Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-08 Thread Arnd Bergmann
On Thursday, July 7, 2016 1:37:43 PM CEST Kees Cook wrote: > > > >> + /* Allow kernel bss region (if not marked as Reserved). */ > >> + if (ptr >= (const void *)__bss_start && > >> + end <= (const void *)__bss_stop) > >> + return NULL; > > > > accesses to

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Michael Ellerman
Kees Cook writes: > On Thu, Jul 7, 2016 at 4:01 AM, Arnd Bergmann wrote: >> On Wednesday, July 6, 2016 3:25:20 PM CEST Kees Cook wrote: >>> + >>> + /* Allow kernel rodata region (if not marked as Reserved). */ >>> + if (ptr >= (const void

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Thomas Gleixner
On Thu, 7 Jul 2016, Kees Cook wrote: > On Thu, Jul 7, 2016 at 3:42 AM, Thomas Gleixner wrote: > > I'd rather make that a weak function returning 1 which can be replaced by > > x86 for CONFIG_FRAME_POINTER=y. That also allows other architectures to > > implement their specific

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Baruch Siach
Hi Kees, On Thu, Jul 07, 2016 at 01:25:21PM -0400, Kees Cook wrote: > On Thu, Jul 7, 2016 at 1:37 AM, Baruch Siach wrote: > > On Wed, Jul 06, 2016 at 03:25:20PM -0700, Kees Cook wrote: > >> +#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR > > > > Should be

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Kees Cook
On Thu, Jul 7, 2016 at 12:35 PM, Rik van Riel wrote: > On Wed, 2016-07-06 at 15:25 -0700, Kees Cook wrote: >> >> + /* Allow kernel rodata region (if not marked as Reserved). >> */ >> + if (ptr >= (const void *)__start_rodata && >> + end <= (const void

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Kees Cook
On Thu, Jul 7, 2016 at 4:01 AM, Arnd Bergmann wrote: > On Wednesday, July 6, 2016 3:25:20 PM CEST Kees Cook wrote: >> This is the start of porting PAX_USERCOPY into the mainline kernel. This >> is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The >> work is

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Kees Cook
On Thu, Jul 7, 2016 at 3:42 AM, Thomas Gleixner wrote: > On Wed, 6 Jul 2016, Kees Cook wrote: >> + >> +#if defined(CONFIG_FRAME_POINTER) && defined(CONFIG_X86) >> + const void *frame = NULL; >> + const void *oldframe; >> +#endif > > That's ugly Yeah, I'd like to have

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Kees Cook
On Thu, Jul 7, 2016 at 1:37 AM, Baruch Siach wrote: > Hi Kees, > > On Wed, Jul 06, 2016 at 03:25:20PM -0700, Kees Cook wrote: >> +#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR > > Should be CONFIG_HARDENED_USERCOPY to match the slab/slub implementation > condition. > >> +const

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Rik van Riel
On Wed, 2016-07-06 at 15:25 -0700, Kees Cook wrote: >  > + /* Allow kernel rodata region (if not marked as Reserved). > */ > + if (ptr >= (const void *)__start_rodata && > + end <= (const void *)__end_rodata) > + return NULL; > One comment here. __check_object_size

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Rik van Riel
On Wed, 2016-07-06 at 15:25 -0700, Kees Cook wrote: > This is the start of porting PAX_USERCOPY into the mainline kernel. > This > is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. > The > work is based on code by PaX Team and Brad Spengler, and an earlier > port > from Casey

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Thomas Gleixner
On Wed, 6 Jul 2016, Kees Cook wrote: > + > +#if defined(CONFIG_FRAME_POINTER) && defined(CONFIG_X86) > + const void *frame = NULL; > + const void *oldframe; > +#endif That's ugly > + > + /* Object is not on the stack at all. */ > + if (obj + len <= stack || stackend <= obj) > +

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-07 Thread Arnd Bergmann
On Wednesday, July 6, 2016 3:25:20 PM CEST Kees Cook wrote: > This is the start of porting PAX_USERCOPY into the mainline kernel. This > is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The > work is based on code by PaX Team and Brad Spengler, and an earlier port > from Casey

Re: [PATCH 1/9] mm: Hardened usercopy

2016-07-06 Thread Baruch Siach
Hi Kees, On Wed, Jul 06, 2016 at 03:25:20PM -0700, Kees Cook wrote: > +#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR Should be CONFIG_HARDENED_USERCOPY to match the slab/slub implementation condition. > +const char *__check_heap_object(const void *ptr, unsigned long n, > +

[PATCH 1/9] mm: Hardened usercopy

2016-07-06 Thread Kees Cook
This is the start of porting PAX_USERCOPY into the mainline kernel. This is the first set of features, controlled by CONFIG_HARDENED_USERCOPY. The work is based on code by PaX Team and Brad Spengler, and an earlier port from Casey Schaufler. Additional non-slab page tests are from Rik van Riel.