* [PATCH] MIPS: Enable hardened usercopy
@ 2016-10-08 21:47 ` Paul Burton
0 siblings, 0 replies; 6+ messages in thread
From: Paul Burton @ 2016-10-08 21:47 UTC (permalink / raw)
To: linux-mips; +Cc: Paul Burton, Ralf Baechle, Kees Cook
Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object
size in all of copy_{to,from}_user(), __copy_{to,from}_user() &
__copy_{to,from}_user_inatomic().
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Kees Cook <keescook@chromium.org>
---
arch/mips/Kconfig | 1 +
arch/mips/include/asm/uaccess.h | 18 ++++++++++++++++++
2 files changed, 19 insertions(+)
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 1a322c8..87d7a1f3 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -65,6 +65,7 @@ config MIPS
select HANDLE_DOMAIN_IRQ
select HAVE_EXIT_THREAD
select HAVE_REGS_AND_STACK_ACCESS_API
+ select HAVE_ARCH_HARDENED_USERCOPY
menu "Machine selection"
diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
index 21a2aab..c65707d 100644
--- a/arch/mips/include/asm/uaccess.h
+++ b/arch/mips/include/asm/uaccess.h
@@ -858,7 +858,10 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_from, __cu_len, true); \
might_fault(); \
+ \
if (eva_kernel_access()) \
__cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \
__cu_len); \
@@ -879,6 +882,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_from, __cu_len, true); \
+ \
if (eva_kernel_access()) \
__cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \
__cu_len); \
@@ -897,6 +903,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_to, __cu_len, false); \
+ \
if (eva_kernel_access()) \
__cu_len = __invoke_copy_from_kernel_inatomic(__cu_to, \
__cu_from,\
@@ -931,6 +940,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_from, __cu_len, true); \
+ \
if (eva_kernel_access()) { \
__cu_len = __invoke_copy_to_kernel(__cu_to, \
__cu_from, \
@@ -1123,6 +1135,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_to, __cu_len, false); \
+ \
if (eva_kernel_access()) { \
__cu_len = __invoke_copy_from_kernel(__cu_to, \
__cu_from, \
@@ -1161,6 +1176,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_to, __cu_len, false); \
+ \
if (eva_kernel_access()) { \
__cu_len = __invoke_copy_from_kernel(__cu_to, \
__cu_from, \
--
2.10.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] MIPS: Enable hardened usercopy
@ 2016-10-08 21:47 ` Paul Burton
0 siblings, 0 replies; 6+ messages in thread
From: Paul Burton @ 2016-10-08 21:47 UTC (permalink / raw)
To: linux-mips; +Cc: Paul Burton, Ralf Baechle, Kees Cook
Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object
size in all of copy_{to,from}_user(), __copy_{to,from}_user() &
__copy_{to,from}_user_inatomic().
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Kees Cook <keescook@chromium.org>
---
arch/mips/Kconfig | 1 +
arch/mips/include/asm/uaccess.h | 18 ++++++++++++++++++
2 files changed, 19 insertions(+)
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 1a322c8..87d7a1f3 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -65,6 +65,7 @@ config MIPS
select HANDLE_DOMAIN_IRQ
select HAVE_EXIT_THREAD
select HAVE_REGS_AND_STACK_ACCESS_API
+ select HAVE_ARCH_HARDENED_USERCOPY
menu "Machine selection"
diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
index 21a2aab..c65707d 100644
--- a/arch/mips/include/asm/uaccess.h
+++ b/arch/mips/include/asm/uaccess.h
@@ -858,7 +858,10 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_from, __cu_len, true); \
might_fault(); \
+ \
if (eva_kernel_access()) \
__cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \
__cu_len); \
@@ -879,6 +882,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_from, __cu_len, true); \
+ \
if (eva_kernel_access()) \
__cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \
__cu_len); \
@@ -897,6 +903,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_to, __cu_len, false); \
+ \
if (eva_kernel_access()) \
__cu_len = __invoke_copy_from_kernel_inatomic(__cu_to, \
__cu_from,\
@@ -931,6 +940,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_from, __cu_len, true); \
+ \
if (eva_kernel_access()) { \
__cu_len = __invoke_copy_to_kernel(__cu_to, \
__cu_from, \
@@ -1123,6 +1135,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_to, __cu_len, false); \
+ \
if (eva_kernel_access()) { \
__cu_len = __invoke_copy_from_kernel(__cu_to, \
__cu_from, \
@@ -1161,6 +1176,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n);
__cu_to = (to); \
__cu_from = (from); \
__cu_len = (n); \
+ \
+ check_object_size(__cu_to, __cu_len, false); \
+ \
if (eva_kernel_access()) { \
__cu_len = __invoke_copy_from_kernel(__cu_to, \
__cu_from, \
--
2.10.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] MIPS: Enable hardened usercopy
2016-10-08 21:47 ` Paul Burton
(?)
@ 2016-10-10 13:26 ` Ralf Baechle
2016-10-13 6:36 ` Kees Cook
-1 siblings, 1 reply; 6+ messages in thread
From: Ralf Baechle @ 2016-10-10 13:26 UTC (permalink / raw)
To: Paul Burton; +Cc: linux-mips, Kees Cook
On Sat, Oct 08, 2016 at 10:47:14PM +0100, Paul Burton wrote:
> Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object
> size in all of copy_{to,from}_user(), __copy_{to,from}_user() &
> __copy_{to,from}_user_inatomic().
Patch looks good but I was wondering how about further usermode
accessors such as csum_partial_copy_from_user, csum_and_copy_from_user,
csum_and_copy_to_user, csum_partial_copy_nocheck?
Ralf
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] MIPS: Enable hardened usercopy
2016-10-10 13:26 ` Ralf Baechle
@ 2016-10-13 6:36 ` Kees Cook
2016-10-13 14:08 ` Paul Burton
0 siblings, 1 reply; 6+ messages in thread
From: Kees Cook @ 2016-10-13 6:36 UTC (permalink / raw)
To: Ralf Baechle; +Cc: Paul Burton, Linux MIPS Mailing List, Dmitry Vyukov
On Mon, Oct 10, 2016 at 6:26 AM, Ralf Baechle <ralf@linux-mips.org> wrote:
> On Sat, Oct 08, 2016 at 10:47:14PM +0100, Paul Burton wrote:
>
>> Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object
>> size in all of copy_{to,from}_user(), __copy_{to,from}_user() &
>> __copy_{to,from}_user_inatomic().
Awesome! Thanks for hooking this up. (Were you able to test with
lkdtm's usercopy tests?)
> Patch looks good but I was wondering how about further usermode
> accessors such as csum_partial_copy_from_user, csum_and_copy_from_user,
> csum_and_copy_to_user, csum_partial_copy_nocheck?
Oh, hrm, this seems to be missing for all architectures. I would bet
KASan would be interested in instrumenting these too.
It seems these functions only used by networking code?
-Kees
--
Kees Cook
Nexus Security
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] MIPS: Enable hardened usercopy
2016-10-13 6:36 ` Kees Cook
@ 2016-10-13 14:08 ` Paul Burton
2016-10-13 18:42 ` Kees Cook
0 siblings, 1 reply; 6+ messages in thread
From: Paul Burton @ 2016-10-13 14:08 UTC (permalink / raw)
To: Kees Cook; +Cc: Ralf Baechle, Linux MIPS Mailing List, Dmitry Vyukov
[-- Attachment #1: Type: text/plain, Size: 865 bytes --]
On Wednesday, 12 October 2016 23:36:28 BST Kees Cook wrote:
> On Mon, Oct 10, 2016 at 6:26 AM, Ralf Baechle <ralf@linux-mips.org> wrote:
> > On Sat, Oct 08, 2016 at 10:47:14PM +0100, Paul Burton wrote:
> >> Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object
> >> size in all of copy_{to,from}_user(), __copy_{to,from}_user() &
> >> __copy_{to,from}_user_inatomic().
>
> Awesome! Thanks for hooking this up. (Were you able to test with
> lkdtm's usercopy tests?)
Hi Kees,
Yes - they successfully failed with a v4.8-based kernel, except for the stack
ones (because we don't yet have arch_within_stack_frames, which looks to be
true of everyone but x86) and the heap flags ones, which I gather from your
blog post[1] isn't expected to fail yet.
[1] https://outflux.net/blog/archives/2016/10/04/security-things-in-linux-v4-8/
Thanks,
Paul
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] MIPS: Enable hardened usercopy
2016-10-13 14:08 ` Paul Burton
@ 2016-10-13 18:42 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2016-10-13 18:42 UTC (permalink / raw)
To: Paul Burton; +Cc: Ralf Baechle, Linux MIPS Mailing List, Dmitry Vyukov
On Thu, Oct 13, 2016 at 7:08 AM, Paul Burton <paul.burton@imgtec.com> wrote:
> On Wednesday, 12 October 2016 23:36:28 BST Kees Cook wrote:
>> On Mon, Oct 10, 2016 at 6:26 AM, Ralf Baechle <ralf@linux-mips.org> wrote:
>> > On Sat, Oct 08, 2016 at 10:47:14PM +0100, Paul Burton wrote:
>> >> Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object
>> >> size in all of copy_{to,from}_user(), __copy_{to,from}_user() &
>> >> __copy_{to,from}_user_inatomic().
>>
>> Awesome! Thanks for hooking this up. (Were you able to test with
>> lkdtm's usercopy tests?)
>
> Hi Kees,
>
> Yes - they successfully failed with a v4.8-based kernel, except for the stack
> ones (because we don't yet have arch_within_stack_frames, which looks to be
> true of everyone but x86) and the heap flags ones, which I gather from your
> blog post[1] isn't expected to fail yet.
>
> [1] https://outflux.net/blog/archives/2016/10/04/security-things-in-linux-v4-8/
Yup, perfect, those all sound to have behaved as expected. :) Thanks!
-Kees
--
Kees Cook
Nexus Security
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-10-13 18:42 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-08 21:47 [PATCH] MIPS: Enable hardened usercopy Paul Burton
2016-10-08 21:47 ` Paul Burton
2016-10-10 13:26 ` Ralf Baechle
2016-10-13 6:36 ` Kees Cook
2016-10-13 14:08 ` Paul Burton
2016-10-13 18:42 ` Kees Cook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.