From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Balbir Singh <bsingharora@gmail.com>,
Daniel Micay <danielmicay@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
x86@kernel.org, Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>, Jan Kara <jack@suse.cz>,
Vitaly Wool <vitalywool@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, sparclinux@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com
Subject: [PATCH v3 01/11] mm: Implement stack frame object validation
Date: Fri, 15 Jul 2016 14:44:15 -0700 [thread overview]
Message-ID: <1468619065-3222-2-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1468619065-3222-1-git-send-email-keescook@chromium.org>
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/Kconfig | 9 ++++++++
arch/x86/Kconfig | 1 +
arch/x86/include/asm/thread_info.h | 44 ++++++++++++++++++++++++++++++++++++++
include/linux/thread_info.h | 9 ++++++++
4 files changed, 63 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig
index d794384a0404..5e2776562035 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
endchoice
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+ bool
+ help
+ An architecture should select this if it can walk the kernel stack
+ frames to determine if an object is part of either the arguments
+ or local variables (i.e. that it excludes saved return addresses,
+ and similar) by implementing an inline arch_within_stack_frames(),
+ which is used by CONFIG_HARDENED_USERCOPY.
+
config HAVE_CONTEXT_TRACKING
bool
help
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0a7b885964ba..4407f596b72c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -91,6 +91,7 @@ config X86
select HAVE_ARCH_SOFT_DIRTY if X86_64
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ select HAVE_ARCH_WITHIN_STACK_FRAMES
select HAVE_EBPF_JIT if X86_64
select HAVE_CC_STACKPROTECTOR
select HAVE_CMPXCHG_DOUBLE
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 30c133ac05cd..ab386f1336f2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -180,6 +180,50 @@ static inline unsigned long current_stack_pointer(void)
return sp;
}
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ * 1 if within a frame
+ * -1 if placed across a frame boundary (or outside stack)
+ * 0 unable to determine (no frame pointers, etc)
+ */
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+#if defined(CONFIG_FRAME_POINTER)
+ const void *frame = NULL;
+ const void *oldframe;
+
+ oldframe = __builtin_frame_address(1);
+ if (oldframe)
+ frame = __builtin_frame_address(2);
+ /*
+ * low ----------------------------------------------> high
+ * [saved bp][saved ip][args][local vars][saved bp][saved ip]
+ * ^----------------^
+ * allow copies only within here
+ */
+ while (stack <= frame && frame < stackend) {
+ /*
+ * If obj + len extends past the last frame, this
+ * check won't pass and the next frame will be 0,
+ * causing us to bail out and correctly report
+ * the copy as invalid.
+ */
+ if (obj + len <= frame)
+ return obj >= oldframe + 2 * sizeof(void *) ? 1 : -1;
+ oldframe = frame;
+ frame = *(const void * const *)frame;
+ }
+ return -1;
+#else
+ return 0;
+#endif
+}
+
#else /* !__ASSEMBLY__ */
#ifdef CONFIG_X86_64
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index b4c2a485b28a..3d5c80b4391d 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
+#ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+ return 0;
+}
+#endif
+
#endif /* __KERNEL__ */
#endif /* _LINUX_THREAD_INFO_H */
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Balbir Singh <bsingharora@gmail.com>,
Daniel Micay <danielmicay@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
x86@kernel.org, Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy
Subject: [PATCH v3 01/11] mm: Implement stack frame object validation
Date: Fri, 15 Jul 2016 14:44:15 -0700 [thread overview]
Message-ID: <1468619065-3222-2-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1468619065-3222-1-git-send-email-keescook@chromium.org>
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/Kconfig | 9 ++++++++
arch/x86/Kconfig | 1 +
arch/x86/include/asm/thread_info.h | 44 ++++++++++++++++++++++++++++++++++++++
include/linux/thread_info.h | 9 ++++++++
4 files changed, 63 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig
index d794384a0404..5e2776562035 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
endchoice
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+ bool
+ help
+ An architecture should select this if it can walk the kernel stack
+ frames to determine if an object is part of either the arguments
+ or local variables (i.e. that it excludes saved return addresses,
+ and similar) by implementing an inline arch_within_stack_frames(),
+ which is used by CONFIG_HARDENED_USERCOPY.
+
config HAVE_CONTEXT_TRACKING
bool
help
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0a7b885964ba..4407f596b72c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -91,6 +91,7 @@ config X86
select HAVE_ARCH_SOFT_DIRTY if X86_64
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ select HAVE_ARCH_WITHIN_STACK_FRAMES
select HAVE_EBPF_JIT if X86_64
select HAVE_CC_STACKPROTECTOR
select HAVE_CMPXCHG_DOUBLE
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 30c133ac05cd..ab386f1336f2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -180,6 +180,50 @@ static inline unsigned long current_stack_pointer(void)
return sp;
}
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ * 1 if within a frame
+ * -1 if placed across a frame boundary (or outside stack)
+ * 0 unable to determine (no frame pointers, etc)
+ */
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+#if defined(CONFIG_FRAME_POINTER)
+ const void *frame = NULL;
+ const void *oldframe;
+
+ oldframe = __builtin_frame_address(1);
+ if (oldframe)
+ frame = __builtin_frame_address(2);
+ /*
+ * low ----------------------------------------------> high
+ * [saved bp][saved ip][args][local vars][saved bp][saved ip]
+ * ^----------------^
+ * allow copies only within here
+ */
+ while (stack <= frame && frame < stackend) {
+ /*
+ * If obj + len extends past the last frame, this
+ * check won't pass and the next frame will be 0,
+ * causing us to bail out and correctly report
+ * the copy as invalid.
+ */
+ if (obj + len <= frame)
+ return obj >= oldframe + 2 * sizeof(void *) ? 1 : -1;
+ oldframe = frame;
+ frame = *(const void * const *)frame;
+ }
+ return -1;
+#else
+ return 0;
+#endif
+}
+
#else /* !__ASSEMBLY__ */
#ifdef CONFIG_X86_64
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index b4c2a485b28a..3d5c80b4391d 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
+#ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+ return 0;
+}
+#endif
+
#endif /* __KERNEL__ */
#endif /* _LINUX_THREAD_INFO_H */
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Balbir Singh <bsingharora@gmail.com>,
Daniel Micay <danielmicay@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
x86@kernel.org, Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>, Jan Kara <jack@suse.cz>,
Vitaly Wool <vitalywool@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, sparclinux@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com
Subject: [PATCH v3 01/11] mm: Implement stack frame object validation
Date: Fri, 15 Jul 2016 21:44:15 +0000 [thread overview]
Message-ID: <1468619065-3222-2-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1468619065-3222-1-git-send-email-keescook@chromium.org>
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/Kconfig | 9 ++++++++
arch/x86/Kconfig | 1 +
arch/x86/include/asm/thread_info.h | 44 ++++++++++++++++++++++++++++++++++++++
include/linux/thread_info.h | 9 ++++++++
4 files changed, 63 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig
index d794384a0404..5e2776562035 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
endchoice
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+ bool
+ help
+ An architecture should select this if it can walk the kernel stack
+ frames to determine if an object is part of either the arguments
+ or local variables (i.e. that it excludes saved return addresses,
+ and similar) by implementing an inline arch_within_stack_frames(),
+ which is used by CONFIG_HARDENED_USERCOPY.
+
config HAVE_CONTEXT_TRACKING
bool
help
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0a7b885964ba..4407f596b72c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -91,6 +91,7 @@ config X86
select HAVE_ARCH_SOFT_DIRTY if X86_64
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ select HAVE_ARCH_WITHIN_STACK_FRAMES
select HAVE_EBPF_JIT if X86_64
select HAVE_CC_STACKPROTECTOR
select HAVE_CMPXCHG_DOUBLE
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 30c133ac05cd..ab386f1336f2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -180,6 +180,50 @@ static inline unsigned long current_stack_pointer(void)
return sp;
}
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ * 1 if within a frame
+ * -1 if placed across a frame boundary (or outside stack)
+ * 0 unable to determine (no frame pointers, etc)
+ */
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+#if defined(CONFIG_FRAME_POINTER)
+ const void *frame = NULL;
+ const void *oldframe;
+
+ oldframe = __builtin_frame_address(1);
+ if (oldframe)
+ frame = __builtin_frame_address(2);
+ /*
+ * low ----------------------------------------------> high
+ * [saved bp][saved ip][args][local vars][saved bp][saved ip]
+ * ^----------------^
+ * allow copies only within here
+ */
+ while (stack <= frame && frame < stackend) {
+ /*
+ * If obj + len extends past the last frame, this
+ * check won't pass and the next frame will be 0,
+ * causing us to bail out and correctly report
+ * the copy as invalid.
+ */
+ if (obj + len <= frame)
+ return obj >= oldframe + 2 * sizeof(void *) ? 1 : -1;
+ oldframe = frame;
+ frame = *(const void * const *)frame;
+ }
+ return -1;
+#else
+ return 0;
+#endif
+}
+
#else /* !__ASSEMBLY__ */
#ifdef CONFIG_X86_64
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index b4c2a485b28a..3d5c80b4391d 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
+#ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+ return 0;
+}
+#endif
+
#endif /* __KERNEL__ */
#endif /* _LINUX_THREAD_INFO_H */
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Balbir Singh <bsingharora@gmail.com>,
Daniel Micay <danielmicay@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
x86@kernel.org, Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>, Jan Kara <jack@suse.cz>,
Vitaly Wool <vitalywool@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, sparclinux@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com
Subject: [PATCH v3 01/11] mm: Implement stack frame object validation
Date: Fri, 15 Jul 2016 14:44:15 -0700 [thread overview]
Message-ID: <1468619065-3222-2-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1468619065-3222-1-git-send-email-keescook@chromium.org>
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/Kconfig | 9 ++++++++
arch/x86/Kconfig | 1 +
arch/x86/include/asm/thread_info.h | 44 ++++++++++++++++++++++++++++++++++++++
include/linux/thread_info.h | 9 ++++++++
4 files changed, 63 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig
index d794384a0404..5e2776562035 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
endchoice
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+ bool
+ help
+ An architecture should select this if it can walk the kernel stack
+ frames to determine if an object is part of either the arguments
+ or local variables (i.e. that it excludes saved return addresses,
+ and similar) by implementing an inline arch_within_stack_frames(),
+ which is used by CONFIG_HARDENED_USERCOPY.
+
config HAVE_CONTEXT_TRACKING
bool
help
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0a7b885964ba..4407f596b72c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -91,6 +91,7 @@ config X86
select HAVE_ARCH_SOFT_DIRTY if X86_64
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ select HAVE_ARCH_WITHIN_STACK_FRAMES
select HAVE_EBPF_JIT if X86_64
select HAVE_CC_STACKPROTECTOR
select HAVE_CMPXCHG_DOUBLE
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 30c133ac05cd..ab386f1336f2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -180,6 +180,50 @@ static inline unsigned long current_stack_pointer(void)
return sp;
}
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ * 1 if within a frame
+ * -1 if placed across a frame boundary (or outside stack)
+ * 0 unable to determine (no frame pointers, etc)
+ */
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+#if defined(CONFIG_FRAME_POINTER)
+ const void *frame = NULL;
+ const void *oldframe;
+
+ oldframe = __builtin_frame_address(1);
+ if (oldframe)
+ frame = __builtin_frame_address(2);
+ /*
+ * low ----------------------------------------------> high
+ * [saved bp][saved ip][args][local vars][saved bp][saved ip]
+ * ^----------------^
+ * allow copies only within here
+ */
+ while (stack <= frame && frame < stackend) {
+ /*
+ * If obj + len extends past the last frame, this
+ * check won't pass and the next frame will be 0,
+ * causing us to bail out and correctly report
+ * the copy as invalid.
+ */
+ if (obj + len <= frame)
+ return obj >= oldframe + 2 * sizeof(void *) ? 1 : -1;
+ oldframe = frame;
+ frame = *(const void * const *)frame;
+ }
+ return -1;
+#else
+ return 0;
+#endif
+}
+
#else /* !__ASSEMBLY__ */
#ifdef CONFIG_X86_64
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index b4c2a485b28a..3d5c80b4391d 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
+#ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+ return 0;
+}
+#endif
+
#endif /* __KERNEL__ */
#endif /* _LINUX_THREAD_INFO_H */
--
2.7.4
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: keescook@chromium.org (Kees Cook)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 01/11] mm: Implement stack frame object validation
Date: Fri, 15 Jul 2016 14:44:15 -0700 [thread overview]
Message-ID: <1468619065-3222-2-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1468619065-3222-1-git-send-email-keescook@chromium.org>
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/Kconfig | 9 ++++++++
arch/x86/Kconfig | 1 +
arch/x86/include/asm/thread_info.h | 44 ++++++++++++++++++++++++++++++++++++++
include/linux/thread_info.h | 9 ++++++++
4 files changed, 63 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig
index d794384a0404..5e2776562035 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
endchoice
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+ bool
+ help
+ An architecture should select this if it can walk the kernel stack
+ frames to determine if an object is part of either the arguments
+ or local variables (i.e. that it excludes saved return addresses,
+ and similar) by implementing an inline arch_within_stack_frames(),
+ which is used by CONFIG_HARDENED_USERCOPY.
+
config HAVE_CONTEXT_TRACKING
bool
help
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0a7b885964ba..4407f596b72c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -91,6 +91,7 @@ config X86
select HAVE_ARCH_SOFT_DIRTY if X86_64
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ select HAVE_ARCH_WITHIN_STACK_FRAMES
select HAVE_EBPF_JIT if X86_64
select HAVE_CC_STACKPROTECTOR
select HAVE_CMPXCHG_DOUBLE
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 30c133ac05cd..ab386f1336f2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -180,6 +180,50 @@ static inline unsigned long current_stack_pointer(void)
return sp;
}
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ * 1 if within a frame
+ * -1 if placed across a frame boundary (or outside stack)
+ * 0 unable to determine (no frame pointers, etc)
+ */
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+#if defined(CONFIG_FRAME_POINTER)
+ const void *frame = NULL;
+ const void *oldframe;
+
+ oldframe = __builtin_frame_address(1);
+ if (oldframe)
+ frame = __builtin_frame_address(2);
+ /*
+ * low ----------------------------------------------> high
+ * [saved bp][saved ip][args][local vars][saved bp][saved ip]
+ * ^----------------^
+ * allow copies only within here
+ */
+ while (stack <= frame && frame < stackend) {
+ /*
+ * If obj + len extends past the last frame, this
+ * check won't pass and the next frame will be 0,
+ * causing us to bail out and correctly report
+ * the copy as invalid.
+ */
+ if (obj + len <= frame)
+ return obj >= oldframe + 2 * sizeof(void *) ? 1 : -1;
+ oldframe = frame;
+ frame = *(const void * const *)frame;
+ }
+ return -1;
+#else
+ return 0;
+#endif
+}
+
#else /* !__ASSEMBLY__ */
#ifdef CONFIG_X86_64
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index b4c2a485b28a..3d5c80b4391d 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
+#ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+ return 0;
+}
+#endif
+
#endif /* __KERNEL__ */
#endif /* _LINUX_THREAD_INFO_H */
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Balbir Singh <bsingharora@gmail.com>,
Daniel Micay <danielmicay@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
x86@kernel.org, Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>, Jan Kara <jack@suse.cz>,
Vitaly Wool <vitalywool@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, sparclinux@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] [PATCH v3 01/11] mm: Implement stack frame object validation
Date: Fri, 15 Jul 2016 14:44:15 -0700 [thread overview]
Message-ID: <1468619065-3222-2-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1468619065-3222-1-git-send-email-keescook@chromium.org>
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/Kconfig | 9 ++++++++
arch/x86/Kconfig | 1 +
arch/x86/include/asm/thread_info.h | 44 ++++++++++++++++++++++++++++++++++++++
include/linux/thread_info.h | 9 ++++++++
4 files changed, 63 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig
index d794384a0404..5e2776562035 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
endchoice
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+ bool
+ help
+ An architecture should select this if it can walk the kernel stack
+ frames to determine if an object is part of either the arguments
+ or local variables (i.e. that it excludes saved return addresses,
+ and similar) by implementing an inline arch_within_stack_frames(),
+ which is used by CONFIG_HARDENED_USERCOPY.
+
config HAVE_CONTEXT_TRACKING
bool
help
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 0a7b885964ba..4407f596b72c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -91,6 +91,7 @@ config X86
select HAVE_ARCH_SOFT_DIRTY if X86_64
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
+ select HAVE_ARCH_WITHIN_STACK_FRAMES
select HAVE_EBPF_JIT if X86_64
select HAVE_CC_STACKPROTECTOR
select HAVE_CMPXCHG_DOUBLE
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 30c133ac05cd..ab386f1336f2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -180,6 +180,50 @@ static inline unsigned long current_stack_pointer(void)
return sp;
}
+/*
+ * Walks up the stack frames to make sure that the specified object is
+ * entirely contained by a single stack frame.
+ *
+ * Returns:
+ * 1 if within a frame
+ * -1 if placed across a frame boundary (or outside stack)
+ * 0 unable to determine (no frame pointers, etc)
+ */
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+#if defined(CONFIG_FRAME_POINTER)
+ const void *frame = NULL;
+ const void *oldframe;
+
+ oldframe = __builtin_frame_address(1);
+ if (oldframe)
+ frame = __builtin_frame_address(2);
+ /*
+ * low ----------------------------------------------> high
+ * [saved bp][saved ip][args][local vars][saved bp][saved ip]
+ * ^----------------^
+ * allow copies only within here
+ */
+ while (stack <= frame && frame < stackend) {
+ /*
+ * If obj + len extends past the last frame, this
+ * check won't pass and the next frame will be 0,
+ * causing us to bail out and correctly report
+ * the copy as invalid.
+ */
+ if (obj + len <= frame)
+ return obj >= oldframe + 2 * sizeof(void *) ? 1 : -1;
+ oldframe = frame;
+ frame = *(const void * const *)frame;
+ }
+ return -1;
+#else
+ return 0;
+#endif
+}
+
#else /* !__ASSEMBLY__ */
#ifdef CONFIG_X86_64
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index b4c2a485b28a..3d5c80b4391d 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
+#ifndef CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES
+static inline int arch_within_stack_frames(const void * const stack,
+ const void * const stackend,
+ const void *obj, unsigned long len)
+{
+ return 0;
+}
+#endif
+
#endif /* __KERNEL__ */
#endif /* _LINUX_THREAD_INFO_H */
--
2.7.4
next prev parent reply other threads:[~2016-07-15 21:44 UTC|newest]
Thread overview: 257+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-15 21:44 [PATCH v3 00/11] mm: Hardened usercopy Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook [this message]
2016-07-15 21:44 ` [kernel-hardening] [PATCH v3 01/11] mm: Implement stack frame object validation Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 02/11] mm: Hardened usercopy Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` [kernel-hardening] " Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 1:06 ` Laura Abbott
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` [kernel-hardening] " Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 18:48 ` Kees Cook
2016-07-19 22:00 ` [PATCH] mm: Add is_migrate_cma_page Laura Abbott
2016-07-19 22:00 ` [kernel-hardening] " Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:00 ` Laura Abbott
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` [kernel-hardening] " Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-19 22:40 ` Kees Cook
2016-07-20 10:24 ` [PATCH v3 02/11] mm: Hardened usercopy Balbir Singh
2016-07-20 10:24 ` [kernel-hardening] " Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 10:24 ` Balbir Singh
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` [kernel-hardening] " Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-20 15:36 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` [kernel-hardening] " Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 1:52 ` Laura Abbott
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` [kernel-hardening] " Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 19:12 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` [kernel-hardening] " Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 22:55 ` Kees Cook
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` [kernel-hardening] " Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 9:21 ` Christian Borntraeger
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` [kernel-hardening] " Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 19:31 ` Kees Cook
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` [kernel-hardening] " Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:14 ` Christian Borntraeger
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` [kernel-hardening] " Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:34 ` Kees Cook
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` [kernel-hardening] " Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-19 20:44 ` Christian Borntraeger
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` [kernel-hardening] " Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
2016-07-21 6:52 ` Michael Ellerman
[not found] ` <5790711f.2350420a.b4287.2cc0SMTPIN_ADDED_BROKEN@mx.google.com>
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` [kernel-hardening] " Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-21 18:34 ` Kees Cook
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` [kernel-hardening] " Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-22 17:45 ` Josh Poimboeuf
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` [kernel-hardening] " David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-25 9:27 ` David Laight
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` [kernel-hardening] " Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:09 ` Michael Ellerman
2016-07-26 2:03 ` Michael Ellerman
2016-07-26 2:03 ` [kernel-hardening] " Michael Ellerman
2016-07-26 2:03 ` Michael Ellerman
2016-07-26 2:03 ` Michael Ellerman
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` [kernel-hardening] " Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-26 4:46 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 03/11] x86/uaccess: Enable hardened usercopy Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 04/11] ARM: uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 05/11] arm64/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 06/11] ia64/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 07/11] powerpc/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 08/11] sparc/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 09/11] s390/uaccess: " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 10/11] mm: SLAB hardened usercopy support Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` [PATCH v3 11/11] mm: SLUB " Kees Cook
2016-07-15 21:44 ` [kernel-hardening] " Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-15 21:44 ` Kees Cook
2016-07-18 8:26 ` [PATCH v3 00/11] mm: Hardened usercopy Balbir Singh
2016-07-18 8:26 ` [kernel-hardening] " Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-18 8:26 ` Balbir Singh
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` [kernel-hardening] " David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 9:52 ` David Laight
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` [kernel-hardening] " Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 15:31 ` Kees Cook
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` [kernel-hardening] " David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:02 ` David Laight
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` [kernel-hardening] " Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 16:22 ` Rik van Riel
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` [kernel-hardening] " Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
2016-07-20 17:44 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1468619065-3222-2-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=bp@suse.de \
--cc=bsingharora@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=danielmicay@gmail.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=fenghua.yu@intel.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jack@suse.cz \
--cc=jpoimboe@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@fedoraproject.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=minipli@googlemail.com \
--cc=mpe@ellerman.id.au \
--cc=pageexec@freemail.hu \
--cc=penberg@kernel.org \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=sparclinux@vger.kernel.org \
--cc=spender@grsecurity.net \
--cc=tony.luck@intel.com \
--cc=vitalywool@gmail.com \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.