* [GIT PULL] usercopy fixes for v4.8-rc6-part2
@ 2016-09-07 18:36 Kees Cook
2016-09-07 19:15 ` Linus Torvalds
0 siblings, 1 reply; 4+ messages in thread
From: Kees Cook @ 2016-09-07 18:36 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-kernel, Vinson Lee
Hi,
Please pull these usercopy fixes for v4.8-rc6-part2.
Thanks!
-Kees
The following changes since commit ab29b33a84f6910ebf01a32f69a370886a4283dd:
Merge tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux (2016-09-07 10:46:06 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/usercopy-v4.8-rc6-part2
for you to fetch changes up to 8e1f74ea02cf4562404c48c6882214821552c13f:
usercopy: remove page-spanning test for now (2016-09-07 11:33:26 -0700)
----------------------------------------------------------------
- force check_object_size() to be inline too
- move page-spanning check behind a CONFIG since it's triggering false positives
----------------------------------------------------------------
Kees Cook (2):
usercopy: force check_object_size() inline
usercopy: remove page-spanning test for now
include/linux/thread_info.h | 4 +--
mm/usercopy.c | 61 ++++++++++++++++++++++++++-------------------
security/Kconfig | 11 ++++++++
3 files changed, 48 insertions(+), 28 deletions(-)
--
Kees Cook
Nexus Security
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [GIT PULL] usercopy fixes for v4.8-rc6-part2 2016-09-07 18:36 [GIT PULL] usercopy fixes for v4.8-rc6-part2 Kees Cook @ 2016-09-07 19:15 ` Linus Torvalds 2016-09-07 21:32 ` Kees Cook 0 siblings, 1 reply; 4+ messages in thread From: Linus Torvalds @ 2016-09-07 19:15 UTC (permalink / raw) To: Kees Cook; +Cc: Linux Kernel Mailing List, Vinson Lee On Wed, Sep 7, 2016 at 11:36 AM, Kees Cook <keescook@chromium.org> wrote: > > - move page-spanning check behind a CONFIG since it's triggering false positives Hmm. I pulled this, but looking at it I realized that + depends on !COMPILE_TEST doesn't make any real sense to me. All it does is make sure that "make allmodconfig" doesn't actually test that the PAGESPAN code compiles. It's not like that is a big cost for allmodconfig builds, but it does mean that it gets less coverage. And it really makes no sense to me. We *don't* want to run with that option enabled normally. I think what you actually meant was something like + depends on EXPERT which means that it does *not* get enabled in normal user builds. Hmm? Linus ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL] usercopy fixes for v4.8-rc6-part2 2016-09-07 19:15 ` Linus Torvalds @ 2016-09-07 21:32 ` Kees Cook 2016-09-07 21:48 ` Kees Cook 0 siblings, 1 reply; 4+ messages in thread From: Kees Cook @ 2016-09-07 21:32 UTC (permalink / raw) To: Linus Torvalds; +Cc: Linux Kernel Mailing List, Vinson Lee On Wed, Sep 7, 2016 at 12:15 PM, Linus Torvalds <torvalds@linux-foundation.org> wrote: > On Wed, Sep 7, 2016 at 11:36 AM, Kees Cook <keescook@chromium.org> wrote: >> >> - move page-spanning check behind a CONFIG since it's triggering false positives > > Hmm. I pulled this, but looking at it I realized that > > + depends on !COMPILE_TEST > > doesn't make any real sense to me. > > All it does is make sure that "make allmodconfig" doesn't actually > test that the PAGESPAN code compiles. > > It's not like that is a big cost for allmodconfig builds, but it does > mean that it gets less coverage. > > And it really makes no sense to me. We *don't* want to run with that > option enabled normally. > > I think what you actually meant was something like > > + depends on EXPERT > > which means that it does *not* get enabled in normal user builds. > > Hmm? I guess that's true -- I was trying to think of a way to make sure it didn't get tested by 0-day syscall fuzzer on a randconfig, since I didn't want the noise. But now that I double-check this, yeah, it looks like randconfig doesn't set COMPILE_TEST. Hmpf. I will send another patch to flip this to EXPERT, and if 0-day finds issues, I can add them to the __GPF_COMP hit-list. :P -Kees -- Kees Cook Nexus Security ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [GIT PULL] usercopy fixes for v4.8-rc6-part2 2016-09-07 21:32 ` Kees Cook @ 2016-09-07 21:48 ` Kees Cook 0 siblings, 0 replies; 4+ messages in thread From: Kees Cook @ 2016-09-07 21:48 UTC (permalink / raw) To: Linus Torvalds; +Cc: Linux Kernel Mailing List, Vinson Lee On Wed, Sep 7, 2016 at 2:32 PM, Kees Cook <keescook@chromium.org> wrote: > On Wed, Sep 7, 2016 at 12:15 PM, Linus Torvalds > <torvalds@linux-foundation.org> wrote: >> On Wed, Sep 7, 2016 at 11:36 AM, Kees Cook <keescook@chromium.org> wrote: >>> >>> - move page-spanning check behind a CONFIG since it's triggering false positives >> >> Hmm. I pulled this, but looking at it I realized that >> >> + depends on !COMPILE_TEST >> >> doesn't make any real sense to me. >> >> All it does is make sure that "make allmodconfig" doesn't actually >> test that the PAGESPAN code compiles. >> >> It's not like that is a big cost for allmodconfig builds, but it does >> mean that it gets less coverage. >> >> And it really makes no sense to me. We *don't* want to run with that >> option enabled normally. >> >> I think what you actually meant was something like >> >> + depends on EXPERT >> >> which means that it does *not* get enabled in normal user builds. >> >> Hmm? > > I guess that's true -- I was trying to think of a way to make sure it > didn't get tested by 0-day syscall fuzzer on a randconfig, since I > didn't want the noise. But now that I double-check this, yeah, it > looks like randconfig doesn't set COMPILE_TEST. Hmpf. > > I will send another patch to flip this to EXPERT, and if 0-day finds > issues, I can add them to the __GPF_COMP hit-list. :P Oh! Nevermind, I see you did that already. Thank you! :) -Kees -- Kees Cook Nexus Security ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-09-07 21:48 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-09-07 18:36 [GIT PULL] usercopy fixes for v4.8-rc6-part2 Kees Cook 2016-09-07 19:15 ` Linus Torvalds 2016-09-07 21:32 ` Kees Cook 2016-09-07 21:48 ` Kees Cook
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).