From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DBC1E70718 for ; Thu, 21 Sep 2023 11:01:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 62D026B0203; Thu, 21 Sep 2023 07:01:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 49F216B0204; Thu, 21 Sep 2023 07:01:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 366E86B0205; Thu, 21 Sep 2023 07:01:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 219F96B0203 for ; Thu, 21 Sep 2023 07:01:01 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id DE6EA141061 for ; Thu, 21 Sep 2023 11:00:59 +0000 (UTC) X-FDA: 81260312238.18.DA13662 Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) by imf01.hostedemail.com (Postfix) with ESMTP id 034824002F for ; Thu, 21 Sep 2023 11:00:57 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=infradead.org header.s=desiato.20200630 header.b=MFTg6cMl; dmarc=none; spf=none (imf01.hostedemail.com: domain of peterz@infradead.org has no SPF policy when checking 90.155.92.199) smtp.mailfrom=peterz@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1695294058; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:references:dkim-signature; bh=yq6smcRh9Lt9PMXVlulhUee9kIX8B6TjEGtSPSAL3jI=; b=ND6LLZFmE47fiNY+N40AOkCmwqfcdLZCwFbR/zxce2cU8jqEi6qPvAyjuZ+ewOUOQugx7c DPQ9H3IL5F4YNysV4s1606BA1ZTmAw1uK10jL37VbEb2R4jTeXDuffESp0neVBmwu0y463 rSD1RiVhFf+Evxy7iGx4uRB3BL5r3dI= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=infradead.org header.s=desiato.20200630 header.b=MFTg6cMl; dmarc=none; spf=none (imf01.hostedemail.com: domain of peterz@infradead.org has no SPF policy when checking 90.155.92.199) smtp.mailfrom=peterz@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1695294058; a=rsa-sha256; cv=none; b=MRgwmzS9CjHWv5HnfY3GzrtkFK2q9e/8AN12zx+1Xofm8Vo2fsQTBkF5shbsLJ4F/Z9hYP m9Fcf666G7qi+Ebv+hthXQZyIP0Wz/JUTRPhYyRQEK44xC+7JkTnpGKnXELzqpIm/eg0X4 teujLsGgtmxV20VA4j8QNUxgFqzcaKA= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-Id:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=yq6smcRh9Lt9PMXVlulhUee9kIX8B6TjEGtSPSAL3jI=; b=MFTg6cMl019oUQu6rDJgts+aeg 6Z+T8mLRp+uO7oQYQZw8Sm7/bPEVJfCOG+aED2yludqPec99o8HNyZPS/UwxNUu5ybxaL1HEhSQAn dbGtduFHWOeo64tStINJ7gZdIll94CL1nBUWrJCIh7duiDqXpGEwJDGf9UmYQHjclLEG2htYks1j2 k3TT1ZVJmPhNPbii9Vmr15VGN96F+S0BqQB8o5Be51SKNksVDbNp+cdAzrwSIkN9YnEHdQHtiZs0o FsdMmqM6DHVtTYVFoqyyPUjpMHPB4elIcHz6Lly3U5MtaUc3UieSMAgJP1uokBuXVd99H5hXDY8TC QnNwNEBg==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.96 #2 (Red Hat Linux)) id 1qjHQJ-00FJvh-0q; Thu, 21 Sep 2023 11:00:45 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 0) id E37B2300513; Thu, 21 Sep 2023 13:00:42 +0200 (CEST) Message-Id: <20230921105247.828934099@noisy.programming.kicks-ass.net> User-Agent: quilt/0.65 Date: Thu, 21 Sep 2023 12:45:09 +0200 From: peterz@infradead.org To: tglx@linutronix.de, axboe@kernel.dk Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, mingo@redhat.com, dvhart@infradead.org, dave@stgolabs.net, andrealmeid@igalia.com, Andrew Morton , urezki@gmail.com, hch@infradead.org, lstoakes@gmail.com, Arnd Bergmann , linux-api@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, malteskarupke@web.de Subject: [PATCH v3 04/15] futex: Validate futex value against futex size References: <20230921104505.717750284@noisy.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline; filename=peterz-futex2-enforce-bits.patch X-Rspamd-Queue-Id: 034824002F X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: mp7ayq867sj4q448fa3ncr7mg9etrkcb X-HE-Tag: 1695294057-337940 X-HE-Meta: U2FsdGVkX19mX0rDRIjGjzVOlUNS+4vJUxYufsV/UYZp13uLHo46eA8mSnjxYsZ3HuoUL4fT53JLRt5HJkw1daG1hAVCHASeVkuADxgIt8IAkot4fuHpJIoUUH5/4O2o4wIma4MW4oUrPs+B/ZAz9smDay34nYAU+H+kLVtW3UbNCZ9+EcaD6gj3zZkbuNbN++n6XnsKbHahBk4dWYLwq7OiTv7W4Th1j+y365lZTJ4VCGpwqEbx94EFpW8PyymLmXkSIol73QmNzh2rdmeaQY5GNNAAVDy+VBjaWJ6jgPKCFHoLG6h2pGvwtkimUzH6UkwGm6g8y16Qn4Nhdi+1WvQHpBMcubVE+ePn6kXymqQn68s8DCCKt+zJZuWpkHO8hHtSge4lw3P5bk68PMceMNit8tXM2p9wwMp/Pui20tPH/GLvVCO6MTbmLe7uN5eWnhPgjS9fO1OPyvuVi26nAGqIbCh4xV9sQx1AmxKzgj89ceOXl7LYpbGMWnN+sSMa5R3YUmRsJKMCeV8Y14ByD0e6DlvKdaBOYQ+HNZc3mTGDe7nCAMKNN4KbmXcFOnLL/EGx/h4bQ4/fffaGh1wtej9ZI+I+EQJGJM2jXZw3WJtrXKmbFRq2lrI039uxFeL/ioeMcLd4GX76Wf3JkjlkBYLs5zG298+6iTqqzn+3XENQ8B55ez1G+0GJaTYC012UaGFCRB+uvMYWDDpXMvcBfwWqVT8V+CzgVnF4E98kuZqOHugdiZ9O2W3/xozSqfiiWuhacV4T4Fw5RntTlObUXUTew85P/yLDjdJbfe3I8XzMNRCcE5VP5hFwnt/z8qm9/xBzYfYn/HjIF2Nr6gGJ8EhSiE+BtHwB+335+IHE1RekgE1zeVWZky+4CMBs8Hr0u18tgOG3sV+g0l9IBmFH9IGADcGRObBHuLu4tOVkezZWWpYEyvQqIHQyn26VD7c0vieF2etrmTbFyk/yuFk SkNC3BNK p+eBlycYHuMi3gTdwuAVtpjKGPHHNMgr4hstw4jqN8BTKUaBcYJwzacYTd+DpERBl/FV+dT0gF3qtWJp/yDcR4PVRtXkejbrSIUGDD/M5QqJlK5DSAVXRXriibG+dQY2O/O+5uTQEOtL/ljNE5ku3VsFurINxwr/nDiOjSTTgRwTo6x/rGbwpTZFUmLtNkiP/GR7Jn9TUwZuuTO8C7067c+YHyG+tHAWVoLfLeGVN9N06oDA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Ensure the futex value fits in the given futex size. Since this adds a constraint to an existing syscall, it might possibly change behaviour. Currently the value would be truncated to a u32 and any high bits would get silently lost. Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Thomas Gleixner --- kernel/futex/futex.h | 10 ++++++++++ kernel/futex/syscalls.c | 3 +++ 2 files changed, 13 insertions(+) Index: linux-2.6/kernel/futex/futex.h =================================================================== --- linux-2.6.orig/kernel/futex/futex.h +++ linux-2.6/kernel/futex/futex.h @@ -85,6 +85,16 @@ static inline bool futex_flags_valid(uns return true; } +static inline bool futex_validate_input(unsigned int flags, u64 val) +{ + int bits = 8 * futex_size(flags); + + if (bits < 64 && (val >> bits)) + return false; + + return true; +} + #ifdef CONFIG_FAIL_FUTEX extern bool should_fail_futex(bool fshared); #else Index: linux-2.6/kernel/futex/syscalls.c =================================================================== --- linux-2.6.orig/kernel/futex/syscalls.c +++ linux-2.6/kernel/futex/syscalls.c @@ -209,6 +209,9 @@ static int futex_parse_waitv(struct fute if (!futex_flags_valid(flags)) return -EINVAL; + if (!futex_validate_input(flags, aux.val)) + return -EINVAL; + futexv[i].w.flags = flags; futexv[i].w.val = aux.val; futexv[i].w.uaddr = aux.uaddr;