From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
David Windsor <dave@nullcore.net>,
"David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Christoph Hellwig <hch@infradead.org>,
Christoph Lameter <cl@linux.com>,
Laura Abbott <labbott@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Christoffer Dall <christoffer.dall@linaro.org>,
Dave Kleikamp <dave.kleikamp@oracle.com>, Jan Kara <jack@suse.cz>,
Luis de Bethencourt <luisbg@kernel.org>,
Marc Zyngier <marc.zyngier@arm.com>,
Rik van Riel <riel@redhat.com>,
Matthew Garrett <mjg59@google.com>,
linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org,
linux-mm@kvack.org, kernel-hardening@lists.openwall.com
Subject: [PATCH 25/38] caif: Define usercopy region in caif proto slab cache
Date: Wed, 10 Jan 2018 18:02:57 -0800 [thread overview]
Message-ID: <1515636190-24061-26-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1515636190-24061-1-git-send-email-keescook@chromium.org>
From: David Windsor <dave@nullcore.net>
The CAIF channel connection request parameters need to be copied to/from
userspace. In support of usercopy hardening, this patch defines a region
in the struct proto slab cache in which userspace copy operations are
allowed.
example usage trace:
net/caif/caif_socket.c:
setsockopt(...):
...
copy_from_user(&cf_sk->conn_req.param.data, ..., ol)
This region is known as the slab cache's usercopy region. Slab caches
can now check that each dynamically sized copy operation involving
cache-managed memory falls entirely within the slab's usercopy region.
This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <dave@nullcore.net>
[kees: split from network patch, provide usage trace]
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
net/caif/caif_socket.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 632d5a416d97..c76d513b9a7a 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -1032,6 +1032,8 @@ static int caif_create(struct net *net, struct socket *sock, int protocol,
static struct proto prot = {.name = "PF_CAIF",
.owner = THIS_MODULE,
.obj_size = sizeof(struct caifsock),
+ .useroffset = offsetof(struct caifsock, conn_req.param),
+ .usersize = sizeof_field(struct caifsock, conn_req.param)
};
if (!capable(CAP_SYS_ADMIN) && !capable(CAP_NET_ADMIN))
--
2.7.4
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2018-01-11 2:09 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-11 2:02 [PATCH v5 00/38] Hardened usercopy whitelisting Kees Cook
2018-01-11 2:02 ` [PATCH 01/38] usercopy: Remove pointer from overflow report Kees Cook
2018-01-11 2:02 ` [PATCH 02/38] usercopy: Enhance and rename report_usercopy() Kees Cook
2018-01-11 17:06 ` Christopher Lameter
2018-01-14 20:57 ` Kees Cook
2018-01-11 2:02 ` [PATCH 03/38] usercopy: Include offset in hardened usercopy report Kees Cook
2018-01-11 2:02 ` [PATCH 04/38] lkdtm/usercopy: Adjust test to include an offset to check reporting Kees Cook
2018-01-11 2:02 ` [PATCH 05/38] stddef.h: Introduce sizeof_field() Kees Cook
2018-01-11 2:02 ` [PATCH 06/38] usercopy: Prepare for usercopy whitelisting Kees Cook
2018-01-11 2:02 ` [PATCH 07/38] usercopy: WARN() on slab cache usercopy region violations Kees Cook
2018-01-11 2:02 ` [PATCH 08/38] usercopy: Allow strict enforcement of whitelists Kees Cook
2018-01-11 2:02 ` [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches Kees Cook
2019-11-12 7:17 ` [kernel-hardening] " Jiri Slaby
2019-11-12 21:21 ` Kees Cook
2019-11-14 21:27 ` Kees Cook
2020-01-23 8:14 ` Jiri Slaby
2020-01-27 23:19 ` Kees Cook
2020-01-28 7:58 ` Christian Borntraeger
2020-01-28 23:01 ` Kees Cook
2020-01-29 9:26 ` Ursula Braun
2020-01-29 16:43 ` Christopher Lameter
2020-01-29 17:07 ` Christian Borntraeger
2020-01-29 17:09 ` Christoph Hellwig
2020-01-29 17:19 ` Christian Borntraeger
2020-01-30 19:23 ` Kees Cook
2020-01-31 12:03 ` Jann Horn
2020-02-01 17:56 ` Kees Cook
2020-02-01 19:27 ` Jann Horn
2020-02-03 7:46 ` Matthew Wilcox
2020-02-03 17:41 ` Christoph Hellwig
2020-02-03 17:20 ` Christopher Lameter
2020-04-07 8:00 ` Vlastimil Babka
2020-04-07 11:05 ` Christian Borntraeger
2020-04-20 7:53 ` Jiri Slaby
2020-04-20 17:43 ` Kees Cook
2020-02-03 17:38 ` Christoph Hellwig
2020-02-03 17:36 ` Christoph Hellwig
2018-01-11 2:02 ` [PATCH 10/38] dcache: Define usercopy region in dentry_cache slab cache Kees Cook
2018-01-11 2:02 ` [PATCH 11/38] vfs: Define usercopy region in names_cache slab caches Kees Cook
2018-01-11 2:02 ` [PATCH 12/38] vfs: Copy struct mount.mnt_id to userspace using put_user() Kees Cook
2018-01-11 2:02 ` [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache Kees Cook
2018-01-11 17:01 ` Theodore Ts'o
2018-01-11 23:05 ` Kees Cook
2018-01-14 22:34 ` Matthew Wilcox
2018-01-11 2:02 ` [PATCH 14/38] ext2: Define usercopy region in ext2_inode_cache " Kees Cook
2018-01-11 2:02 ` [PATCH 15/38] jfs: Define usercopy region in jfs_ip " Kees Cook
2018-01-11 2:02 ` [PATCH 16/38] befs: Define usercopy region in befs_inode_cache " Kees Cook
2018-01-11 2:02 ` [PATCH 17/38] exofs: Define usercopy region in exofs_inode_cache " Kees Cook
2018-01-11 2:02 ` [PATCH 18/38] orangefs: Define usercopy region in orangefs_inode_cache " Kees Cook
2018-01-11 2:02 ` [PATCH 19/38] ufs: Define usercopy region in ufs_inode_cache " Kees Cook
2018-01-11 2:02 ` [PATCH 20/38] vxfs: Define usercopy region in vxfs_inode " Kees Cook
2018-01-11 2:02 ` [PATCH 21/38] cifs: Define usercopy region in cifs_request " Kees Cook
2018-01-11 2:02 ` [PATCH 22/38] scsi: Define usercopy region in scsi_sense_cache " Kees Cook
2018-01-11 2:02 ` [PATCH 23/38] net: Define usercopy region in struct proto " Kees Cook
2018-01-11 2:02 ` [PATCH 24/38] ip: Define usercopy region in IP " Kees Cook
2018-01-11 2:02 ` Kees Cook [this message]
2018-01-11 2:02 ` [PATCH 26/38] sctp: Define usercopy region in SCTP " Kees Cook
2018-01-11 2:02 ` [PATCH 27/38] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() Kees Cook
2018-01-18 21:31 ` Laura Abbott
2018-01-18 21:36 ` Kees Cook
2018-01-11 2:03 ` [PATCH 28/38] net: Restrict unwhitelisted proto caches to size 0 Kees Cook
2018-01-11 2:03 ` [PATCH 29/38] fork: Define usercopy region in mm_struct slab caches Kees Cook
2018-01-11 2:03 ` [PATCH 30/38] fork: Define usercopy region in thread_stack " Kees Cook
2018-01-11 2:03 ` [PATCH 31/38] fork: Provide usercopy whitelisting for task_struct Kees Cook
2018-01-11 2:03 ` [PATCH 32/38] x86: Implement thread_struct whitelist for hardened usercopy Kees Cook
2018-01-11 2:03 ` [PATCH 33/38] arm64: " Kees Cook
2018-01-15 12:24 ` Dave P Martin
2018-01-15 20:06 ` Kees Cook
2018-01-16 12:33 ` Dave Martin
2018-01-11 2:03 ` [PATCH 34/38] arm: " Kees Cook
2018-01-11 10:24 ` Russell King - ARM Linux
2018-01-11 23:21 ` Kees Cook
2018-01-11 2:03 ` [PATCH 35/38] kvm: whitelist struct kvm_vcpu_arch Kees Cook
2018-01-11 2:03 ` [PATCH 36/38] kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Kees Cook
2018-01-11 2:03 ` [PATCH 37/38] usercopy: Restrict non-usercopy caches to size 0 Kees Cook
2018-01-11 2:03 ` [PATCH 38/38] lkdtm: Update usercopy tests for whitelisting Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1515636190-24061-26-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=borntraeger@de.ibm.com \
--cc=christoffer.dall@linaro.org \
--cc=cl@linux.com \
--cc=dave.kleikamp@oracle.com \
--cc=dave@nullcore.net \
--cc=davem@davemloft.net \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luisbg@kernel.org \
--cc=luto@kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=martin.petersen@oracle.com \
--cc=mjg59@google.com \
--cc=netdev@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).