Commit 1713b63a authored by Jiri Olsa's avatar Jiri Olsa Committed by Masami Hiramatsu (Google)

x86/shstk: Make return uprobe work with shadow stack

Currently the application with enabled shadow stack will crash
if it sets up return uprobe. The reason is the uretprobe kernel
code changes the user space task's stack, but does not update
shadow stack accordingly.

Adding new functions to update values on shadow stack and using
them in uprobe code to keep shadow stack in sync with uretprobe
changes to user stack.

Link: https://lore.kernel.org/all/20240611112158.40795-2-jolsa@kernel.org/Acked-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Acked-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: default avatarOleg Nesterov <oleg@redhat.com>
Fixes: 488af8ea ("x86/shstk: Wire in shadow stack interface")
Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
Signed-off-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
parent 1b3c86ee
...@@ -21,6 +21,7 @@ unsigned long shstk_alloc_thread_stack(struct task_struct *p, unsigned long clon ...@@ -21,6 +21,7 @@ unsigned long shstk_alloc_thread_stack(struct task_struct *p, unsigned long clon
void shstk_free(struct task_struct *p); void shstk_free(struct task_struct *p);
int setup_signal_shadow_stack(struct ksignal *ksig); int setup_signal_shadow_stack(struct ksignal *ksig);
int restore_signal_shadow_stack(void); int restore_signal_shadow_stack(void);
int shstk_update_last_frame(unsigned long val);
#else #else
static inline long shstk_prctl(struct task_struct *task, int option, static inline long shstk_prctl(struct task_struct *task, int option,
unsigned long arg2) { return -EINVAL; } unsigned long arg2) { return -EINVAL; }
...@@ -31,6 +32,7 @@ static inline unsigned long shstk_alloc_thread_stack(struct task_struct *p, ...@@ -31,6 +32,7 @@ static inline unsigned long shstk_alloc_thread_stack(struct task_struct *p,
static inline void shstk_free(struct task_struct *p) {} static inline void shstk_free(struct task_struct *p) {}
static inline int setup_signal_shadow_stack(struct ksignal *ksig) { return 0; } static inline int setup_signal_shadow_stack(struct ksignal *ksig) { return 0; }
static inline int restore_signal_shadow_stack(void) { return 0; } static inline int restore_signal_shadow_stack(void) { return 0; }
static inline int shstk_update_last_frame(unsigned long val) { return 0; }
#endif /* CONFIG_X86_USER_SHADOW_STACK */ #endif /* CONFIG_X86_USER_SHADOW_STACK */
#endif /* __ASSEMBLY__ */ #endif /* __ASSEMBLY__ */
......
...@@ -577,3 +577,14 @@ long shstk_prctl(struct task_struct *task, int option, unsigned long arg2) ...@@ -577,3 +577,14 @@ long shstk_prctl(struct task_struct *task, int option, unsigned long arg2)
return wrss_control(true); return wrss_control(true);
return -EINVAL; return -EINVAL;
} }
int shstk_update_last_frame(unsigned long val)
{
unsigned long ssp;
if (!features_enabled(ARCH_SHSTK_SHSTK))
return 0;
ssp = get_user_shstk_addr();
return write_user_shstk_64((u64 __user *)ssp, (u64)val);
}
...@@ -1076,8 +1076,13 @@ arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs ...@@ -1076,8 +1076,13 @@ arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs
return orig_ret_vaddr; return orig_ret_vaddr;
nleft = copy_to_user((void __user *)regs->sp, &trampoline_vaddr, rasize); nleft = copy_to_user((void __user *)regs->sp, &trampoline_vaddr, rasize);
if (likely(!nleft)) if (likely(!nleft)) {
if (shstk_update_last_frame(trampoline_vaddr)) {
force_sig(SIGSEGV);
return -1;
}
return orig_ret_vaddr; return orig_ret_vaddr;
}
if (nleft != rasize) { if (nleft != rasize) {
pr_err("return address clobbered: pid=%d, %%sp=%#lx, %%ip=%#lx\n", pr_err("return address clobbered: pid=%d, %%sp=%#lx, %%ip=%#lx\n",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment