[RFC PATCH] arm64: fault: Don't populate ESR context for user fault on kernel VA

Dave Martin Dave.Martin at arm.com
Mon Mar 5 06:05:06 PST 2018


On Mon, Mar 05, 2018 at 10:31:15AM +0000, Will Deacon wrote:
> User faults on kernel addresses are a good sign that the faulting task
> is either up to no good or is in deep trouble. In such situations,
> exposing the optional ESR context on the sigframe as part of the
> delivered signal is only useful to attackers who are using information
> about underlying hardware fault (e.g. translation vs permission) as a
> mechanism to defeat KASLR.
> 
> Remove the ESR context from the sigframe for user faults on kernel
> addresses.

As this wording suggests, this change causes esr_context to disappear
entirely from the signal frame.  Previously, I think user code could
have relied on its being present for certain signals.

Does Debian's codesearch throw up any nontrivial users of esr_context?

Cheers
---Dave

> 
> Cc: Ard Biesheuvel <ard.biesheuvel at linaro.org>
> Cc: Dave Martin <Dave.Martin at arm.com>
> Signed-off-by: Will Deacon <will.deacon at arm.com>
> ---
> 
> Here's another one that doesn't make a huge amount of difference when
> kpti is enabled, but I think is a change worth making all the same.
> 
>  arch/arm64/mm/fault.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
> index 49dfb08a6c4d..b9800395788e 100644
> --- a/arch/arm64/mm/fault.c
> +++ b/arch/arm64/mm/fault.c
> @@ -292,8 +292,10 @@ static void __do_kernel_fault(unsigned long addr, unsigned int esr,
>  
>  static void __do_user_fault(struct siginfo *info, unsigned int esr)
>  {
> -	current->thread.fault_address = (unsigned long)info->si_addr;
> -	current->thread.fault_code = esr;
> +	unsigned long addr = (unsigned long)info->si_addr;
> +
> +	current->thread.fault_address = addr;
> +	current->thread.fault_code = addr < TASK_SIZE ? esr : 0;
>  	arm64_force_sig_info(info, esr_to_fault_info(esr)->name, current);
>  }
>  
> -- 
> 2.1.4
> 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel



More information about the linux-arm-kernel mailing list