can't find file to patch at input line 118 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |From patchwork Fri Nov 26 13:47:56 2021 |Content-Type: text/plain; charset="utf-8" |MIME-Version: 1.0 |Content-Transfer-Encoding: 7bit |X-Patchwork-Submitter: Florian Weimer |X-Patchwork-Id: 48190 |Return-Path: |X-Original-To: patchwork@sourceware.org |Delivered-To: patchwork@sourceware.org |Received: from server2.sourceware.org (localhost [IPv6:::1]) | by sourceware.org (Postfix) with ESMTP id 7673D3857C60 | for ; Fri, 26 Nov 2021 13:48:51 +0000 (GMT) |DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7673D3857C60 |DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; | s=default; t=1637934531; | bh=WwYQ7F2CqzhPk2lJPhddOTuMfrMggW7rI+rRosPHGKA=; | h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: | List-Help:List-Subscribe:From:Reply-To:Cc:From; | b=EXVA5Ti44ys4+F0/LYXUxl7myO/b+ELqScGqykL/lMAP7TaPOzaV9rvfdUv6CRWlg | yPGRFF2dU70vP4PR10m86NWBKFrjPVdHsAlBQA4wIKOJYh4xbZ+12QaAKKUNKngh6x | +KCb4Oas9bD2eVpeNPq2rOUeMCZi9QooJq4vshnI= |X-Original-To: libc-alpha@sourceware.org |Delivered-To: libc-alpha@sourceware.org |Received: from us-smtp-delivery-124.mimecast.com | (us-smtp-delivery-124.mimecast.com [170.10.129.124]) | by sourceware.org (Postfix) with ESMTPS id 56CC63857C43 | for ; Fri, 26 Nov 2021 13:48:08 +0000 (GMT) |DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 56CC63857C43 |Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com | [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS | (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id | us-mta-107-nG_FYKkBNsOi8ILvr2VO_A-1; Fri, 26 Nov 2021 08:48:04 -0500 |X-MC-Unique: nG_FYKkBNsOi8ILvr2VO_A-1 |Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com | [10.5.11.16]) | (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) | (No client certificate requested) | by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1760781EE6D; | Fri, 26 Nov 2021 13:48:02 +0000 (UTC) |Received: from oldenburg.str.redhat.com (unknown [10.39.192.29]) | by smtp.corp.redhat.com (Postfix) with ESMTPS id 42A621E6; | Fri, 26 Nov 2021 13:47:57 +0000 (UTC) |To: linux-arch@vger.kernel.org, linux-api@vger.kernel.org, | linux-x86_64@vger.kernel.org, kernel-hardening@lists.openwall.com |Subject: [PATCH] x86: Implement arch_prctl(ARCH_VSYSCALL_LOCKOUT) to disable | vsyscall |Date: Fri, 26 Nov 2021 14:47:56 +0100 |Message-ID: <87h7bzjaer.fsf@oldenburg.str.redhat.com> |User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |MIME-Version: 1.0 |X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 |X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, | DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, | RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, | SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 |X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on | server2.sourceware.org |X-BeenThere: libc-alpha@sourceware.org |X-Mailman-Version: 2.1.29 |Precedence: list |List-Id: Libc-alpha mailing list |List-Unsubscribe: , | |List-Archive: |List-Post: |List-Help: |List-Subscribe: , | |X-Patchwork-Original-From: Florian Weimer via Libc-alpha | |From: Florian Weimer |Reply-To: Florian Weimer |Cc: libc-alpha@sourceware.org, Kees Cook , | linux-mm@kvack.org, x86@kernel.org, musl@lists.openwall.com, | linux-kernel@vger.kernel.org, Dave Hansen , | Andy Lutomirski |Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org |Sender: "Libc-alpha" | | |Distributions struggle with changing the default for vsyscall |emulation because it is a clear break of userspace ABI, something |that should not happen. | |The legacy vsyscall interface is supposed to be used by libcs only, |not by applications. This commit adds a new arch_prctl request, |ARCH_VSYSCALL_LOCKOUT. Newer libcs can adopt this request to signal |to the kernel that the process does not need vsyscall emulation. |The kernel can then disable it for the remaining lifetime of the |process. Legacy libcs do not perform this call, so vsyscall remains |enabled for them. This approach should achieves backwards |compatibility (perfect compatibility if the assumption that only libcs |use vsyscall is accurate), and it provides full hardening for new |binaries. | |The chosen value of ARCH_VSYSCALL_LOCKOUT should avoid conflicts |with outher x86-64 arch_prctl requests. | |Future arch_prctls requests commonly used at process startup can imply |vsyscall lockout, so that a separate system call for the lockout is |not needed. | |Signed-off-by: Florian Weimer |--- | arch/x86/entry/vsyscall/vsyscall_64.c | 6 + | arch/x86/include/asm/mmu.h | 6 + | arch/x86/include/uapi/asm/prctl.h | 2 + | arch/x86/kernel/process_64.c | 5 + | tools/arch/x86/include/uapi/asm/prctl.h | 2 + | tools/testing/selftests/x86/Makefile | 13 +- | tools/testing/selftests/x86/vsyscall_lockout.c | 431 +++++++++++++++++++++++++ | 7 files changed, 462 insertions(+), 3 deletions(-) | |diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c |index 0b6b277ee050..ac176481cbdf 100644 |--- a/arch/x86/entry/vsyscall/vsyscall_64.c |+++ b/arch/x86/entry/vsyscall/vsyscall_64.c -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 135 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h |index 5d7494631ea9..59ddac5ad2e7 100644 |--- a/arch/x86/include/asm/mmu.h |+++ b/arch/x86/include/asm/mmu.h -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 152 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h |index 754a07856817..6f2b17ec4798 100644 |--- a/arch/x86/include/uapi/asm/prctl.h |+++ b/arch/x86/include/uapi/asm/prctl.h -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 163 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |index 3402edec236c..eaabd365aa63 100644 |--- a/arch/x86/kernel/process_64.c |+++ b/arch/x86/kernel/process_64.c -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 179 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/tools/arch/x86/include/uapi/asm/prctl.h b/tools/arch/x86/include/uapi/asm/prctl.h |index 754a07856817..6f2b17ec4798 100644 |--- a/tools/arch/x86/include/uapi/asm/prctl.h |+++ b/tools/arch/x86/include/uapi/asm/prctl.h -------------------------- No file to patch. Skipping patch. 1 out of 1 hunk ignored can't find file to patch at input line 190 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile |index 8a1f62ab3c8e..2269429b77e0 100644 |--- a/tools/testing/selftests/x86/Makefile |+++ b/tools/testing/selftests/x86/Makefile -------------------------- No file to patch. Skipping patch. 3 out of 3 hunks ignored patching file tools/testing/selftests/x86/vsyscall_lockout.c