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u3501SN231719612 for ; Tue, 5 Apr 2016 10:01:41 +1000 Received: from d23av02.au.ibm.com (localhost [127.0.0.1]) by d23av02.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u35013YQ006097 for ; Tue, 5 Apr 2016 10:01:04 +1000 Received: from ozlabs.au.ibm.com (ozlabs.au.ibm.com [9.192.253.14]) by d23av02.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id u35013WO005302; Tue, 5 Apr 2016 10:01:03 +1000 Received: from camb691.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 70BA9A0220; Tue, 5 Apr 2016 10:00:09 +1000 (AEST) From: Cyril Bur To: linuxppc-dev@ozlabs.org Subject: [PATCH V2 3/5] powerpc: Fix SPR leak across exec() syscalls Date: Tue, 5 Apr 2016 09:59:25 +1000 Message-Id: <1459814367-3057-3-git-send-email-cyrilbur@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1459814367-3057-1-git-send-email-cyrilbur@gmail.com> References: <1459814367-3057-1-git-send-email-cyrilbur@gmail.com> X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16040500-1618-0000-0000-000045477DD7 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mikey@neuling.org MIME-Version: 1.0 Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Currently start_thread() doesn't sanitise TAR nor the VRSAVE. The TAR SPR can be set and branched to, not sanitising it presents an information leak to the new executable. The VRSAVE SPR can be used by both application and operating system. The PowerISA states (in a programming note) that an application could use VRSAVE as a hint to the operating system as to which vector registers are being used and therefore which ones to save and restore. Linux doesn't care and simply saves/restores all vector registers, however, it should also be sanitising VRSAVE as applications are free to do with it what they wish. Other SPR registers such as the Performance registers used by perf (and are managed entirely by perf) as well as the Event Based Branch (EBB) registers are left alone by design as these fall into the same category as leaving file descriptors open across exec(), it is up the parent thread to sanitise what it deems necessary. Signed-off-by: Cyril Bur --- arch/powerpc/kernel/process.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index d7a9df5..56444a6 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -1577,6 +1577,8 @@ void start_thread(struct pt_regs *regs, unsigned long start, unsigned long sp) current->thread.vr_state.vscr.u[3] = 0x00010000; /* Java mode disabled */ current->thread.vr_save_area = NULL; current->thread.vrsave = 0; + if (cpu_has_feature(CPU_FTR_ALTIVEC)) + mtspr(SPRN_VRSAVE, 0); current->thread.used_vr = 0; #endif /* CONFIG_ALTIVEC */ #ifdef CONFIG_SPE @@ -1592,6 +1594,18 @@ void start_thread(struct pt_regs *regs, unsigned long start, unsigned long sp) current->thread.tm_texasr = 0; current->thread.tm_tfiar = 0; #endif /* CONFIG_PPC_TRANSACTIONAL_MEM */ +#ifdef CONFIG_PPC_BOOK3S_64 + /* + * Zero out the SPRs. + * Don't touch the ones use by perf, it controls them. + * Don't touch the EBB regs. This falls into the same category of + * responsibly as open file descriptors across exec(), the parent should + * sanitise if it feels it would be a problem + */ + current->thread.tar = 0; + if (cpu_has_feature(CPU_FTR_ARCH_206)) + mtspr(SPRN_TAR, 0); +#endif /* CONFIG_PPC_BOOK3S_64 */ } EXPORT_SYMBOL(start_thread);