From: Andy Lutomirski <luto@kernel.org>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, Borislav Petkov <bp@alien8.de>,
Kees Cook <keescook@chromium.org>,
Brian Gerst <brgerst@gmail.com>,
Andy Lutomirski <luto@kernel.org>
Subject: [PATCH 0/7] x86: uaccess hardening, easy part
Date: Tue, 24 May 2016 15:48:37 -0700 [thread overview]
Message-ID: <cover.1464129798.git.luto@kernel.org> (raw)
This series hardens x86's uaccess code a bit. It adds warnings for
some screwups, adds an OOPS for a major exploitable screwup, and it
improves debuggability a bit by indicating non-default fs in oopses.
It shouldn't cause any new OOPSes except in the particularly
dangerous case where the kernel faults on a kernel address under
USER_DS, which indicates that an access_ok is missing and is likely
to be easily exploitable -- OOPSing will make it harder to exploit.
I have some draft patches to force OOPSes on user address accesses
under KERNEL_DS (which is a big no-no), but I'd rather make those
warn instead of OOPSing, and I don't have a good implementation of
that yet. Those patches aren't part of this series.
Andy Lutomirski (7):
x86/xen: Simplify set_aliased_prot
x86/extable: Pass error_code and an extra unsigned long to exhandlers
x86/uaccess: Give uaccess faults their own handler
x86/dumpstack: If addr_limit is non-default, display it
x86/uaccess: Warn on uaccess faults other than #PF
x86/uaccess: Don't fix up USER_DS uaccess faults to kernel addresses
x86/uaccess: OOPS or warn on a fault with KERNEL_DS and
!pagefault_disabled()
arch/x86/include/asm/uaccess.h | 19 ++++---
arch/x86/kernel/cpu/mcheck/mce.c | 2 +-
arch/x86/kernel/dumpstack_32.c | 4 ++
arch/x86/kernel/dumpstack_64.c | 5 ++
arch/x86/kernel/kprobes/core.c | 6 +-
arch/x86/kernel/traps.c | 6 +-
arch/x86/lib/getuser.S | 12 ++--
arch/x86/lib/putuser.S | 10 ++--
arch/x86/mm/extable.c | 120 ++++++++++++++++++++++++++++++++++-----
arch/x86/mm/fault.c | 2 +-
arch/x86/xen/enlighten.c | 4 +-
11 files changed, 145 insertions(+), 45 deletions(-)
--
2.5.5
next reply other threads:[~2016-05-24 22:48 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-24 22:48 Andy Lutomirski [this message]
2016-05-24 22:48 ` [PATCH 1/7] x86/xen: Simplify set_aliased_prot Andy Lutomirski
2016-05-25 9:38 ` Andrew Cooper
2016-05-25 9:38 ` Andrew Cooper
2016-05-25 9:50 ` David Vrabel
2016-05-25 9:50 ` [Xen-devel] " David Vrabel
2016-06-10 22:12 ` Andy Lutomirski
2016-06-11 9:29 ` Ingo Molnar
2016-06-11 9:29 ` [Xen-devel] " Ingo Molnar
2016-06-10 22:12 ` Andy Lutomirski
2016-06-11 9:34 ` [tip:x86/asm] x86/xen: Simplify set_aliased_prot() tip-bot for Andy Lutomirski
2016-06-11 9:34 ` tip-bot for Andy Lutomirski
2016-05-24 22:48 ` [PATCH 1/7] x86/xen: Simplify set_aliased_prot Andy Lutomirski
2016-05-24 22:48 ` [PATCH 2/7] x86/extable: Pass error_code and an extra unsigned long to exhandlers Andy Lutomirski
2016-05-24 22:48 ` [PATCH 3/7] x86/uaccess: Give uaccess faults their own handler Andy Lutomirski
2016-05-24 22:48 ` [PATCH 4/7] x86/dumpstack: If addr_limit is non-default, display it Andy Lutomirski
2016-05-25 11:32 ` Borislav Petkov
2016-05-29 16:44 ` Andy Lutomirski
2016-05-25 11:39 ` Borislav Petkov
2016-05-29 16:47 ` Andy Lutomirski
2016-05-29 18:42 ` Boris Petkov
2016-05-29 19:08 ` Andy Lutomirski
2016-05-30 7:40 ` Borislav Petkov
2016-05-24 22:48 ` [PATCH 5/7] x86/uaccess: Warn on uaccess faults other than #PF Andy Lutomirski
2016-05-25 9:49 ` Borislav Petkov
2016-05-29 16:42 ` Andy Lutomirski
2016-05-24 22:48 ` [PATCH 6/7] x86/uaccess: Don't fix up USER_DS uaccess faults to kernel addresses Andy Lutomirski
2016-05-24 22:48 ` [PATCH 7/7] x86/uaccess: OOPS or warn on a fault with KERNEL_DS and !pagefault_disabled() Andy Lutomirski
2016-05-25 15:33 ` Borislav Petkov
2016-05-29 16:52 ` Andy Lutomirski
2016-05-25 3:55 ` [PATCH 0/7] x86: uaccess hardening, easy part Brian Gerst
2016-05-25 17:19 ` Kees Cook
2016-05-25 17:31 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1464129798.git.luto@kernel.org \
--to=luto@kernel.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.