From: Kees Cook <keescook@chromium.org>
To: David Laight <David.Laight@aculab.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jan Kara <jack@suse.cz>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Will Deacon <will.deacon@arm.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
Christoph Lameter <cl@linux.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Russell King <linux@armlinux.org.uk>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
PaX Team <pageexec@freemail.hu>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>,
Fenghua Yu <fenghua.yu@intel.com>, Rik van Riel <riel@redhat.com>,
David Rientjes <rientjes@google.com>,
Tony Luck <tony.luck@intel.com>,
Andy Lutomirski <luto@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
Brad Spengler <spender@grsecurity.net>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Pekka Enberg <penberg@kernel.org>,
Daniel Micay <danielmicay@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v3 00/11] mm: Hardened usercopy
Date: Wed, 20 Jul 2016 08:31:37 -0700 [thread overview]
Message-ID: <CAGXu5j+QH8Fdk7p6bZV_yMv1puHRxZRu5z45+tKrmLyGBTymFw@mail.gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D5F4FD6A3@AcuExch.aculab.com>
On Wed, Jul 20, 2016 at 2:52 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be within the
>> current stack frame (if such checking is possible) or at least entirely
>> within the current process's stack.
> ...
>
> That description doesn't seem quite right to me.
> I presume the check is:
> Within the current process's stack and not crossing the ends of the
> current stack frame.
Actually, it's a bad description all around. :) The check is that the
range is within a valid stack frame (current or any prior caller's
frame). i.e. it does not cross a frame or touch the saved frame
pointer nor instruction pointer.
> The 'current' stack frame is likely to be that of copy_to/from_user().
> Even if you use the stack of the caller, any problematic buffers
> are likely to have been passed in from a calling function.
> So unless you are going to walk the stack (good luck on that)
> I'm not sure checking the stack frames is worth it.
Yup: that's exactly what it's doing: walking up the stack. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: David Laight <David.Laight@aculab.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jan Kara <jack@suse.cz>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Will Deacon <will.deacon@arm.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
Christoph Lameter <cl@linux.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Russell King <linux@armlinux.org.uk>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
PaX Team <pageexec@freemail.hu>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>,
Fenghua Yu <fenghua.yu@intel.com>, Rik van Riel <riel@redhat.com>,
David
Subject: Re: [PATCH v3 00/11] mm: Hardened usercopy
Date: Wed, 20 Jul 2016 08:31:37 -0700 [thread overview]
Message-ID: <CAGXu5j+QH8Fdk7p6bZV_yMv1puHRxZRu5z45+tKrmLyGBTymFw@mail.gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D5F4FD6A3@AcuExch.aculab.com>
On Wed, Jul 20, 2016 at 2:52 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be within the
>> current stack frame (if such checking is possible) or at least entirely
>> within the current process's stack.
> ...
>
> That description doesn't seem quite right to me.
> I presume the check is:
> Within the current process's stack and not crossing the ends of the
> current stack frame.
Actually, it's a bad description all around. :) The check is that the
range is within a valid stack frame (current or any prior caller's
frame). i.e. it does not cross a frame or touch the saved frame
pointer nor instruction pointer.
> The 'current' stack frame is likely to be that of copy_to/from_user().
> Even if you use the stack of the caller, any problematic buffers
> are likely to have been passed in from a calling function.
> So unless you are going to walk the stack (good luck on that)
> I'm not sure checking the stack frames is worth it.
Yup: that's exactly what it's doing: walking up the stack. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: David Laight <David.Laight@aculab.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jan Kara <jack@suse.cz>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Will Deacon <will.deacon@arm.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
Christoph Lameter <cl@linux.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Russell King <linux@armlinux.org.uk>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
PaX Team <pageexec@freemail.hu>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>,
Fenghua Yu <fenghua.yu@intel.com>, Rik van Riel <riel@redhat.com>,
David Rientjes <rientjes@google.com>,
Tony Luck <tony.luck@intel.com>,
Andy Lutomirski <luto@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
Brad Spengler <spender@grsecurity.net>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Pekka Enberg <penberg@kernel.org>,
Daniel Micay <danielmicay@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v3 00/11] mm: Hardened usercopy
Date: Wed, 20 Jul 2016 15:31:37 +0000 [thread overview]
Message-ID: <CAGXu5j+QH8Fdk7p6bZV_yMv1puHRxZRu5z45+tKrmLyGBTymFw@mail.gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D5F4FD6A3@AcuExch.aculab.com>
On Wed, Jul 20, 2016 at 2:52 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be within the
>> current stack frame (if such checking is possible) or at least entirely
>> within the current process's stack.
> ...
>
> That description doesn't seem quite right to me.
> I presume the check is:
> Within the current process's stack and not crossing the ends of the
> current stack frame.
Actually, it's a bad description all around. :) The check is that the
range is within a valid stack frame (current or any prior caller's
frame). i.e. it does not cross a frame or touch the saved frame
pointer nor instruction pointer.
> The 'current' stack frame is likely to be that of copy_to/from_user().
> Even if you use the stack of the caller, any problematic buffers
> are likely to have been passed in from a calling function.
> So unless you are going to walk the stack (good luck on that)
> I'm not sure checking the stack frames is worth it.
Yup: that's exactly what it's doing: walking up the stack. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: David Laight <David.Laight@aculab.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jan Kara <jack@suse.cz>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Will Deacon <will.deacon@arm.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
Christoph Lameter <cl@linux.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Russell King <linux@armlinux.org.uk>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
PaX Team <pageexec@freemail.hu>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>,
Fenghua Yu <fenghua.yu@intel.com>, Rik van Riel <riel@redhat.com>,
David Rientjes <rientjes@google.com>,
Tony Luck <tony.luck@intel.com>,
Andy Lutomirski <luto@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
Brad Spengler <spender@grsecurity.net>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Pekka Enberg <penberg@kernel.org>,
Daniel Micay <danielmicay@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v3 00/11] mm: Hardened usercopy
Date: Wed, 20 Jul 2016 08:31:37 -0700 [thread overview]
Message-ID: <CAGXu5j+QH8Fdk7p6bZV_yMv1puHRxZRu5z45+tKrmLyGBTymFw@mail.gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D5F4FD6A3@AcuExch.aculab.com>
On Wed, Jul 20, 2016 at 2:52 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be within the
>> current stack frame (if such checking is possible) or at least entirely
>> within the current process's stack.
> ...
>
> That description doesn't seem quite right to me.
> I presume the check is:
> Within the current process's stack and not crossing the ends of the
> current stack frame.
Actually, it's a bad description all around. :) The check is that the
range is within a valid stack frame (current or any prior caller's
frame). i.e. it does not cross a frame or touch the saved frame
pointer nor instruction pointer.
> The 'current' stack frame is likely to be that of copy_to/from_user().
> Even if you use the stack of the caller, any problematic buffers
> are likely to have been passed in from a calling function.
> So unless you are going to walk the stack (good luck on that)
> I'm not sure checking the stack frames is worth it.
Yup: that's exactly what it's doing: walking up the stack. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: keescook@chromium.org (Kees Cook)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 00/11] mm: Hardened usercopy
Date: Wed, 20 Jul 2016 08:31:37 -0700 [thread overview]
Message-ID: <CAGXu5j+QH8Fdk7p6bZV_yMv1puHRxZRu5z45+tKrmLyGBTymFw@mail.gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D5F4FD6A3@AcuExch.aculab.com>
On Wed, Jul 20, 2016 at 2:52 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be within the
>> current stack frame (if such checking is possible) or at least entirely
>> within the current process's stack.
> ...
>
> That description doesn't seem quite right to me.
> I presume the check is:
> Within the current process's stack and not crossing the ends of the
> current stack frame.
Actually, it's a bad description all around. :) The check is that the
range is within a valid stack frame (current or any prior caller's
frame). i.e. it does not cross a frame or touch the saved frame
pointer nor instruction pointer.
> The 'current' stack frame is likely to be that of copy_to/from_user().
> Even if you use the stack of the caller, any problematic buffers
> are likely to have been passed in from a calling function.
> So unless you are going to walk the stack (good luck on that)
> I'm not sure checking the stack frames is worth it.
Yup: that's exactly what it's doing: walking up the stack. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: David Laight <David.Laight@aculab.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jan Kara <jack@suse.cz>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Will Deacon <will.deacon@arm.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
Christoph Lameter <cl@linux.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Russell King <linux@armlinux.org.uk>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
PaX Team <pageexec@freemail.hu>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>,
Fenghua Yu <fenghua.yu@intel.com>, Rik van Riel <riel@redhat.com>,
David Rientjes <rientjes@google.com>,
Tony Luck <tony.luck@intel.com>,
Andy Lutomirski <luto@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
Brad Spengler <spender@grsecurity.net>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Pekka Enberg <penberg@kernel.org>,
Daniel Micay <danielmicay@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"David S. Miller" <davem@davemloft.net>
Subject: [kernel-hardening] Re: [PATCH v3 00/11] mm: Hardened usercopy
Date: Wed, 20 Jul 2016 08:31:37 -0700 [thread overview]
Message-ID: <CAGXu5j+QH8Fdk7p6bZV_yMv1puHRxZRu5z45+tKrmLyGBTymFw@mail.gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D5F4FD6A3@AcuExch.aculab.com>
On Wed, Jul 20, 2016 at 2:52 AM, David Laight <David.Laight@aculab.com> wrote:
> From: Kees Cook
>> Sent: 15 July 2016 22:44
>> This is a start of the mainline port of PAX_USERCOPY[1].
> ...
>> - if address range is in the current process stack, it must be within the
>> current stack frame (if such checking is possible) or at least entirely
>> within the current process's stack.
> ...
>
> That description doesn't seem quite right to me.
> I presume the check is:
> Within the current process's stack and not crossing the ends of the
> current stack frame.
Actually, it's a bad description all around. :) The check is that the
range is within a valid stack frame (current or any prior caller's
frame). i.e. it does not cross a frame or touch the saved frame
pointer nor instruction pointer.
> The 'current' stack frame is likely to be that of copy_to/from_user().
> Even if you use the stack of the caller, any problematic buffers
> are likely to have been passed in from a calling function.
> So unless you are going to walk the stack (good luck on that)
> I'm not sure checking the stack frames is worth it.
Yup: that's exactly what it's doing: walking up the stack. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
next prev parent reply other threads:[~2016-07-20 15:31 UTC|newest]
Thread overview: 257+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-15 21:44 [PATCH v3 00/11] mm: Hardened usercopy Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 01/11] mm: Implement stack frame object validation Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 02/11] mm: Hardened usercopy Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` [kernel-hardening] " Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` [kernel-hardening] " Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 22:00 ` [PATCH] mm: Add is_migrate_cma_page Laura Abbott
2016-07-19 22:00 ` [kernel-hardening] " Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` [kernel-hardening] " Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-20 10:24 ` [PATCH v3 02/11] mm: Hardened usercopy Balbir Singh
2016-07-20 10:24 ` [kernel-hardening] " Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` [kernel-hardening] " Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` [kernel-hardening] " Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` [kernel-hardening] " Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` [kernel-hardening] " Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` [kernel-hardening] " Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` [kernel-hardening] " Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` [kernel-hardening] " Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` [kernel-hardening] " Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` [kernel-hardening] " Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` [kernel-hardening] " Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
[not found] ` <5790711f.2350420a.b4287.2cc0SMTPIN_ADDED_BROKEN@mx.google.com>
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` [kernel-hardening] " Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` [kernel-hardening] " Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` [kernel-hardening] " David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` [kernel-hardening] " Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:03 ` Michael Ellerman
2016-07-26 2:03 ` [kernel-hardening] " Michael Ellerman
2016-07-26 2:03 ` Michael Ellerman
2016-07-26 2:03 ` Michael Ellerman
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` [kernel-hardening] " Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 03/11] x86/uaccess: Enable hardened usercopy Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 04/11] ARM: uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 05/11] arm64/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 06/11] ia64/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 07/11] powerpc/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 08/11] sparc/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 09/11] s390/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 10/11] mm: SLAB hardened usercopy support Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 11/11] mm: SLUB " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-18 8:26 ` [PATCH v3 00/11] mm: Hardened usercopy Balbir Singh
2016-07-18 8:26 ` [kernel-hardening] " Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` [kernel-hardening] " David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 15:31 ` Kees Cook [this message]
2016-07-20 15:31 ` [kernel-hardening] " Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` [kernel-hardening] " David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` [kernel-hardening] " Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` [kernel-hardening] " Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5j+QH8Fdk7p6bZV_yMv1puHRxZRu5z45+tKrmLyGBTymFw@mail.gmail.com \
--to=keescook@chromium.org \
--cc=David.Laight@aculab.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=bp@suse.de \
--cc=casey@schaufler-ca.com \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=danielmicay@gmail.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=fenghua.yu@intel.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jack@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@fedoraproject.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=minipli@googlemail.com \
--cc=pageexec@freemail.hu \
--cc=penberg@kernel.org \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=sparclinux@vger.kernel.org \
--cc=spender@grsecurity.net \
--cc=tony.luck@intel.com \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.