| From bc37b4d4cb45a80e3b97a8e86f6aa5e3baf3e5d9 Mon Sep 17 00:00:00 2001 |
| From: Andy Lutomirski <luto@kernel.org> |
| Date: Wed, 20 Nov 2019 11:58:32 -0800 |
| Subject: [PATCH] selftests/x86/sigreturn/32: Invalidate DS and ES when abusing |
| the kernel |
| |
| commit 4d2fa82d98d2d296043a04eb517d7dbade5b13b8 upstream. |
| |
| If the kernel accidentally uses DS or ES while the user values are |
| loaded, it will work fine for sane userspace. In the interest of |
| simulating maximally insane userspace, make sigreturn_32 zero out DS |
| and ES for the nasty parts so that inadvertent use of these segments |
| will crash. |
| |
| Signed-off-by: Andy Lutomirski <luto@kernel.org> |
| Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> |
| Cc: stable@kernel.org |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/tools/testing/selftests/x86/sigreturn.c b/tools/testing/selftests/x86/sigreturn.c |
| index 3e49a7873f3e..57c4f67f16ef 100644 |
| --- a/tools/testing/selftests/x86/sigreturn.c |
| +++ b/tools/testing/selftests/x86/sigreturn.c |
| @@ -451,6 +451,19 @@ static void sigusr1(int sig, siginfo_t *info, void *ctx_void) |
| ctx->uc_mcontext.gregs[REG_SP] = (unsigned long)0x8badf00d5aadc0deULL; |
| ctx->uc_mcontext.gregs[REG_CX] = 0; |
| |
| +#ifdef __i386__ |
| + /* |
| + * Make sure the kernel doesn't inadvertently use DS or ES-relative |
| + * accesses in a region where user DS or ES is loaded. |
| + * |
| + * Skip this for 64-bit builds because long mode doesn't care about |
| + * DS and ES and skipping it increases test coverage a little bit, |
| + * since 64-bit kernels can still run the 32-bit build. |
| + */ |
| + ctx->uc_mcontext.gregs[REG_DS] = 0; |
| + ctx->uc_mcontext.gregs[REG_ES] = 0; |
| +#endif |
| + |
| memcpy(&requested_regs, &ctx->uc_mcontext.gregs, sizeof(gregset_t)); |
| requested_regs[REG_CX] = *ssptr(ctx); /* The asm code does this. */ |
| |
| -- |
| 2.7.4 |
| |
