Re: [GIT PULL] usercopy protection for v4.8
On Tue, Jul 26, 2016 at 8:53 PM, Kees Cookwrote: > On Tue, Jul 26, 2016 at 2:55 PM, Kees Cook wrote: >> Hi, >> >> This is my next pull request for v4.8, which introduces a kernel self >> protection of copy_to_user/copy_from_user that has been under review and >> test on the kernel-hardening list for a while. It has lived for a bit >> in -next, and appears to be ready IMO. There will be more improvements >> in the future, but this is a solid start. >> >> Again, if I can improve these pull request emails in any way, please >> let me know. :) > > Hrm, part of the complexity of the KSPP work: this series depends on > _etext fixes in the arm and arm64 trees, so this should likely wait > until those trees are pulled. Okay, this should be ready to go now. The dependencies in arm and arm64 have been pulled: commit 14c4a533e09 ("ARM: 8583/1: mm: fix location of _etext") commit 9fdc14c55cd6 ("arm64: mm: fix location of _etext") Thanks! -Kees >> The following changes since commit 523d939ef98fd712632d93a5a2b588e477a7565e: >> >> Linux 4.7 (2016-07-24 12:23:50 -0700) >> >> are available in the git repository at: >> >> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git >> tags/usercopy-v4.8 >> >> for you to fetch changes up to ed18adc1cdd00a5c55a20fbdaed4804660772281: >> >> mm: SLUB hardened usercopy support (2016-07-26 14:43:54 -0700) >> >> >> Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user >> bounds checking for most architectures on SLAB and SLUB. >> >> >> Kees Cook (11): >> mm: Implement stack frame object validation >> mm: Hardened usercopy >> x86/uaccess: Enable hardened usercopy >> ARM: uaccess: Enable hardened usercopy >> arm64/uaccess: Enable hardened usercopy >> ia64/uaccess: Enable hardened usercopy >> powerpc/uaccess: Enable hardened usercopy >> sparc/uaccess: Enable hardened usercopy >> s390/uaccess: Enable hardened usercopy >> mm: SLAB hardened usercopy support >> mm: SLUB hardened usercopy support >> >> Laura Abbott (1): >> mm: Add is_migrate_cma_page >> >> arch/Kconfig| 9 ++ >> arch/arm/Kconfig| 1 + >> arch/arm/include/asm/uaccess.h | 11 +- >> arch/arm64/Kconfig | 1 + >> arch/arm64/include/asm/uaccess.h| 29 +++- >> arch/arm64/kernel/arm64ksyms.c | 4 +- >> arch/arm64/lib/copy_from_user.S | 4 +- >> arch/arm64/lib/copy_to_user.S | 4 +- >> arch/ia64/Kconfig | 1 + >> arch/ia64/include/asm/uaccess.h | 18 ++- >> arch/powerpc/Kconfig| 1 + >> arch/powerpc/include/asm/uaccess.h | 21 ++- >> arch/s390/Kconfig | 1 + >> arch/s390/lib/uaccess.c | 2 + >> arch/sparc/Kconfig | 1 + >> arch/sparc/include/asm/uaccess_32.h | 14 +- >> arch/sparc/include/asm/uaccess_64.h | 11 +- >> arch/x86/Kconfig| 2 + >> arch/x86/include/asm/thread_info.h | 44 ++ >> arch/x86/include/asm/uaccess.h | 10 +- >> arch/x86/include/asm/uaccess_32.h | 2 + >> arch/x86/include/asm/uaccess_64.h | 2 + >> include/linux/mmzone.h | 2 + >> include/linux/slab.h| 12 ++ >> include/linux/thread_info.h | 24 >> init/Kconfig| 2 + >> mm/Makefile | 4 + >> mm/slab.c | 30 >> mm/slub.c | 40 ++ >> mm/usercopy.c | 268 >> >> security/Kconfig| 28 >> 31 files changed, 573 insertions(+), 30 deletions(-) >> create mode 100644 mm/usercopy.c >> >> -- >> Kees Cook >> Brillo & Chrome OS Security > > > > -- > Kees Cook > Chrome OS & Brillo Security -- Kees Cook Chrome OS & Brillo Security
Re: [GIT PULL] usercopy protection for v4.8
On Tue, Jul 26, 2016 at 8:53 PM, Kees Cook wrote: > On Tue, Jul 26, 2016 at 2:55 PM, Kees Cook wrote: >> Hi, >> >> This is my next pull request for v4.8, which introduces a kernel self >> protection of copy_to_user/copy_from_user that has been under review and >> test on the kernel-hardening list for a while. It has lived for a bit >> in -next, and appears to be ready IMO. There will be more improvements >> in the future, but this is a solid start. >> >> Again, if I can improve these pull request emails in any way, please >> let me know. :) > > Hrm, part of the complexity of the KSPP work: this series depends on > _etext fixes in the arm and arm64 trees, so this should likely wait > until those trees are pulled. Okay, this should be ready to go now. The dependencies in arm and arm64 have been pulled: commit 14c4a533e09 ("ARM: 8583/1: mm: fix location of _etext") commit 9fdc14c55cd6 ("arm64: mm: fix location of _etext") Thanks! -Kees >> The following changes since commit 523d939ef98fd712632d93a5a2b588e477a7565e: >> >> Linux 4.7 (2016-07-24 12:23:50 -0700) >> >> are available in the git repository at: >> >> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git >> tags/usercopy-v4.8 >> >> for you to fetch changes up to ed18adc1cdd00a5c55a20fbdaed4804660772281: >> >> mm: SLUB hardened usercopy support (2016-07-26 14:43:54 -0700) >> >> >> Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user >> bounds checking for most architectures on SLAB and SLUB. >> >> >> Kees Cook (11): >> mm: Implement stack frame object validation >> mm: Hardened usercopy >> x86/uaccess: Enable hardened usercopy >> ARM: uaccess: Enable hardened usercopy >> arm64/uaccess: Enable hardened usercopy >> ia64/uaccess: Enable hardened usercopy >> powerpc/uaccess: Enable hardened usercopy >> sparc/uaccess: Enable hardened usercopy >> s390/uaccess: Enable hardened usercopy >> mm: SLAB hardened usercopy support >> mm: SLUB hardened usercopy support >> >> Laura Abbott (1): >> mm: Add is_migrate_cma_page >> >> arch/Kconfig| 9 ++ >> arch/arm/Kconfig| 1 + >> arch/arm/include/asm/uaccess.h | 11 +- >> arch/arm64/Kconfig | 1 + >> arch/arm64/include/asm/uaccess.h| 29 +++- >> arch/arm64/kernel/arm64ksyms.c | 4 +- >> arch/arm64/lib/copy_from_user.S | 4 +- >> arch/arm64/lib/copy_to_user.S | 4 +- >> arch/ia64/Kconfig | 1 + >> arch/ia64/include/asm/uaccess.h | 18 ++- >> arch/powerpc/Kconfig| 1 + >> arch/powerpc/include/asm/uaccess.h | 21 ++- >> arch/s390/Kconfig | 1 + >> arch/s390/lib/uaccess.c | 2 + >> arch/sparc/Kconfig | 1 + >> arch/sparc/include/asm/uaccess_32.h | 14 +- >> arch/sparc/include/asm/uaccess_64.h | 11 +- >> arch/x86/Kconfig| 2 + >> arch/x86/include/asm/thread_info.h | 44 ++ >> arch/x86/include/asm/uaccess.h | 10 +- >> arch/x86/include/asm/uaccess_32.h | 2 + >> arch/x86/include/asm/uaccess_64.h | 2 + >> include/linux/mmzone.h | 2 + >> include/linux/slab.h| 12 ++ >> include/linux/thread_info.h | 24 >> init/Kconfig| 2 + >> mm/Makefile | 4 + >> mm/slab.c | 30 >> mm/slub.c | 40 ++ >> mm/usercopy.c | 268 >> >> security/Kconfig| 28 >> 31 files changed, 573 insertions(+), 30 deletions(-) >> create mode 100644 mm/usercopy.c >> >> -- >> Kees Cook >> Brillo & Chrome OS Security > > > > -- > Kees Cook > Chrome OS & Brillo Security -- Kees Cook Chrome OS & Brillo Security
Re: [GIT PULL] usercopy protection for v4.8
On Tue, Jul 26, 2016 at 2:55 PM, Kees Cookwrote: > Hi, > > This is my next pull request for v4.8, which introduces a kernel self > protection of copy_to_user/copy_from_user that has been under review and > test on the kernel-hardening list for a while. It has lived for a bit > in -next, and appears to be ready IMO. There will be more improvements > in the future, but this is a solid start. > > Again, if I can improve these pull request emails in any way, please > let me know. :) Hrm, part of the complexity of the KSPP work: this series depends on _etext fixes in the arm and arm64 trees, so this should likely wait until those trees are pulled. -Kees > > Thanks! > > -Kees > > The following changes since commit 523d939ef98fd712632d93a5a2b588e477a7565e: > > Linux 4.7 (2016-07-24 12:23:50 -0700) > > are available in the git repository at: > > git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git > tags/usercopy-v4.8 > > for you to fetch changes up to ed18adc1cdd00a5c55a20fbdaed4804660772281: > > mm: SLUB hardened usercopy support (2016-07-26 14:43:54 -0700) > > > Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user > bounds checking for most architectures on SLAB and SLUB. > > > Kees Cook (11): > mm: Implement stack frame object validation > mm: Hardened usercopy > x86/uaccess: Enable hardened usercopy > ARM: uaccess: Enable hardened usercopy > arm64/uaccess: Enable hardened usercopy > ia64/uaccess: Enable hardened usercopy > powerpc/uaccess: Enable hardened usercopy > sparc/uaccess: Enable hardened usercopy > s390/uaccess: Enable hardened usercopy > mm: SLAB hardened usercopy support > mm: SLUB hardened usercopy support > > Laura Abbott (1): > mm: Add is_migrate_cma_page > > arch/Kconfig| 9 ++ > arch/arm/Kconfig| 1 + > arch/arm/include/asm/uaccess.h | 11 +- > arch/arm64/Kconfig | 1 + > arch/arm64/include/asm/uaccess.h| 29 +++- > arch/arm64/kernel/arm64ksyms.c | 4 +- > arch/arm64/lib/copy_from_user.S | 4 +- > arch/arm64/lib/copy_to_user.S | 4 +- > arch/ia64/Kconfig | 1 + > arch/ia64/include/asm/uaccess.h | 18 ++- > arch/powerpc/Kconfig| 1 + > arch/powerpc/include/asm/uaccess.h | 21 ++- > arch/s390/Kconfig | 1 + > arch/s390/lib/uaccess.c | 2 + > arch/sparc/Kconfig | 1 + > arch/sparc/include/asm/uaccess_32.h | 14 +- > arch/sparc/include/asm/uaccess_64.h | 11 +- > arch/x86/Kconfig| 2 + > arch/x86/include/asm/thread_info.h | 44 ++ > arch/x86/include/asm/uaccess.h | 10 +- > arch/x86/include/asm/uaccess_32.h | 2 + > arch/x86/include/asm/uaccess_64.h | 2 + > include/linux/mmzone.h | 2 + > include/linux/slab.h| 12 ++ > include/linux/thread_info.h | 24 > init/Kconfig| 2 + > mm/Makefile | 4 + > mm/slab.c | 30 > mm/slub.c | 40 ++ > mm/usercopy.c | 268 > > security/Kconfig| 28 > 31 files changed, 573 insertions(+), 30 deletions(-) > create mode 100644 mm/usercopy.c > > -- > Kees Cook > Brillo & Chrome OS Security -- Kees Cook Chrome OS & Brillo Security
Re: [GIT PULL] usercopy protection for v4.8
On Tue, Jul 26, 2016 at 2:55 PM, Kees Cook wrote: > Hi, > > This is my next pull request for v4.8, which introduces a kernel self > protection of copy_to_user/copy_from_user that has been under review and > test on the kernel-hardening list for a while. It has lived for a bit > in -next, and appears to be ready IMO. There will be more improvements > in the future, but this is a solid start. > > Again, if I can improve these pull request emails in any way, please > let me know. :) Hrm, part of the complexity of the KSPP work: this series depends on _etext fixes in the arm and arm64 trees, so this should likely wait until those trees are pulled. -Kees > > Thanks! > > -Kees > > The following changes since commit 523d939ef98fd712632d93a5a2b588e477a7565e: > > Linux 4.7 (2016-07-24 12:23:50 -0700) > > are available in the git repository at: > > git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git > tags/usercopy-v4.8 > > for you to fetch changes up to ed18adc1cdd00a5c55a20fbdaed4804660772281: > > mm: SLUB hardened usercopy support (2016-07-26 14:43:54 -0700) > > > Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user > bounds checking for most architectures on SLAB and SLUB. > > > Kees Cook (11): > mm: Implement stack frame object validation > mm: Hardened usercopy > x86/uaccess: Enable hardened usercopy > ARM: uaccess: Enable hardened usercopy > arm64/uaccess: Enable hardened usercopy > ia64/uaccess: Enable hardened usercopy > powerpc/uaccess: Enable hardened usercopy > sparc/uaccess: Enable hardened usercopy > s390/uaccess: Enable hardened usercopy > mm: SLAB hardened usercopy support > mm: SLUB hardened usercopy support > > Laura Abbott (1): > mm: Add is_migrate_cma_page > > arch/Kconfig| 9 ++ > arch/arm/Kconfig| 1 + > arch/arm/include/asm/uaccess.h | 11 +- > arch/arm64/Kconfig | 1 + > arch/arm64/include/asm/uaccess.h| 29 +++- > arch/arm64/kernel/arm64ksyms.c | 4 +- > arch/arm64/lib/copy_from_user.S | 4 +- > arch/arm64/lib/copy_to_user.S | 4 +- > arch/ia64/Kconfig | 1 + > arch/ia64/include/asm/uaccess.h | 18 ++- > arch/powerpc/Kconfig| 1 + > arch/powerpc/include/asm/uaccess.h | 21 ++- > arch/s390/Kconfig | 1 + > arch/s390/lib/uaccess.c | 2 + > arch/sparc/Kconfig | 1 + > arch/sparc/include/asm/uaccess_32.h | 14 +- > arch/sparc/include/asm/uaccess_64.h | 11 +- > arch/x86/Kconfig| 2 + > arch/x86/include/asm/thread_info.h | 44 ++ > arch/x86/include/asm/uaccess.h | 10 +- > arch/x86/include/asm/uaccess_32.h | 2 + > arch/x86/include/asm/uaccess_64.h | 2 + > include/linux/mmzone.h | 2 + > include/linux/slab.h| 12 ++ > include/linux/thread_info.h | 24 > init/Kconfig| 2 + > mm/Makefile | 4 + > mm/slab.c | 30 > mm/slub.c | 40 ++ > mm/usercopy.c | 268 > > security/Kconfig| 28 > 31 files changed, 573 insertions(+), 30 deletions(-) > create mode 100644 mm/usercopy.c > > -- > Kees Cook > Brillo & Chrome OS Security -- Kees Cook Chrome OS & Brillo Security
[GIT PULL] usercopy protection for v4.8
Hi, This is my next pull request for v4.8, which introduces a kernel self protection of copy_to_user/copy_from_user that has been under review and test on the kernel-hardening list for a while. It has lived for a bit in -next, and appears to be ready IMO. There will be more improvements in the future, but this is a solid start. Again, if I can improve these pull request emails in any way, please let me know. :) Thanks! -Kees The following changes since commit 523d939ef98fd712632d93a5a2b588e477a7565e: Linux 4.7 (2016-07-24 12:23:50 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/usercopy-v4.8 for you to fetch changes up to ed18adc1cdd00a5c55a20fbdaed4804660772281: mm: SLUB hardened usercopy support (2016-07-26 14:43:54 -0700) Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user bounds checking for most architectures on SLAB and SLUB. Kees Cook (11): mm: Implement stack frame object validation mm: Hardened usercopy x86/uaccess: Enable hardened usercopy ARM: uaccess: Enable hardened usercopy arm64/uaccess: Enable hardened usercopy ia64/uaccess: Enable hardened usercopy powerpc/uaccess: Enable hardened usercopy sparc/uaccess: Enable hardened usercopy s390/uaccess: Enable hardened usercopy mm: SLAB hardened usercopy support mm: SLUB hardened usercopy support Laura Abbott (1): mm: Add is_migrate_cma_page arch/Kconfig| 9 ++ arch/arm/Kconfig| 1 + arch/arm/include/asm/uaccess.h | 11 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/uaccess.h| 29 +++- arch/arm64/kernel/arm64ksyms.c | 4 +- arch/arm64/lib/copy_from_user.S | 4 +- arch/arm64/lib/copy_to_user.S | 4 +- arch/ia64/Kconfig | 1 + arch/ia64/include/asm/uaccess.h | 18 ++- arch/powerpc/Kconfig| 1 + arch/powerpc/include/asm/uaccess.h | 21 ++- arch/s390/Kconfig | 1 + arch/s390/lib/uaccess.c | 2 + arch/sparc/Kconfig | 1 + arch/sparc/include/asm/uaccess_32.h | 14 +- arch/sparc/include/asm/uaccess_64.h | 11 +- arch/x86/Kconfig| 2 + arch/x86/include/asm/thread_info.h | 44 ++ arch/x86/include/asm/uaccess.h | 10 +- arch/x86/include/asm/uaccess_32.h | 2 + arch/x86/include/asm/uaccess_64.h | 2 + include/linux/mmzone.h | 2 + include/linux/slab.h| 12 ++ include/linux/thread_info.h | 24 init/Kconfig| 2 + mm/Makefile | 4 + mm/slab.c | 30 mm/slub.c | 40 ++ mm/usercopy.c | 268 security/Kconfig| 28 31 files changed, 573 insertions(+), 30 deletions(-) create mode 100644 mm/usercopy.c -- Kees Cook Brillo & Chrome OS Security
[GIT PULL] usercopy protection for v4.8
Hi, This is my next pull request for v4.8, which introduces a kernel self protection of copy_to_user/copy_from_user that has been under review and test on the kernel-hardening list for a while. It has lived for a bit in -next, and appears to be ready IMO. There will be more improvements in the future, but this is a solid start. Again, if I can improve these pull request emails in any way, please let me know. :) Thanks! -Kees The following changes since commit 523d939ef98fd712632d93a5a2b588e477a7565e: Linux 4.7 (2016-07-24 12:23:50 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/usercopy-v4.8 for you to fetch changes up to ed18adc1cdd00a5c55a20fbdaed4804660772281: mm: SLUB hardened usercopy support (2016-07-26 14:43:54 -0700) Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user bounds checking for most architectures on SLAB and SLUB. Kees Cook (11): mm: Implement stack frame object validation mm: Hardened usercopy x86/uaccess: Enable hardened usercopy ARM: uaccess: Enable hardened usercopy arm64/uaccess: Enable hardened usercopy ia64/uaccess: Enable hardened usercopy powerpc/uaccess: Enable hardened usercopy sparc/uaccess: Enable hardened usercopy s390/uaccess: Enable hardened usercopy mm: SLAB hardened usercopy support mm: SLUB hardened usercopy support Laura Abbott (1): mm: Add is_migrate_cma_page arch/Kconfig| 9 ++ arch/arm/Kconfig| 1 + arch/arm/include/asm/uaccess.h | 11 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/uaccess.h| 29 +++- arch/arm64/kernel/arm64ksyms.c | 4 +- arch/arm64/lib/copy_from_user.S | 4 +- arch/arm64/lib/copy_to_user.S | 4 +- arch/ia64/Kconfig | 1 + arch/ia64/include/asm/uaccess.h | 18 ++- arch/powerpc/Kconfig| 1 + arch/powerpc/include/asm/uaccess.h | 21 ++- arch/s390/Kconfig | 1 + arch/s390/lib/uaccess.c | 2 + arch/sparc/Kconfig | 1 + arch/sparc/include/asm/uaccess_32.h | 14 +- arch/sparc/include/asm/uaccess_64.h | 11 +- arch/x86/Kconfig| 2 + arch/x86/include/asm/thread_info.h | 44 ++ arch/x86/include/asm/uaccess.h | 10 +- arch/x86/include/asm/uaccess_32.h | 2 + arch/x86/include/asm/uaccess_64.h | 2 + include/linux/mmzone.h | 2 + include/linux/slab.h| 12 ++ include/linux/thread_info.h | 24 init/Kconfig| 2 + mm/Makefile | 4 + mm/slab.c | 30 mm/slub.c | 40 ++ mm/usercopy.c | 268 security/Kconfig| 28 31 files changed, 573 insertions(+), 30 deletions(-) create mode 100644 mm/usercopy.c -- Kees Cook Brillo & Chrome OS Security