From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Kees Cook <keescook@chromium.org>
Cc: Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Douglas Anderson <dianders@chromium.org>,
Oscar Carter <oscar.carter@gmx.com>,
Mitchell Blank Jr <mitch@sfgoth.com>,
kernel-hardening@lists.openwall.com,
Peter Zijlstra <peterz@infradead.org>,
kgdb-bugreport@lists.sourceforge.net,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
alsa-devel@alsa-project.org, Takashi Iwai <tiwai@suse.com>,
Christian Gromm <christian.gromm@microchip.com>,
Kevin Curtis <kevin.curtis@farsite.co.uk>,
Will Deacon <will@kernel.org>,
devel@driverdev.osuosl.org, linux-s390@vger.kernel.org,
Daniel Thompson <daniel.thompson@linaro.org>,
Jonathan Corbet <corbet@lwn.net>,
Masahiro Yamada <masahiroy@kernel.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Julian Wiedmann <jwi@linux.ibm.com>,
"Matthew Wilcox \(Oracle\)" <willy@infradead.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Nishka Dasgupta <nishkadg.linux@gmail.com>,
Jiri Slaby <jslaby@suse.com>, Jakub Kicinski <kuba@kernel.org>,
Guenter Roeck <linux@roeck-us.net>,
Wambui Karuga <wambui.karugax@gmail.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
linux-input@vger.kernel.org, Ursula Braun <ubraun@linux.ibm.com>,
Stephen Boyd <swboyd@chromium.org>,
Chris Packham <chris.packham@alliedtelesis.co.nz>,
Harald Freudenberger <freude@linux.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Jaroslav Kysela <perex@perex.cz>, Felipe Balbi <balbi@kernel.org>,
Kyungtae Kim <kt0755@gmail.com>,
netdev@vger.kernel.org,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Allen Pais <allen.lkml@gmail.com>,
linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
Jason Wessel <jason.wessel@windriver.com>,
Karsten Graul <kgraul@linux.ibm.com>,
Romain Perier <romain.perier@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH 3/3] tasklet: Introduce new initialization API
Date: Thu, 16 Jul 2020 09:30:10 +0200 [thread overview]
Message-ID: <20200716073010.GB971895@kroah.com> (raw)
In-Reply-To: <20200716030847.1564131-4-keescook@chromium.org>
On Wed, Jul 15, 2020 at 08:08:47PM -0700, Kees Cook wrote:
> From: Romain Perier <romain.perier@gmail.com>
>
> Nowadays, modern kernel subsystems that use callbacks pass the data
> structure associated with a given callback as argument to the callback.
> The tasklet subsystem remains one which passes an arbitrary unsigned
> long to the callback function. This has several problems:
>
> - This keeps an extra field for storing the argument in each tasklet
> data structure, it bloats the tasklet_struct structure with a redundant
> .data field
>
> - No type checking can be performed on this argument. Instead of
> using container_of() like other callback subsystems, it forces callbacks
> to do explicit type cast of the unsigned long argument into the required
> object type.
>
> - Buffer overflows can overwrite the .func and the .data field, so
> an attacker can easily overwrite the function and its first argument
> to whatever it wants.
>
> Add a new tasklet initialization API, via DECLARE_TASKLET() and
> tasklet_setup(), which will replace the existing ones.
>
> This work is greatly inspired by the timer_struct conversion series,
> see commit e99e88a9d2b0 ("treewide: setup_timer() -> timer_setup()")
>
> To avoid problems with both -Wcast-function-type (which is enabled in
> the kernel via -Wextra is several subsystems), and with mismatched
> function prototypes when build with Control Flow Integrity enabled,
> this adds the "use_callback" member to let the tasklet caller choose
> which union member to call through. Once all old API uses are removed,
> this and the .data member will be removed as well. (On 64-bit this does
> not grow the struct size as the new member fills the hole after atomic_t,
> which is also "int" sized.)
>
> Signed-off-by: Romain Perier <romain.perier@gmail.com>
> Co-developed-by: Allen Pais <allen.lkml@gmail.com>
> Signed-off-by: Allen Pais <allen.lkml@gmail.com>
> Co-developed-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> include/linux/interrupt.h | 24 +++++++++++++++++++++++-
> kernel/softirq.c | 18 +++++++++++++++++-
> 2 files changed, 40 insertions(+), 2 deletions(-)
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
next prev parent reply other threads:[~2020-07-16 7:30 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-16 3:08 [PATCH 0/3] Modernize tasklet callback API Kees Cook
2020-07-16 3:08 ` [PATCH 1/3] usb: gadget: udc: Avoid tasklet passing a global Kees Cook
2020-07-16 7:28 ` Greg Kroah-Hartman
2020-07-16 19:41 ` Kees Cook
2020-07-31 9:20 ` Felipe Balbi
2020-07-16 3:08 ` [PATCH 2/3] treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() Kees Cook
2020-07-16 7:30 ` Greg Kroah-Hartman
2020-07-16 11:29 ` Matthew Wilcox
2020-07-16 19:15 ` Kees Cook
2020-07-16 3:08 ` [PATCH 3/3] tasklet: Introduce new initialization API Kees Cook
2020-07-16 7:30 ` Greg Kroah-Hartman [this message]
2020-07-16 15:37 ` Matthew Wilcox
2020-07-16 19:22 ` Kees Cook
2020-07-16 7:57 ` [PATCH 0/3] Modernize tasklet callback API Peter Zijlstra
2020-07-16 8:15 ` Sebastian Andrzej Siewior
2020-07-16 19:24 ` Kees Cook
2020-07-16 19:14 ` Kees Cook
2020-07-16 20:48 ` Dmitry Torokhov
2020-07-16 21:24 ` Kees Cook
2020-07-30 7:03 ` Thomas Gleixner
2020-07-30 18:14 ` Kees Cook
2020-08-03 8:46 ` Allen
2020-08-11 12:16 ` Allen
2020-08-11 21:33 ` Kees Cook
2020-08-12 6:21 ` Takashi Iwai
2020-08-12 11:32 ` Allen
2020-08-12 12:31 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200716073010.GB971895@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=allen.lkml@gmail.com \
--cc=alsa-devel@alsa-project.org \
--cc=balbi@kernel.org \
--cc=bigeasy@linutronix.de \
--cc=borntraeger@de.ibm.com \
--cc=chris.packham@alliedtelesis.co.nz \
--cc=christian.gromm@microchip.com \
--cc=corbet@lwn.net \
--cc=daniel.thompson@linaro.org \
--cc=davem@davemloft.net \
--cc=devel@driverdev.osuosl.org \
--cc=dianders@chromium.org \
--cc=dmitry.torokhov@gmail.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=jason.wessel@windriver.com \
--cc=jslaby@suse.com \
--cc=jwi@linux.ibm.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kevin.curtis@farsite.co.uk \
--cc=kgdb-bugreport@lists.sourceforge.net \
--cc=kgraul@linux.ibm.com \
--cc=kt0755@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=masahiroy@kernel.org \
--cc=mitch@sfgoth.com \
--cc=netdev@vger.kernel.org \
--cc=nishkadg.linux@gmail.com \
--cc=oscar.carter@gmx.com \
--cc=perex@perex.cz \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=romain.perier@gmail.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=swboyd@chromium.org \
--cc=tglx@linutronix.de \
--cc=tiwai@suse.com \
--cc=ubraun@linux.ibm.com \
--cc=wambui.karugax@gmail.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).