Technically, it might be possible for struct pstore_info to go out of
scope after the module_put(), so report the backend name first.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/platform.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/
When built as a module and running with update_ms >= 0, pstore will Oops
during module unload since the work timer is still running. This makes sure
the worker is stopped before unloading.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Cc: sta...@vger.kernel.org
---
fs/pstore/platfo
3 ("pstore: Correctly initialize spinlock and flags")
Signed-off-by: Kees Cook <keesc...@chromium.org>
Cc: sta...@vger.kernel.org
---
fs/pstore/ram_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/pstore/ram_core.c b/fs/pstore/ram_core.c
index bc927e3
For a long time I've been bothered by the complexity of argument passing
in the pstore internals, which makes understanding things and changing
things extremely fragile.
With the proposal of a new backend (EPI capsules), and my attempts to
reorganize things for the proposed multiple-pmsg
Uncommon errors are better to get reported to dmesg so developers can
more easily figure out why pstore is unhappy with a backend attempting
to register.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
fs/pstore/platform.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
gt; Cc: Kumar Gala <ga...@kernel.crashing.org>
> Cc: Daniel Cashman <dcash...@android.com>
> Signed-off-by: Bhupesh Sharma <bhsha...@redhat.com>
> Reviewed-by: Kees Cook
This " at " should be "@", but otherwise, yay v2! :)
-Kees
--
Kees Cook
Pixel Security
On Thu, Feb 2, 2017 at 10:08 AM, Bhupesh Sharma <bhsha...@redhat.com> wrote:
> On Thu, Feb 2, 2017 at 7:51 PM, Kees Cook <keesc...@chromium.org> wrote:
>> On Wed, Feb 1, 2017 at 9:42 PM, Bhupesh Sharma <bhsha...@redhat.com> wrote:
>>> The 2nd patch incr
llerman <m...@ellerman.id.au>
> Cc: Anatolij Gustschin <ag...@denx.de>
> Cc: Alistair Popple <alist...@popple.id.au>
> Cc: Matt Porter <mpor...@kernel.crashing.org>
> Cc: Vitaly Bordug <v...@kernel.crashing.org>
> Cc: Scott Wood <o...@buserror.net>
&
with stack
and mmap randomization. 0x2000 is way better since it randomizes
up from there towards the mmap area.
Is there a reason to avoid the 32-bit memory range for the ELF addresses?
-Kees
--
Kees Cook
Pixel Security
ent the same for PPC64 in upstream.
>
> Sorry for the long mail, but would really appreciate if someone can
> help me understand the details here.
Hopefully this helped a bit. I would literally draw out the memory
map, and double-check nothing can collide at your max values.
-Kees
--
Kees Cook
Nexus Security
mmon.h, upstream gcc moved it under c-family in
> 2010 after the release of 4.5, so it should be where gcc-common.h expects
> it and i'm not sure how it ended up at its old location for you.
That is rather odd. What distro was the PPC test done on? (Or were
these manually built gcc versions?)
-Kees
--
Kees Cook
Nexus Security
that are executable
> if the load header requests that.
>
> The patch was originally posted in 2012 by Jason Gunthorpe
> and apparently ignored:
>
> https://lkml.org/lkml/2012/9/30/138
>
> Lightly run-tested.
>
> Signed-off-by: Jason Gunthorpe <jguntho...@obsidianrese
t; I think it's best to take this through powerpc#next with an ACK from
> Kees/Emese?
That would be fine by me. Please consider the whole series:
Acked-by: Kees Cook <keesc...@chromium.org>
Thanks!
-Kees
> ---
> arch/powerpc/Kconfig | 1 +
> scripts/Makefile.gcc-pl
On Tue, Nov 15, 2016 at 2:45 PM, Andrew Donnellan
<andrew.donnel...@au1.ibm.com> wrote:
> On 16/11/16 09:41, Kees Cook wrote:
>>
>> Just checking in: did these patches materialize? I'd love to see
>> plugins working on v4.10 for ppc.
>
>
> Working on it!
>
enable plugins on powerpc once I get
> that sorted.
>
> (In future please remember to cc linuxppc-dev.)
Just checking in: did these patches materialize? I'd love to see
plugins working on v4.10 for ppc.
-Kees
--
Kees Cook
Nexus Security
d apparently ignored:
>
> https://lkml.org/lkml/2012/9/30/138
>
> Lightly run-tested.
>
> Signed-off-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
> Signed-off-by: Denys Vlasenko <dvlas...@redhat.com>
> Acked-by: Kees Cook <keesc...@chromium.org>
>
Hi,
Jason just reminded me about this patch. :)
Denys, can you resend a v7 with all the Acked/Reviewed/Tested-bys
added and send it To: akpm, with everyone else (and lkml) in CC? That
should be the easiest way for Andrew to pick it up.
Thanks!
-Kees
On Mon, Oct 24, 2016 at 5:17 PM, Kees Cook
On Thu, Oct 20, 2016 at 3:45 PM, Jason Gunthorpe
<jguntho...@obsidianresearch.com> wrote:
> On Tue, Oct 04, 2016 at 09:54:12AM -0700, Kees Cook wrote:
>> On Mon, Oct 3, 2016 at 5:18 PM, Michael Ellerman <m...@ellerman.id.au> wrote:
>> > Kees Cook <keesc...@chromi
ebug("Attempting to remove CPU %s, drc index: %x\n",
> dn->name, drc_index);
>
> rc = dlpar_offline_cpu(dn);
> --
> 2.9.3
Reviewed-by: Kees Cook <keesc...@chromium.org>
scripts/spelling.txt should likely get an addition for "attemping". It
already has "attemps"...
-Kees
--
Kees Cook
Nexus Security
On Mon, Oct 3, 2016 at 5:18 PM, Michael Ellerman <m...@ellerman.id.au> wrote:
> Kees Cook <keesc...@chromium.org> writes:
>
>> On Mon, Oct 3, 2016 at 9:13 AM, Denys Vlasenko <dvlas...@redhat.com> wrote:
>>> On 32-bit powerpc the ELF PLT sec
d apparently ignored:
>
> https://lkml.org/lkml/2012/9/30/138
>
> Lightly run-tested.
>
> Signed-off-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
> Signed-off-by: Denys Vlasenko <dvlas...@redhat.com>
> Acked-by: Kees Cook <keesc...@chromium.org>
>
t;> Stop doing that.
>>
>> Teach the ELF loader to check the X bit in the relevant load header
>> and create 0 filled anonymous mappings that are executable
>> if the load header requests that.
> ...
>>
>> Signed-off-by: Jason Gunthorpe <jguntho...@obsidi
sted in 2012 by Jason Gunthorpe
> and apparently ignored:
>
> https://lkml.org/lkml/2012/9/30/138
>
> Lightly run-tested.
>
> Signed-off-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
> Signed-off-by: Denys Vlasenko <dvlas...@redhat.com>
> CC: Benjamin Herr
d apparently ignored:
>
> https://lkml.org/lkml/2012/9/30/138
>
> Lightly run-tested.
>
> Signed-off-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
> Signed-off-by: Denys Vlasenko <dvlas...@redhat.com>
> CC: Benjamin Herrenschmidt <b...@kernel
69f..3564477b8c2d 100644
> --- a/drivers/misc/lkdtm_rodata.c
> +++ b/drivers/misc/lkdtm_rodata.c
> @@ -4,7 +4,7 @@
> */
> #include "lkdtm.h"
>
> -void lkdtm_rodata_do_nothing(void)
> +void notrace lkdtm_rodata_do_nothing(void)
> {
>
On Mon, Aug 1, 2016 at 8:12 PM, Michael Ellerman <m...@ellerman.id.au> wrote:
> Kees Cook <keesc...@chromium.org> writes:
>
>> On Mon, Aug 1, 2016 at 5:37 AM, Michael Ellerman <m...@ellerman.id.au> wrote:
>>> Kees Cook <keesc...@chromium.org> wri
On Mon, Aug 1, 2016 at 5:37 AM, Michael Ellerman <m...@ellerman.id.au> wrote:
> Kees Cook <keesc...@chromium.org> writes:
>
>> This adds a function that lives in the .rodata section. The section
>> flags are corrected using objcopy since there is no way with g
On Mon, Jul 25, 2016 at 7:03 PM, Michael Ellerman <m...@ellerman.id.au> wrote:
> Josh Poimboeuf <jpoim...@redhat.com> writes:
>
>> On Thu, Jul 21, 2016 at 11:34:25AM -0700, Kees Cook wrote:
>>> On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman <m...@ellerma
On Mon, Jul 25, 2016 at 12:16 PM, Laura Abbott <labb...@redhat.com> wrote:
> On 07/20/2016 01:27 PM, Kees Cook wrote:
>>
>> Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
>> SLUB allocator to catch any copies that may span objects. Include
On Fri, Jul 22, 2016 at 5:36 PM, Laura Abbott <labb...@redhat.com> wrote:
> On 07/20/2016 01:26 PM, Kees Cook wrote:
>>
>> Hi,
>>
>> [This is now in my kspp -next tree, though I'd really love to add some
>> additional explicit Tested-bys, Reviewed-bys, or Ack
On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman <m...@ellerman.id.au> wrote:
> Kees Cook <keesc...@chromium.org> writes:
>
>> diff --git a/mm/usercopy.c b/mm/usercopy.c
>> new file mode 100644
>> index ..e4bf4e7ccdf6
>> --- /dev/nul
Enables CONFIG_HARDENED_USERCOPY checks on s390.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/s390/Kconfig | 1 +
arch/s390/lib/uaccess.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index a8c259059adf..9f694311c9ed
Enables CONFIG_HARDENED_USERCOPY checks on sparc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/sparc/Kconfig | 1 +
arch/sparc/include/asm/uaccess_32.h | 14 ++
arch/sparc/include/asm/uaccess_64.
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLUB allocator to catch any copies that may span objects. Includes a
redzone handling fix discovered by Michael Ellerman.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLAB allocator to catch any copies that may span objects.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-by: Valdis Kletnieks <valdis.kletni...@vt.edu>
---
init/
process stack
- object must be contained by a valid stack frame (when there is
arch/build support for identifying stack frames)
- object must not overlap with kernel text
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-by: Valdis Kletnieks <valdis.kletni...@vt.edu>
Tested
Enables CONFIG_HARDENED_USERCOPY checks on powerpc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-by: Michael Ellerman <m...@ellerman.id.au>
---
arch/powerpc/Kconfig | 1 +
arch/powerpc/include/asm/ua
Enables CONFIG_HARDENED_USERCOPY checks on ia64.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/ia64/Kconfig | 1 +
arch/ia64/include/asm/uaccess.h | 18 +++---
2 files changed, 16 insertions(+), 3 deletions(-)
Enables CONFIG_HARDENED_USERCOPY checks on arm64. As done by KASAN in -next,
renames the low-level functions to __arch_copy_*_user() so a static inline
can do additional work before the copy.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm64/Kconfig | 1 +
arch
Enables CONFIG_HARDENED_USERCOPY checks on arm.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm/Kconfig | 1 +
arch/arm/include/asm/uaccess.h | 11 +--
2 files changed, 10 insertions(+), 2 deletions(-)
diff
Enables CONFIG_HARDENED_USERCOPY checks on x86. This is done both in
copy_*_user() and __copy_*_user() because copy_*_user() actually calls
down to _copy_*_user() and not __copy_*_user().
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-by:
edhat.com>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
include/linux/mmzone.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
index 02069c23486d..c8478b29f070 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone
Hi,
[This is now in my kspp -next tree, though I'd really love to add some
additional explicit Tested-bys, Reviewed-bys, or Acked-bys. If you've
looked through any part of this or have done any testing, please consider
sending an email with your "*-by:" line. :)]
This is a start of the mainline
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/K
On Wed, Jul 20, 2016 at 9:02 AM, David Laight <david.lai...@aculab.com> wrote:
> From: Kees Cook
>> Sent: 20 July 2016 16:32
> ...
>> Yup: that's exactly what it's doing: walking up the stack. :)
>
> Remind me to make sure all our customers run kernels with it
On Wed, Jul 20, 2016 at 2:52 AM, David Laight <david.lai...@aculab.com> wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be withi
On Tue, Jul 19, 2016 at 12:12 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Mon, Jul 18, 2016 at 6:52 PM, Laura Abbott <labb...@redhat.com> wrote:
>> On 07/15/2016 02:44 PM, Kees Cook wrote:
>>> +static inline const char *check_heap_object(const
is_migrate_cma(migratetype) false
> +# define is_migrate_cma_page(_page) false
> #endif
>
> #define for_each_migratetype_order(order, type) \
> --
> 2.7.4
>
--
Kees Cook
Chrome OS & Brillo Security
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
On Tue, Jul 19, 2016 at 1:14 PM, Christian Borntraeger
<borntrae...@de.ibm.com> wrote:
> On 07/19/2016 09:31 PM, Kees Cook wrote:
>> On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger
>> <borntrae...@de.ibm.com> wrote:
>>> On 07/15/2016 11:
On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger
<borntrae...@de.ibm.com> wrote:
> On 07/15/2016 11:44 PM, Kees Cook wrote:
>> +config HAVE_ARCH_LINEAR_KERNEL_MAPPING
>> + bool
>> + help
>> + An architecture should select this if it has a se
On Mon, Jul 18, 2016 at 6:52 PM, Laura Abbott <labb...@redhat.com> wrote:
> On 07/15/2016 02:44 PM, Kees Cook wrote:
>>
>> This is the start of porting PAX_USERCOPY into the mainline kernel. This
>> is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. T
On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott <labb...@redhat.com> wrote:
> On 07/15/2016 02:44 PM, Kees Cook wrote:
>>
>> This is the start of porting PAX_USERCOPY into the mainline kernel. This
>> is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. T
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLUB allocator to catch any copies that may span objects. Includes a
redzone handling fix discovered by Michael Ellerman.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLAB allocator to catch any copies that may span objects.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-By: Valdis Kletnieks <valdis.kletni...@vt.edu>
---
init/
Enables CONFIG_HARDENED_USERCOPY checks on sparc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/sparc/Kconfig | 1 +
arch/sparc/include/asm/uaccess_32.h | 14 ++
arch/sparc/include/asm/uaccess_64.
Enables CONFIG_HARDENED_USERCOPY checks on s390.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/s390/Kconfig | 1 +
arch/s390/lib/uaccess.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index a8c259059adf..9f694311c9ed
Enables CONFIG_HARDENED_USERCOPY checks on ia64.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/ia64/Kconfig | 1 +
arch/ia64/include/asm/uaccess.h | 18 +++---
2 files changed, 16 insertions(+), 3 deletions(-)
Enables CONFIG_HARDENED_USERCOPY checks on powerpc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-by: Michael Ellerman <m...@ellerman.id.au>
---
arch/powerpc/Kconfig | 1 +
arch/powerpc/include/asm/ua
Enables CONFIG_HARDENED_USERCOPY checks on x86. This is done both in
copy_*_user() and __copy_*_user() because copy_*_user() actually calls
down to _copy_*_user() and not __copy_*_user().
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-By:
Enables CONFIG_HARDENED_USERCOPY checks on arm64. As done by KASAN in -next,
renames the low-level functions to __arch_copy_*_user() so a static inline
can do additional work before the copy.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm64/Kconfig | 2 ++
by the current stack frame (when there is
arch/build support for identifying stack frames)
- object must not overlap with kernel text
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-By: Valdis Kletnieks <valdis.kletni...@vt.edu>
Tested-by: Michael Ellerman <m...@ellerman.i
Hi,
[I'm going to carry this series in my kspp -next tree now, though I'd
really love to have some explicit Acked-bys or Reviewed-bys. If you've
looked through it or tested it, please consider it. :) (I added Valdis
and mpe's Tested-bys where they seemed correct, thank you!)]
This is a start of
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/K
Enables CONFIG_HARDENED_USERCOPY checks on arm.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm/Kconfig | 1 +
arch/arm/include/asm/uaccess.h | 11 +--
2 files changed, 10 insertions(+), 2 deletions(-)
diff
he
> exploit handling could be done separately from this without actually
> needing special treatment for USERCOPY. Could expose is as something
> like panic_on_oops=2 as a balance between the existing options.
I'm also uncomfortable about BUG() being removed by unsetting
CONFIG_BUG, but that
s works.
I'd like it to dump stack and be fatal to the process involved, but
yeah, I guess BUG() would work. Creating an infrastructure for
handling security-related Oopses can be done separately from this (and
I'd like to see that added, since it's a nice bit of configurable
reactivity to possible at
On Thu, Jul 14, 2016 at 9:05 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Thu, Jul 14, 2016 at 6:41 PM, Balbir Singh <bsinghar...@gmail.com> wrote:
>> On Thu, Jul 14, 2016 at 09:04:18PM -0400, Rik van Riel wrote:
>>> On Fri, 2016-07-15 at 0
On Thu, Jul 14, 2016 at 7:05 PM, Balbir Singh <bsinghar...@gmail.com> wrote:
> On Wed, Jul 13, 2016 at 02:56:04PM -0700, Kees Cook wrote:
>> Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
>> SLUB allocator to catch any copies that may span objects.
On Thu, Jul 14, 2016 at 4:20 PM, Balbir Singh <bsinghar...@gmail.com> wrote:
> On Wed, Jul 13, 2016 at 02:55:55PM -0700, Kees Cook wrote:
>> [...]
>> +++ b/mm/usercopy.c
>> @@ -0,0 +1,219 @@
>> [...]
>> +/*
>> + * Checks if a given pointer and length i
kay with expanding the test -- it should be an extremely rare
situation already since the common Reserved areas (kernel data) will
have already been explicitly tested.
What's the best way to do "next page"? Should it just be:
for ( ; page <= endpage ; ptr += PAGE_SIZE, page = virt_to_head_page(ptr) ) {
if (!PageReserved(page))
return "";
}
return NULL;
?
--
Kees Cook
Chrome OS & Brillo Security
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
On Thu, Jul 14, 2016 at 12:23 PM, Josh Poimboeuf <jpoim...@redhat.com> wrote:
> On Thu, Jul 14, 2016 at 11:10:18AM -0700, Kees Cook wrote:
>> On Wed, Jul 13, 2016 at 10:48 PM, Josh Poimboeuf <jpoim...@redhat.com> wrote:
>> > On Wed, Jul 13, 2016 at 03:04:26PM -0700,
On Wed, Jul 13, 2016 at 10:48 PM, Josh Poimboeuf <jpoim...@redhat.com> wrote:
> On Wed, Jul 13, 2016 at 03:04:26PM -0700, Kees Cook wrote:
>> On Wed, Jul 13, 2016 at 3:01 PM, Andy Lutomirski <l...@amacapital.net> wrote:
>> > On Wed, Jul 13, 2016 at 2:55 PM, Kees Cook
On Wed, Jul 13, 2016 at 3:01 PM, Andy Lutomirski <l...@amacapital.net> wrote:
> On Wed, Jul 13, 2016 at 2:55 PM, Kees Cook <keesc...@chromium.org> wrote:
>> This creates per-architecture function arch_within_stack_frames() that
>> should validate if a given object is
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLUB allocator to catch any copies that may span objects. Includes a
redzone handling fix from Michael Ellerman.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
init/Kconfi
Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
SLAB allocator to catch any copies that may span objects.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
init/Kconfig | 1 +
mm/slab.c| 30 +++
Enables CONFIG_HARDENED_USERCOPY checks on s390.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/s390/Kconfig | 1 +
arch/s390/lib/uaccess.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index a8c259059adf..9f694311c9ed
Enables CONFIG_HARDENED_USERCOPY checks on sparc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/sparc/Kconfig | 1 +
arch/sparc/include/asm/uaccess_32.h | 14 ++
arch/sparc/include/asm/uaccess_64.
Enables CONFIG_HARDENED_USERCOPY checks on powerpc.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/powerpc/Kconfig | 1 +
arch/powerpc/include/asm/uaccess.h | 21 +++--
2 files changed, 20 insertions
Enables CONFIG_HARDENED_USERCOPY checks on ia64.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/ia64/Kconfig | 1 +
arch/ia64/include/asm/uaccess.h | 18 +++---
2 files changed, 16 insertions(+), 3 deletions(-)
Enables CONFIG_HARDENED_USERCOPY checks on arm64. As done by KASAN in -next,
renames the low-level functions to __arch_copy_*_user() so a static inline
can do additional work before the copy.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm64/Kconfig | 2 ++
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/K
Enables CONFIG_HARDENED_USERCOPY checks on arm.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm/Kconfig | 1 +
arch/arm/include/asm/uaccess.h | 11 +--
2 files changed, 10 insertions(+), 2 deletions(-)
diff
by the current stack frame (when there is
arch/build support for identifying stack frames)
- object must not overlap with kernel text
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/Kconfig| 7 ++
include/linux/slab.h| 12 +++
include/linux/thread_
Enables CONFIG_HARDENED_USERCOPY checks on x86. This is done both in
copy_*_user() and __copy_*_user() because copy_*_user() actually calls
down to _copy_*_user() and not __copy_*_user().
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
ar
Hi,
This is a start of the mainline port of PAX_USERCOPY[1]. After I started
writing tests (now in lkdtm in -next) for Casey's earlier port[2], I
kept tweaking things further and further until I ended up with a whole
new patch series. To that end, I took Rik's feedback and made a number
of other
In contrast, if I put
> something in .rodata (using 'const', for example), then I must not
> write it *at all* unless I use special helpers (kmap, pax_open_kernel,
> etc). So the practical effect from a programer's perspective of
> __ro_after_init is quite different from .rodata, a
the remaining pieces from PaX,
> such as module handling and not-always-const-in-the-C-sense objects and
> associated
> accessors.
Do you mean the rest of the KERNEXEC (hopefully I'm not confusing
implementation names) code that uses pax_open/close_kernel()? I expect
that to be a gradual addition too, and I'd love participation to get
it and the constify plugin into the kernel.
-Kees
--
Kees Cook
Chrome OS & Brillo Security
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
cker or bugs in the code using the cfq_io_cq cache. I suspect the
former. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
On Sat, Jul 9, 2016 at 1:25 AM, Ard Biesheuvel
<ard.biesheu...@linaro.org> wrote:
> On 9 July 2016 at 04:22, Laura Abbott <labb...@redhat.com> wrote:
>> On 07/06/2016 03:25 PM, Kees Cook wrote:
>>>
>>> Hi,
>>>
>>> This is a start of the main
On Fri, Jul 8, 2016 at 7:22 PM, Laura Abbott <labb...@redhat.com> wrote:
> On 07/06/2016 03:25 PM, Kees Cook wrote:
>>
>> Hi,
>>
>> This is a start of the mainline port of PAX_USERCOPY[1]. After I started
>> writing tests (now in lkdtm in -next) for Case
On Fri, Jul 8, 2016 at 1:41 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Fri, Jul 8, 2016 at 12:20 PM, Christoph Lameter <c...@linux.com> wrote:
>> On Fri, 8 Jul 2016, Kees Cook wrote:
>>
>>> Is check_valid_pointer() making sure the pointer is within
On Fri, Jul 8, 2016 at 12:20 PM, Christoph Lameter <c...@linux.com> wrote:
> On Fri, 8 Jul 2016, Kees Cook wrote:
>
>> Is check_valid_pointer() making sure the pointer is within the usable
>> size? It seemed like it was checking that it was within the slub
>> object
in slab object. */
offset = (ptr - page_address(page)) % s->size;
/* Adjust offset for meta data and padding. */
offset -= s->size - s->object_size;
/* Make sure offset and size are within bounds of the
allocation size. */
if (offset <= s->o
On Thu, Jul 7, 2016 at 12:35 AM, Michael Ellerman <m...@ellerman.id.au> wrote:
> Kees Cook <keesc...@chromium.org> writes:
>
>> Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
>> SLUB allocator to catch any copies that may span objects
On Thu, Jul 7, 2016 at 12:35 PM, Rik van Riel <r...@redhat.com> wrote:
> On Wed, 2016-07-06 at 15:25 -0700, Kees Cook wrote:
>>
>> + /* Allow kernel rodata region (if not marked as Reserved).
>> */
>> + if (ptr >= (const void *)__start_rodat
On Thu, Jul 7, 2016 at 4:01 AM, Arnd Bergmann <a...@arndb.de> wrote:
> On Wednesday, July 6, 2016 3:25:20 PM CEST Kees Cook wrote:
>> This is the start of porting PAX_USERCOPY into the mainline kernel. This
>> is the first set of features, controlled by CONFIG_HARDENED_
On Thu, Jul 7, 2016 at 3:42 AM, Thomas Gleixner <t...@linutronix.de> wrote:
> On Wed, 6 Jul 2016, Kees Cook wrote:
>> +
>> +#if defined(CONFIG_FRAME_POINTER) && defined(CONFIG_X86)
>> + const void *frame = NULL;
>> + const void *oldframe;
>>
On Thu, Jul 7, 2016 at 3:30 AM, Christian Borntraeger
<borntrae...@de.ibm.com> wrote:
> On 07/07/2016 12:25 AM, Kees Cook wrote:
>> Hi,
>>
>> This is a start of the mainline port of PAX_USERCOPY[1]. After I started
>> writing tests (now in lkdtm in -next) for C
On Thu, Jul 7, 2016 at 1:37 AM, Baruch Siach <bar...@tkos.co.il> wrote:
> Hi Kees,
>
> On Wed, Jul 06, 2016 at 03:25:20PM -0700, Kees Cook wrote:
>> +#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR
>
> Should be CONFIG_HARDENED_USERCOPY to match the slab/slub implementati
On Thu, Jul 7, 2016 at 6:07 AM, Mark Rutland <mark.rutl...@arm.com> wrote:
> Hi,
>
> On Wed, Jul 06, 2016 at 03:25:23PM -0700, Kees Cook wrote:
>> Enables CONFIG_HARDENED_USERCOPY checks on arm64. As done by KASAN in -next,
>> renames the low-level functions to __arc
501 - 600 of 739 matches
Mail list logo