Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-25 Thread Kees Cook
On Mon, Jul 25, 2016 at 7:03 PM, Michael Ellerman wrote: > Josh Poimboeuf writes: > >> On Thu, Jul 21, 2016 at 11:34:25AM -0700, Kees Cook wrote: >>> On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman >>> wrote: >>> > Kees Cook

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-25 Thread Kees Cook
On Mon, Jul 25, 2016 at 7:03 PM, Michael Ellerman wrote: > Josh Poimboeuf writes: > >> On Thu, Jul 21, 2016 at 11:34:25AM -0700, Kees Cook wrote: >>> On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman >>> wrote: >>> > Kees Cook writes: >>> > >>> >> diff --git a/mm/usercopy.c b/mm/usercopy.c

RE: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-25 Thread Michael Ellerman
David Laight writes: > From: Josh Poimboeuf >> Sent: 22 July 2016 18:46 >> > >> > e.g. then if the pointer was in the thread_info, the second test would >> > fail, triggering the protection. >> >> FWIW, this won't work right on x86 after Andy's >>

RE: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-25 Thread Michael Ellerman
David Laight writes: > From: Josh Poimboeuf >> Sent: 22 July 2016 18:46 >> > >> > e.g. then if the pointer was in the thread_info, the second test would >> > fail, triggering the protection. >> >> FWIW, this won't work right on x86 after Andy's >> CONFIG_THREAD_INFO_IN_TASK patches get merged.

RE: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-25 Thread David Laight
From: Josh Poimboeuf > Sent: 22 July 2016 18:46 .. > > >> +/* > > >> + * Checks if a given pointer and length is contained by the current > > >> + * stack frame (if possible). > > >> + * > > >> + * 0: not at all on the stack > > >> + * 1: fully within a valid stack frame > > >> + * 2: fully

RE: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-25 Thread David Laight
From: Josh Poimboeuf > Sent: 22 July 2016 18:46 .. > > >> +/* > > >> + * Checks if a given pointer and length is contained by the current > > >> + * stack frame (if possible). > > >> + * > > >> + * 0: not at all on the stack > > >> + * 1: fully within a valid stack frame > > >> + * 2: fully

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-22 Thread Josh Poimboeuf
On Thu, Jul 21, 2016 at 11:34:25AM -0700, Kees Cook wrote: > On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman > wrote: > > Kees Cook writes: > > > >> diff --git a/mm/usercopy.c b/mm/usercopy.c > >> new file mode 100644 > >> index

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-22 Thread Josh Poimboeuf
On Thu, Jul 21, 2016 at 11:34:25AM -0700, Kees Cook wrote: > On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman > wrote: > > Kees Cook writes: > > > >> diff --git a/mm/usercopy.c b/mm/usercopy.c > >> new file mode 100644 > >> index ..e4bf4e7ccdf6 > >> --- /dev/null > >> +++

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-21 Thread Kees Cook
On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman wrote: > Kees Cook writes: > >> diff --git a/mm/usercopy.c b/mm/usercopy.c >> new file mode 100644 >> index ..e4bf4e7ccdf6 >> --- /dev/null >> +++ b/mm/usercopy.c >> @@ -0,0 +1,234 @@ > ...

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-21 Thread Kees Cook
On Wed, Jul 20, 2016 at 11:52 PM, Michael Ellerman wrote: > Kees Cook writes: > >> diff --git a/mm/usercopy.c b/mm/usercopy.c >> new file mode 100644 >> index ..e4bf4e7ccdf6 >> --- /dev/null >> +++ b/mm/usercopy.c >> @@ -0,0 +1,234 @@ > ... >> + >> +/* >> + * Checks if a given

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-20 Thread Laura Abbott
On 07/20/2016 03:24 AM, Balbir Singh wrote: On Tue, 2016-07-19 at 11:48 -0700, Kees Cook wrote: On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote: On 07/15/2016 02:44 PM, Kees Cook wrote: This doesn't work when copying CMA allocated memory since CMA purposely allocates

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-20 Thread Laura Abbott
On 07/20/2016 03:24 AM, Balbir Singh wrote: On Tue, 2016-07-19 at 11:48 -0700, Kees Cook wrote: On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote: On 07/15/2016 02:44 PM, Kees Cook wrote: This doesn't work when copying CMA allocated memory since CMA purposely allocates larger than a page

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-20 Thread Balbir Singh
On Tue, 2016-07-19 at 11:48 -0700, Kees Cook wrote: > On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote: > >  > > On 07/15/2016 02:44 PM, Kees Cook wrote: > >  > > This doesn't work when copying CMA allocated memory since CMA purposely > > allocates larger than a page block

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-20 Thread Balbir Singh
On Tue, 2016-07-19 at 11:48 -0700, Kees Cook wrote: > On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote: > >  > > On 07/15/2016 02:44 PM, Kees Cook wrote: > >  > > This doesn't work when copying CMA allocated memory since CMA purposely > > allocates larger than a page block size without setting

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Tue, Jul 19, 2016 at 12:12 PM, Kees Cook wrote: > On Mon, Jul 18, 2016 at 6:52 PM, Laura Abbott wrote: >> On 07/15/2016 02:44 PM, Kees Cook wrote: >>> +static inline const char *check_heap_object(const void *ptr, unsigned >>> long n, >>> +

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Tue, Jul 19, 2016 at 12:12 PM, Kees Cook wrote: > On Mon, Jul 18, 2016 at 6:52 PM, Laura Abbott wrote: >> On 07/15/2016 02:44 PM, Kees Cook wrote: >>> +static inline const char *check_heap_object(const void *ptr, unsigned >>> long n, >>> + bool

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Christian Borntraeger
On 07/19/2016 10:34 PM, Kees Cook wrote: [...] >> >> So what about for the CONFIG text: >> >>An architecture should select this if the kernel mapping has a >> secondary >>linear mapping of the kernel text - in other words more than one >> virtual >>kernel address that

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Christian Borntraeger
On 07/19/2016 10:34 PM, Kees Cook wrote: [...] >> >> So what about for the CONFIG text: >> >>An architecture should select this if the kernel mapping has a >> secondary >>linear mapping of the kernel text - in other words more than one >> virtual >>kernel address that

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Tue, Jul 19, 2016 at 1:14 PM, Christian Borntraeger wrote: > On 07/19/2016 09:31 PM, Kees Cook wrote: >> On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger >> wrote: >>> On 07/15/2016 11:44 PM, Kees Cook wrote: +config

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Tue, Jul 19, 2016 at 1:14 PM, Christian Borntraeger wrote: > On 07/19/2016 09:31 PM, Kees Cook wrote: >> On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger >> wrote: >>> On 07/15/2016 11:44 PM, Kees Cook wrote: +config HAVE_ARCH_LINEAR_KERNEL_MAPPING + bool + help

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Christian Borntraeger
On 07/19/2016 09:31 PM, Kees Cook wrote: > On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger > wrote: >> On 07/15/2016 11:44 PM, Kees Cook wrote: >>> +config HAVE_ARCH_LINEAR_KERNEL_MAPPING >>> + bool >>> + help >>> + An architecture should select this

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Christian Borntraeger
On 07/19/2016 09:31 PM, Kees Cook wrote: > On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger > wrote: >> On 07/15/2016 11:44 PM, Kees Cook wrote: >>> +config HAVE_ARCH_LINEAR_KERNEL_MAPPING >>> + bool >>> + help >>> + An architecture should select this if it has a secondary

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger wrote: > On 07/15/2016 11:44 PM, Kees Cook wrote: >> +config HAVE_ARCH_LINEAR_KERNEL_MAPPING >> + bool >> + help >> + An architecture should select this if it has a secondary linear >> + mapping of

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Tue, Jul 19, 2016 at 2:21 AM, Christian Borntraeger wrote: > On 07/15/2016 11:44 PM, Kees Cook wrote: >> +config HAVE_ARCH_LINEAR_KERNEL_MAPPING >> + bool >> + help >> + An architecture should select this if it has a secondary linear >> + mapping of the kernel text. This is

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Mon, Jul 18, 2016 at 6:52 PM, Laura Abbott wrote: > On 07/15/2016 02:44 PM, Kees Cook wrote: >> >> This is the start of porting PAX_USERCOPY into the mainline kernel. This >> is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The >> work is based on code

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Mon, Jul 18, 2016 at 6:52 PM, Laura Abbott wrote: > On 07/15/2016 02:44 PM, Kees Cook wrote: >> >> This is the start of porting PAX_USERCOPY into the mainline kernel. This >> is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The >> work is based on code by PaX Team and Brad

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote: > On 07/15/2016 02:44 PM, Kees Cook wrote: >> >> This is the start of porting PAX_USERCOPY into the mainline kernel. This >> is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The >> work is based on code

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Kees Cook
On Mon, Jul 18, 2016 at 6:06 PM, Laura Abbott wrote: > On 07/15/2016 02:44 PM, Kees Cook wrote: >> >> This is the start of porting PAX_USERCOPY into the mainline kernel. This >> is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The >> work is based on code by PaX Team and Brad

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Christian Borntraeger
On 07/15/2016 11:44 PM, Kees Cook wrote: > +config HAVE_ARCH_LINEAR_KERNEL_MAPPING > + bool > + help > + An architecture should select this if it has a secondary linear > + mapping of the kernel text. This is used to verify that kernel > + text exposures are not visible

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-19 Thread Christian Borntraeger
On 07/15/2016 11:44 PM, Kees Cook wrote: > +config HAVE_ARCH_LINEAR_KERNEL_MAPPING > + bool > + help > + An architecture should select this if it has a secondary linear > + mapping of the kernel text. This is used to verify that kernel > + text exposures are not visible

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-18 Thread Laura Abbott
On 07/15/2016 02:44 PM, Kees Cook wrote: This is the start of porting PAX_USERCOPY into the mainline kernel. This is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The work is based on code by PaX Team and Brad Spengler, and an earlier port from Casey Schaufler. Additional

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-18 Thread Laura Abbott
On 07/15/2016 02:44 PM, Kees Cook wrote: This is the start of porting PAX_USERCOPY into the mainline kernel. This is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The work is based on code by PaX Team and Brad Spengler, and an earlier port from Casey Schaufler. Additional

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-18 Thread Laura Abbott
On 07/15/2016 02:44 PM, Kees Cook wrote: This is the start of porting PAX_USERCOPY into the mainline kernel. This is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The work is based on code by PaX Team and Brad Spengler, and an earlier port from Casey Schaufler. Additional

Re: [PATCH v3 02/11] mm: Hardened usercopy

2016-07-18 Thread Laura Abbott
On 07/15/2016 02:44 PM, Kees Cook wrote: This is the start of porting PAX_USERCOPY into the mainline kernel. This is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The work is based on code by PaX Team and Brad Spengler, and an earlier port from Casey Schaufler. Additional