From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751898AbdFTTlR (ORCPT ); Tue, 20 Jun 2017 15:41:17 -0400 Received: from mx1.redhat.com ([209.132.183.28]:49052 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751002AbdFTTlQ (ORCPT ); Tue, 20 Jun 2017 15:41:16 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 781C07EBD2 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=riel@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 781C07EBD2 Message-ID: <1497987673.20270.107.camel@redhat.com> Subject: Re: [kernel-hardening] [PATCH 00/23] Hardened usercopy whitelisting From: Rik van Riel To: Kees Cook , kernel-hardening@lists.openwall.com Cc: David Windsor , linux-mm@kvack.org, linux-kernel@vger.kernel.org Date: Tue, 20 Jun 2017 15:41:13 -0400 In-Reply-To: <1497915397-93805-1-git-send-email-keescook@chromium.org> References: <1497915397-93805-1-git-send-email-keescook@chromium.org> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-3ihE6/2MaQiT3iOQ6Gtk" Mime-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 20 Jun 2017 19:41:15 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-3ihE6/2MaQiT3iOQ6Gtk Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2017-06-19 at 16:36 -0700, Kees Cook wrote: > This series is modified from Brad Spengler/PaX Team's PAX_USERCOPY > code > in the last public patch of grsecurity/PaX based on our understanding > of the code. Changes or omissions from the original code are ours and > don't reflect the original grsecurity/PaX code. >=20 > David Windsor did the bulk of the porting, refactoring, splitting, > testing, etc; I just did some extra tweaks, hunk moving, and small > extra patches. >=20 >=20 > This updates the slab allocator to add annotations (useroffset and > usersize) to define allowed usercopy regions. This is a great improvement over the old system of having a few whitelisted kmalloc caches, and bounce buffering to copy data from caches that are not whitelisted! I like it. --=20 All rights reversed --=-3ihE6/2MaQiT3iOQ6Gtk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJZSXpZAAoJEM553pKExN6DM4UH/1B6tlBjRtn/7Ce6np+or7Cm bmHL8dw81Dgbs4sjkA/yPZVcnunN8v5KsWpqTuDuU0V6by+b+zt0lao5vMn1gRuW YgGucAs6+EGuwWOw6dH8BYoUTO6DCDi16W8yKMIjXKeY0ORmGWC5+5EfCNvJUr7H NzaQb+Io/iJxIllc1iTXchRHRuZYvN7pSJtaxI8oukbkuibs01QC7s04YxLUQEef MEkNBRimVgxulFdr1YVgFlZ5U8Tun26aWXP3APGGH7dg4HsZo1JsqvVshXUytcvQ pBJywFWStinKDkiHrBKvqh4VUkAS0chlyujCuVtnKYPMQRs0m1iZCwmmwHLSJZA= =dguK -----END PGP SIGNATURE----- --=-3ihE6/2MaQiT3iOQ6Gtk--