From: keescook@chromium.org (Kees Cook)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 11/11] mm: SLUB hardened usercopy support
Date: Thu, 14 Jul 2016 21:29:25 -0700 [thread overview]
Message-ID: <CAGXu5j+Ub2-jmTa-XmF90Gd+ze1os+eqk_yijouCSQoLvU1hNQ@mail.gmail.com> (raw)
In-Reply-To: <20160715020550.GB13944@balbir.ozlabs.ibm.com>
On Thu, Jul 14, 2016 at 7:05 PM, Balbir Singh <bsingharora@gmail.com> wrote:
> On Wed, Jul 13, 2016 at 02:56:04PM -0700, Kees Cook wrote:
>> Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the
>> SLUB allocator to catch any copies that may span objects. Includes a
>> redzone handling fix from Michael Ellerman.
>>
>> Based on code from PaX and grsecurity.
>>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> init/Kconfig | 1 +
>> mm/slub.c | 36 ++++++++++++++++++++++++++++++++++++
>> 2 files changed, 37 insertions(+)
>>
>> diff --git a/init/Kconfig b/init/Kconfig
>> index 798c2020ee7c..1c4711819dfd 100644
>> --- a/init/Kconfig
>> +++ b/init/Kconfig
>> @@ -1765,6 +1765,7 @@ config SLAB
>>
>> config SLUB
>> bool "SLUB (Unqueued Allocator)"
>> + select HAVE_HARDENED_USERCOPY_ALLOCATOR
>
> Should this patch come in earlier from a build perspective? I think
> patch 1 introduces and uses __check_heap_object.
__check_heap_object in patch 1 is protected by a check for
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR.
It seemed better to be to do arch enablement first, and then add the
per-allocator heap object size check since it was a distinct piece.
I'm happy to rearrange things, though, if there's a good reason.
-Kees
--
Kees Cook
Chrome OS & Brillo Security
prev parent reply other threads:[~2016-07-15 4:29 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-13 21:55 [PATCH v2 0/11] mm: Hardened usercopy Kees Cook
2016-07-13 21:55 ` [PATCH v2 01/11] mm: Implement stack frame object validation Kees Cook
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:04 ` Kees Cook
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 18:10 ` Kees Cook
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 21:38 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 02/11] mm: Hardened usercopy Kees Cook
2016-07-14 23:20 ` Balbir Singh
2016-07-15 1:04 ` Rik van Riel
2016-07-15 1:41 ` Balbir Singh
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 12:55 ` Balbir Singh
2016-07-15 4:25 ` Kees Cook
2016-07-15 19:00 ` [kernel-hardening] " Daniel Micay
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:23 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 03/11] x86/uaccess: Enable hardened usercopy Kees Cook
2016-07-13 21:55 ` [PATCH v2 04/11] ARM: uaccess: " Kees Cook
2016-07-13 21:55 ` [PATCH v2 05/11] arm64/uaccess: " Kees Cook
2016-07-13 21:55 ` [PATCH v2 06/11] ia64/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 07/11] powerpc/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 08/11] sparc/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 09/11] s390/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 10/11] mm: SLAB hardened usercopy support Kees Cook
2016-07-13 21:56 ` [PATCH v2 11/11] mm: SLUB " Kees Cook
2016-07-15 2:05 ` Balbir Singh
2016-07-15 4:29 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5j+Ub2-jmTa-XmF90Gd+ze1os+eqk_yijouCSQoLvU1hNQ@mail.gmail.com \
--to=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).