From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com From: Elena Reshetova Date: Mon, 3 Oct 2016 09:41:13 +0300 Message-Id: <1475476886-26232-1-git-send-email-elena.reshetova@intel.com> Subject: [kernel-hardening] [RFC PATCH 00/13] HARDENING_ATOMIC feature To: kernel-hardening@lists.openwall.com Cc: keescook@chromium.org, Elena Reshetova List-ID: This series brings the PaX/Grsecurity PAX_REFCOUNT [1] feature support to the upstream kernel. All credit for the feature goes to the feature authors. The name of the upstream feature is HARDENED_ATOMIC and it is configured using CONFIG_HARDENED_ATOMIC and HAVE_ARCH_HARDENED_ATOMIC. This series only adds x86 support; other architectures are expected to add similar support gradually. More information about the feature can be found in the following commit messages. Special thank you goes to Kees Cook for pre-reviwing this feature and all the valuable feedback he provided to us. David Windsor (7): kernel: identify wrapping atomic usage mm: identify wrapping atomic usage fs: identify wrapping atomic usage net: identify wrapping atomic usage security: identify wrapping atomic usage drivers: identify wrapping atomic usage (part 1/2) drivers: identify wrapping atomic usage (part 2/2) Elena Reshetova (2): Add architecture independent hardened atomic base x86: x86 implementation for HARDENED_ATOMIC Hans Liljestrand (4): percpu-refcount: leave atomic counter unprotected net: atm: identify wrapping atomic usage x86: identify wrapping atomic usage lkdtm: add tests for atomic over-/underflow arch/x86/Kconfig | 1 + arch/x86/include/asm/atomic.h | 274 +++++++++++++++++- arch/x86/include/asm/atomic64_32.h | 157 +++++++++- arch/x86/include/asm/atomic64_64.h | 166 ++++++++++- arch/x86/include/asm/bitops.h | 8 +- arch/x86/include/asm/cmpxchg.h | 39 +++ arch/x86/include/asm/hw_irq.h | 4 +- arch/x86/include/asm/local.h | 89 +++++- arch/x86/include/asm/preempt.h | 2 +- arch/x86/include/asm/rmwcc.h | 82 +++++- arch/x86/include/asm/rwsem.h | 50 ++++ arch/x86/kernel/apic/apic.c | 2 +- arch/x86/kernel/apic/io_apic.c | 4 +- arch/x86/kernel/cpu/mcheck/mce.c | 12 +- arch/x86/kernel/i8259.c | 2 +- arch/x86/kernel/irq.c | 8 +- arch/x86/kernel/kgdb.c | 6 +- arch/x86/kernel/pvclock.c | 8 +- arch/x86/kernel/tboot.c | 8 +- arch/x86/kernel/traps.c | 6 + arch/x86/lib/atomic64_386_32.S | 135 +++++++++ arch/x86/lib/atomic64_cx8_32.S | 78 ++++- arch/x86/mm/mmio-mod.c | 4 +- drivers/acpi/apei/ghes.c | 4 +- drivers/ata/libata-core.c | 5 +- drivers/ata/libata-scsi.c | 2 +- drivers/ata/libata.h | 2 +- drivers/atm/adummy.c | 2 +- drivers/atm/ambassador.c | 8 +- drivers/atm/atmtcp.c | 14 +- drivers/atm/eni.c | 10 +- drivers/atm/firestream.c | 8 +- drivers/atm/fore200e.c | 14 +- drivers/atm/he.c | 18 +- drivers/atm/horizon.c | 4 +- drivers/atm/idt77252.c | 36 +-- drivers/atm/iphase.c | 34 +-- drivers/atm/lanai.c | 12 +- drivers/atm/nicstar.c | 47 +-- drivers/atm/solos-pci.c | 4 +- drivers/atm/suni.c | 5 +- drivers/atm/uPD98402.c | 16 +- drivers/atm/zatm.c | 7 +- drivers/base/power/wakeup.c | 8 +- drivers/block/drbd/drbd_bitmap.c | 2 +- drivers/block/drbd/drbd_int.h | 9 +- drivers/block/drbd/drbd_main.c | 15 +- drivers/block/drbd/drbd_nl.c | 16 +- drivers/block/drbd/drbd_receiver.c | 34 +-- drivers/block/drbd/drbd_worker.c | 8 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_si_intf.c | 8 +- drivers/crypto/hifn_795x.c | 4 +- drivers/edac/edac_device.c | 4 +- drivers/edac/edac_pci.c | 4 +- drivers/edac/edac_pci_sysfs.c | 20 +- drivers/firewire/core-card.c | 4 +- drivers/firmware/efi/cper.c | 8 +- drivers/gpio/gpio-vr41xx.c | 2 +- drivers/gpu/drm/i810/i810_drv.h | 4 +- drivers/gpu/drm/mga/mga_drv.h | 4 +- drivers/gpu/drm/mga/mga_irq.c | 9 +- drivers/gpu/drm/qxl/qxl_cmd.c | 12 +- drivers/gpu/drm/qxl/qxl_debugfs.c | 8 +- drivers/gpu/drm/qxl/qxl_drv.h | 8 +- drivers/gpu/drm/qxl/qxl_irq.c | 16 +- drivers/gpu/drm/r128/r128_cce.c | 2 +- drivers/gpu/drm/r128/r128_drv.h | 4 +- drivers/gpu/drm/r128/r128_irq.c | 4 +- drivers/gpu/drm/r128/r128_state.c | 4 +- drivers/gpu/drm/via/via_drv.h | 4 +- drivers/gpu/drm/via/via_irq.c | 18 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 6 +- drivers/gpu/drm/vmwgfx/vmwgfx_irq.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_marker.c | 2 +- drivers/hid/hid-core.c | 4 +- drivers/hv/channel.c | 4 +- drivers/hv/hv_balloon.c | 19 +- drivers/hv/hyperv_vmbus.h | 2 +- drivers/hwmon/sht15.c | 12 +- drivers/infiniband/core/cm.c | 52 ++-- drivers/infiniband/core/fmr_pool.c | 23 +- drivers/infiniband/hw/cxgb4/mem.c | 4 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/hw/mlx4/mcg.c | 2 +- drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 +- drivers/infiniband/hw/nes/nes.c | 4 +- drivers/infiniband/hw/nes/nes.h | 40 +-- drivers/infiniband/hw/nes/nes_cm.c | 62 ++-- drivers/infiniband/hw/nes/nes_mgt.c | 8 +- drivers/infiniband/hw/nes/nes_nic.c | 40 +-- drivers/infiniband/hw/nes/nes_verbs.c | 10 +- drivers/input/gameport/gameport.c | 4 +- drivers/input/input.c | 4 +- drivers/input/misc/ims-pcu.c | 4 +- drivers/input/serio/serio.c | 4 +- drivers/input/serio/serio_raw.c | 4 +- drivers/isdn/capi/capi.c | 11 +- drivers/md/dm-core.h | 4 +- drivers/md/dm-raid.c | 3 +- drivers/md/dm-raid1.c | 18 +- drivers/md/dm-stripe.c | 11 +- drivers/md/dm.c | 12 +- drivers/md/md.c | 32 ++- drivers/md/md.h | 15 +- drivers/md/raid1.c | 8 +- drivers/md/raid10.c | 20 +- drivers/md/raid5.c | 17 +- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/pci/solo6x10/solo6x10-p2m.c | 3 +- drivers/media/pci/solo6x10/solo6x10.h | 2 +- drivers/media/pci/tw68/tw68-core.c | 2 +- drivers/media/radio/radio-maxiradio.c | 2 +- drivers/media/radio/radio-shark.c | 2 +- drivers/media/radio/radio-shark2.c | 2 +- drivers/media/radio/radio-si476x.c | 2 +- drivers/media/v4l2-core/v4l2-device.c | 4 +- drivers/misc/lis3lv02d/lis3lv02d.c | 8 +- drivers/misc/lis3lv02d/lis3lv02d.h | 2 +- drivers/misc/lkdtm.h | 17 ++ drivers/misc/lkdtm_bugs.c | 205 +++++++++++++ drivers/misc/lkdtm_core.c | 17 ++ drivers/misc/sgi-gru/gruhandles.c | 4 +- drivers/misc/sgi-gru/gruprocfs.c | 8 +- drivers/misc/sgi-gru/grutables.h | 158 +++++----- drivers/net/hyperv/hyperv_net.h | 2 +- drivers/net/hyperv/rndis_filter.c | 4 +- drivers/net/ipvlan/ipvlan_core.c | 2 +- drivers/net/macvlan.c | 2 +- drivers/net/usb/sierra_net.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt2x00.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2x00queue.c | 4 +- drivers/oprofile/buffer_sync.c | 8 +- drivers/oprofile/event_buffer.c | 2 +- drivers/oprofile/oprof.c | 2 +- drivers/oprofile/oprofile_stats.c | 10 +- drivers/oprofile/oprofile_stats.h | 10 +- drivers/oprofile/oprofilefs.c | 8 +- drivers/regulator/core.c | 4 +- drivers/scsi/fcoe/fcoe_sysfs.c | 12 +- drivers/scsi/libfc/fc_exch.c | 54 ++-- drivers/scsi/lpfc/lpfc.h | 8 +- drivers/scsi/lpfc/lpfc_debugfs.c | 18 +- drivers/scsi/lpfc/lpfc_scsi.c | 10 +- drivers/scsi/pmcraid.c | 24 +- drivers/scsi/pmcraid.h | 8 +- drivers/scsi/qla4xxx/ql4_def.h | 3 +- drivers/scsi/qla4xxx/ql4_os.c | 7 +- drivers/scsi/scsi_lib.c | 8 +- drivers/scsi/scsi_sysfs.c | 2 +- drivers/scsi/scsi_transport_fc.c | 6 +- drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/scsi_transport_srp.c | 6 +- drivers/scsi/sd.c | 2 +- drivers/target/sbp/sbp_target.c | 4 +- drivers/tty/hvc/hvsi.c | 12 +- drivers/tty/hvc/hvsi_lib.c | 4 +- drivers/tty/serial/ioc4_serial.c | 6 +- drivers/tty/serial/msm_serial.c | 4 +- drivers/uio/uio.c | 13 +- drivers/usb/atm/usbatm.c | 24 +- drivers/usb/core/devices.c | 6 +- drivers/usb/core/hcd.c | 4 +- drivers/usb/core/sysfs.c | 2 +- drivers/usb/core/usb.c | 2 +- drivers/usb/host/ehci-hub.c | 4 +- drivers/usb/misc/appledisplay.c | 4 +- drivers/usb/usbip/vhci.h | 2 +- drivers/usb/usbip/vhci_hcd.c | 6 +- drivers/usb/usbip/vhci_rx.c | 2 +- drivers/usb/wusbcore/wa-hc.h | 4 +- drivers/usb/wusbcore/wa-xfer.c | 2 +- drivers/video/fbdev/hyperv_fb.c | 4 +- drivers/video/fbdev/udlfb.c | 32 +-- fs/afs/inode.c | 4 +- fs/btrfs/delayed-inode.c | 6 +- fs/btrfs/delayed-inode.h | 4 +- fs/cachefiles/daemon.c | 4 +- fs/cachefiles/internal.h | 16 +- fs/cachefiles/namei.c | 6 +- fs/cachefiles/proc.c | 12 +- fs/ceph/super.c | 4 +- fs/cifs/cifs_debug.c | 14 +- fs/cifs/cifsfs.c | 4 +- fs/cifs/cifsglob.h | 55 ++-- fs/cifs/misc.c | 4 +- fs/cifs/smb1ops.c | 80 +++--- fs/cifs/smb2ops.c | 84 +++--- fs/coda/cache.c | 10 +- fs/coredump.c | 6 +- fs/ext4/ext4.h | 20 +- fs/ext4/mballoc.c | 44 +-- fs/fscache/cookie.c | 40 +-- fs/fscache/internal.h | 202 ++++++------- fs/fscache/object.c | 26 +- fs/fscache/operation.c | 38 +-- fs/fscache/page.c | 110 +++---- fs/fscache/stats.c | 348 +++++++++++------------ fs/inode.c | 5 +- fs/kernfs/file.c | 12 +- fs/lockd/clntproc.c | 4 +- fs/namespace.c | 4 +- fs/nfs/inode.c | 6 +- fs/notify/notification.c | 4 +- fs/ocfs2/localalloc.c | 2 +- fs/ocfs2/ocfs2.h | 10 +- fs/ocfs2/suballoc.c | 12 +- fs/ocfs2/super.c | 20 +- fs/proc/meminfo.c | 2 +- fs/quota/netlink.c | 4 +- fs/reiserfs/do_balan.c | 2 +- fs/reiserfs/procfs.c | 2 +- fs/reiserfs/reiserfs.h | 4 +- include/asm-generic/atomic-long.h | 166 ++++++++--- include/asm-generic/atomic.h | 9 + include/asm-generic/atomic64.h | 13 + include/asm-generic/bug.h | 4 + include/asm-generic/local.h | 15 + include/linux/atmdev.h | 2 +- include/linux/atomic.h | 14 + include/linux/blktrace_api.h | 2 +- include/linux/fscache-cache.h | 2 +- include/linux/genhd.h | 2 +- include/linux/irqdesc.h | 2 +- include/linux/kgdb.h | 2 +- include/linux/mm.h | 2 +- include/linux/mmzone.h | 4 +- include/linux/netdevice.h | 8 +- include/linux/oprofile.h | 2 +- include/linux/padata.h | 2 +- include/linux/percpu-refcount.h | 18 +- include/linux/perf_event.h | 9 +- include/linux/sched.h | 2 +- include/linux/slab_def.h | 8 +- include/linux/sonet.h | 2 +- include/linux/sunrpc/svc_rdma.h | 18 +- include/linux/swapops.h | 10 +- include/linux/types.h | 17 ++ include/linux/uio_driver.h | 2 +- include/linux/usb.h | 2 +- include/linux/vmstat.h | 38 +-- include/media/v4l2-device.h | 2 +- include/net/bonding.h | 2 +- include/net/caif/cfctrl.h | 4 +- include/net/flow.h | 2 +- include/net/gro_cells.h | 2 +- include/net/inetpeer.h | 3 +- include/net/ip_fib.h | 2 +- include/net/ip_vs.h | 4 +- include/net/iucv/af_iucv.h | 2 +- include/net/net_namespace.h | 12 +- include/net/netns/ipv4.h | 4 +- include/net/netns/ipv6.h | 4 +- include/net/netns/xfrm.h | 2 +- include/net/sock.h | 8 +- include/net/tcp.h | 2 +- include/net/xfrm.h | 2 +- include/scsi/scsi_device.h | 6 +- include/video/udlfb.h | 12 +- kernel/audit.c | 8 +- kernel/auditsc.c | 4 +- kernel/debug/debug_core.c | 16 +- kernel/events/core.c | 26 +- kernel/irq/manage.c | 2 +- kernel/irq/spurious.c | 2 +- kernel/locking/lockdep.c | 2 +- kernel/padata.c | 4 +- kernel/panic.c | 12 + kernel/profile.c | 16 +- kernel/rcu/rcutorture.c | 61 ++-- kernel/rcu/tree.c | 36 +-- kernel/rcu/tree.h | 10 +- kernel/rcu/tree_exp.h | 2 +- kernel/rcu/tree_plugin.h | 12 +- kernel/rcu/tree_trace.c | 14 +- kernel/sched/auto_group.c | 4 +- kernel/time/timer_stats.c | 11 +- kernel/trace/blktrace.c | 6 +- kernel/trace/ftrace.c | 4 +- kernel/trace/ring_buffer.c | 98 +++---- kernel/trace/trace_clock.c | 4 +- kernel/trace/trace_functions_graph.c | 4 +- kernel/trace/trace_mmiotrace.c | 8 +- lib/percpu-refcount.c | 12 +- lib/show_mem.c | 3 +- mm/backing-dev.c | 4 +- mm/memory-failure.c | 2 +- mm/slab.c | 16 +- mm/sparse.c | 2 +- mm/swapfile.c | 12 +- mm/vmstat.c | 26 +- net/atm/atm_misc.c | 8 +- net/atm/proc.c | 8 +- net/atm/resources.c | 4 +- net/batman-adv/bat_iv_ogm.c | 8 +- net/batman-adv/fragmentation.c | 3 +- net/batman-adv/soft-interface.c | 6 +- net/batman-adv/types.h | 6 +- net/caif/cfctrl.c | 11 +- net/ceph/messenger.c | 4 +- net/core/datagram.c | 2 +- net/core/dev.c | 18 +- net/core/flow.c | 9 +- net/core/net-sysfs.c | 2 +- net/core/netpoll.c | 4 +- net/core/rtnetlink.c | 2 +- net/core/sock.c | 14 +- net/core/sock_diag.c | 8 +- net/ipv4/devinet.c | 4 +- net/ipv4/fib_frontend.c | 6 +- net/ipv4/fib_semantics.c | 2 +- net/ipv4/inet_connection_sock.c | 4 +- net/ipv4/inet_timewait_sock.c | 3 +- net/ipv4/inetpeer.c | 2 +- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ping.c | 2 +- net/ipv4/raw.c | 5 +- net/ipv4/route.c | 12 +- net/ipv4/tcp_input.c | 2 +- net/ipv4/udp.c | 10 +- net/ipv6/addrconf.c | 7 +- net/ipv6/af_inet6.c | 2 +- net/ipv6/datagram.c | 2 +- net/ipv6/ip6_fib.c | 4 +- net/ipv6/raw.c | 6 +- net/ipv6/udp.c | 6 +- net/iucv/af_iucv.c | 5 +- net/key/af_key.c | 4 +- net/l2tp/l2tp_eth.c | 38 +-- net/netfilter/ipvs/ip_vs_conn.c | 6 +- net/netfilter/ipvs/ip_vs_core.c | 8 +- net/netfilter/ipvs/ip_vs_ctl.c | 12 +- net/netfilter/ipvs/ip_vs_sync.c | 6 +- net/netfilter/ipvs/ip_vs_xmit.c | 4 +- net/netfilter/nfnetlink_log.c | 4 +- net/netfilter/xt_statistic.c | 9 +- net/netlink/af_netlink.c | 4 +- net/packet/af_packet.c | 4 +- net/phonet/pep.c | 6 +- net/phonet/socket.c | 2 +- net/rds/cong.c | 6 +- net/rds/ib.h | 2 +- net/rds/ib_cm.c | 2 +- net/rds/ib_recv.c | 4 +- net/rxrpc/af_rxrpc.c | 2 +- net/rxrpc/ar-internal.h | 4 +- net/rxrpc/call_object.c | 2 +- net/rxrpc/conn_event.c | 4 +- net/rxrpc/conn_object.c | 2 +- net/rxrpc/local_object.c | 2 +- net/rxrpc/output.c | 4 +- net/rxrpc/peer_object.c | 2 +- net/rxrpc/proc.c | 2 +- net/rxrpc/rxkad.c | 4 +- net/sched/sch_generic.c | 4 +- net/sctp/sctp_diag.c | 2 +- net/sunrpc/auth_gss/svcauth_gss.c | 4 +- net/sunrpc/sched.c | 4 +- net/sunrpc/xprtrdma/svc_rdma.c | 36 +-- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- net/sunrpc/xprtrdma/svc_rdma_sendto.c | 2 +- net/sunrpc/xprtrdma/svc_rdma_transport.c | 2 +- net/xfrm/xfrm_policy.c | 11 +- net/xfrm/xfrm_state.c | 4 +- security/Kconfig | 15 + security/integrity/ima/ima.h | 4 +- security/integrity/ima/ima_api.c | 2 +- security/integrity/ima/ima_fs.c | 4 +- security/integrity/ima/ima_queue.c | 2 +- security/selinux/avc.c | 7 +- security/selinux/include/xfrm.h | 2 +- 372 files changed, 3520 insertions(+), 2017 deletions(-) -- 2.7.4