From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Salvatore Mesoraca <s.mesoraca16@gmail.com>,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Casey Schaufler <casey@schaufler-ca.com>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-mm@kvack.org, x86@kernel.org, Jann Horn <jannh@google.com>,
Christoph Hellwig <hch@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: [RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook
Date: Thu, 15 Jun 2017 18:42:53 +0200 [thread overview]
Message-ID: <1497544976-7856-7-git-send-email-s.mesoraca16@gmail.com> (raw)
In-Reply-To: <1497544976-7856-1-git-send-email-s.mesoraca16@gmail.com>
Creation of a new hook to let LSM modules handle user-space pagefaults on
x86.
It can be used to avoid segfaulting the originating process.
If it's the case it can modify process registers before returning.
This is not a security feature by itself, it's a way to soften some
unwanted side-effects of restrictive security features.
In particular this is used by S.A.R.A. can be used to implement what
PaX call "trampoline emulation" that, in practice, allow for some specific
code sequences to be executed even if they are in non executable memory.
This may look like a bad thing at first, but you have to consider
that:
- This allows for strict memory restrictions (e.g. W^X) to stay on even
when they should be turned off. And, even if this emulation
makes those features less effective, it's still better than having
them turned off completely.
- The only code sequences emulated are trampolines used to make
function calls. In many cases, when you have the chance to
make arbitrary memory writes, you can already manipulate the
control flow of the program by overwriting function pointers or
return values. So, in many cases, the "trampoline emulation"
doesn't introduce new exploit vectors.
- It's a feature that can be turned on only if needed, on a per
executable file basis.
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
---
arch/x86/mm/fault.c | 6 ++++++
include/linux/lsm_hooks.h | 9 +++++++++
include/linux/security.h | 11 +++++++++++
security/security.c | 11 +++++++++++
4 files changed, 37 insertions(+)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 8ad91a0..b75b81a 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -15,6 +15,7 @@
#include <linux/prefetch.h> /* prefetchw */
#include <linux/context_tracking.h> /* exception_enter(), ... */
#include <linux/uaccess.h> /* faulthandler_disabled() */
+#include <linux/security.h> /* security_pagefault_handler */
#include <asm/cpufeature.h> /* boot_cpu_has, ... */
#include <asm/traps.h> /* dotraplinkage, ... */
@@ -1358,6 +1359,11 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
local_irq_enable();
}
+ if (unlikely(security_pagefault_handler_x86(regs,
+ error_code,
+ address)))
+ return;
+
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
if (error_code & PF_WRITE)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 33dab16..da487e5 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -488,6 +488,11 @@
* @vmflags contains requested the vmflags.
* Return 0 if the operation is allowed to continue otherwise return
* the appropriate error code.
+ * @pagefault_handler_x86:
+ * Handle pagefaults on x86.
+ * @regs contains process' registers.
+ * @error_code contains error code for the pagefault.
+ * @address contains the address that caused the pagefault.
* @file_lock:
* Check permission before performing file locking operations.
* Note: this hook mediates both flock and fcntl style locks.
@@ -1483,6 +1488,9 @@
int (*file_mprotect)(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int (*check_vmflags)(vm_flags_t vmflags);
+ int (*pagefault_handler_x86)(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int (*file_lock)(struct file *file, unsigned int cmd);
int (*file_fcntl)(struct file *file, unsigned int cmd,
unsigned long arg);
@@ -1754,6 +1762,7 @@ struct security_hook_heads {
struct list_head mmap_file;
struct list_head file_mprotect;
struct list_head check_vmflags;
+ struct list_head pagefault_handler_x86;
struct list_head file_lock;
struct list_head file_fcntl;
struct list_head file_set_fowner;
diff --git a/include/linux/security.h b/include/linux/security.h
index 8701872..3b91999 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -301,6 +301,9 @@ int security_mmap_file(struct file *file, unsigned long prot,
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int security_check_vmflags(vm_flags_t vmflags);
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int security_file_lock(struct file *file, unsigned int cmd);
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
void security_file_set_fowner(struct file *file);
@@ -829,6 +832,14 @@ static inline int security_check_vmflags(vm_flags_t vmflags)
return 0;
}
+static inline int __maybe_unused security_pagefault_handler_x86(
+ struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return 0;
+}
+
static inline int security_file_lock(struct file *file, unsigned int cmd)
{
return 0;
diff --git a/security/security.c b/security/security.c
index 7e45846..f7df697 100644
--- a/security/security.c
+++ b/security/security.c
@@ -905,6 +905,17 @@ int security_check_vmflags(vm_flags_t vmflags)
return call_int_hook(check_vmflags, 0, vmflags);
}
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return call_int_hook(pagefault_handler_x86,
+ 0,
+ regs,
+ error_code,
+ address);
+}
+
int security_file_lock(struct file *file, unsigned int cmd)
{
return call_int_hook(file_lock, 0, file, cmd);
--
1.9.1
WARNING: multiple messages have this Message-ID (diff)
From: s.mesoraca16@gmail.com (Salvatore Mesoraca)
To: linux-security-module@vger.kernel.org
Subject: [RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook
Date: Thu, 15 Jun 2017 18:42:53 +0200 [thread overview]
Message-ID: <1497544976-7856-7-git-send-email-s.mesoraca16@gmail.com> (raw)
In-Reply-To: <1497544976-7856-1-git-send-email-s.mesoraca16@gmail.com>
Creation of a new hook to let LSM modules handle user-space pagefaults on
x86.
It can be used to avoid segfaulting the originating process.
If it's the case it can modify process registers before returning.
This is not a security feature by itself, it's a way to soften some
unwanted side-effects of restrictive security features.
In particular this is used by S.A.R.A. can be used to implement what
PaX call "trampoline emulation" that, in practice, allow for some specific
code sequences to be executed even if they are in non executable memory.
This may look like a bad thing at first, but you have to consider
that:
- This allows for strict memory restrictions (e.g. W^X) to stay on even
when they should be turned off. And, even if this emulation
makes those features less effective, it's still better than having
them turned off completely.
- The only code sequences emulated are trampolines used to make
function calls. In many cases, when you have the chance to
make arbitrary memory writes, you can already manipulate the
control flow of the program by overwriting function pointers or
return values. So, in many cases, the "trampoline emulation"
doesn't introduce new exploit vectors.
- It's a feature that can be turned on only if needed, on a per
executable file basis.
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
---
arch/x86/mm/fault.c | 6 ++++++
include/linux/lsm_hooks.h | 9 +++++++++
include/linux/security.h | 11 +++++++++++
security/security.c | 11 +++++++++++
4 files changed, 37 insertions(+)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 8ad91a0..b75b81a 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -15,6 +15,7 @@
#include <linux/prefetch.h> /* prefetchw */
#include <linux/context_tracking.h> /* exception_enter(), ... */
#include <linux/uaccess.h> /* faulthandler_disabled() */
+#include <linux/security.h> /* security_pagefault_handler */
#include <asm/cpufeature.h> /* boot_cpu_has, ... */
#include <asm/traps.h> /* dotraplinkage, ... */
@@ -1358,6 +1359,11 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
local_irq_enable();
}
+ if (unlikely(security_pagefault_handler_x86(regs,
+ error_code,
+ address)))
+ return;
+
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
if (error_code & PF_WRITE)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 33dab16..da487e5 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -488,6 +488,11 @@
* @vmflags contains requested the vmflags.
* Return 0 if the operation is allowed to continue otherwise return
* the appropriate error code.
+ * @pagefault_handler_x86:
+ * Handle pagefaults on x86.
+ * @regs contains process' registers.
+ * @error_code contains error code for the pagefault.
+ * @address contains the address that caused the pagefault.
* @file_lock:
* Check permission before performing file locking operations.
* Note: this hook mediates both flock and fcntl style locks.
@@ -1483,6 +1488,9 @@
int (*file_mprotect)(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int (*check_vmflags)(vm_flags_t vmflags);
+ int (*pagefault_handler_x86)(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int (*file_lock)(struct file *file, unsigned int cmd);
int (*file_fcntl)(struct file *file, unsigned int cmd,
unsigned long arg);
@@ -1754,6 +1762,7 @@ struct security_hook_heads {
struct list_head mmap_file;
struct list_head file_mprotect;
struct list_head check_vmflags;
+ struct list_head pagefault_handler_x86;
struct list_head file_lock;
struct list_head file_fcntl;
struct list_head file_set_fowner;
diff --git a/include/linux/security.h b/include/linux/security.h
index 8701872..3b91999 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -301,6 +301,9 @@ int security_mmap_file(struct file *file, unsigned long prot,
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int security_check_vmflags(vm_flags_t vmflags);
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int security_file_lock(struct file *file, unsigned int cmd);
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
void security_file_set_fowner(struct file *file);
@@ -829,6 +832,14 @@ static inline int security_check_vmflags(vm_flags_t vmflags)
return 0;
}
+static inline int __maybe_unused security_pagefault_handler_x86(
+ struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return 0;
+}
+
static inline int security_file_lock(struct file *file, unsigned int cmd)
{
return 0;
diff --git a/security/security.c b/security/security.c
index 7e45846..f7df697 100644
--- a/security/security.c
+++ b/security/security.c
@@ -905,6 +905,17 @@ int security_check_vmflags(vm_flags_t vmflags)
return call_int_hook(check_vmflags, 0, vmflags);
}
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return call_int_hook(pagefault_handler_x86,
+ 0,
+ regs,
+ error_code,
+ address);
+}
+
int security_file_lock(struct file *file, unsigned int cmd)
{
return call_int_hook(file_lock, 0, file, cmd);
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Salvatore Mesoraca <s.mesoraca16@gmail.com>,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Casey Schaufler <casey@schaufler-ca.com>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-mm@kvack.org, x86@kernel.org, Jann Horn <jannh@google.com>,
Christoph Hellwig <hch@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: [RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook
Date: Thu, 15 Jun 2017 18:42:53 +0200 [thread overview]
Message-ID: <1497544976-7856-7-git-send-email-s.mesoraca16@gmail.com> (raw)
In-Reply-To: <1497544976-7856-1-git-send-email-s.mesoraca16@gmail.com>
Creation of a new hook to let LSM modules handle user-space pagefaults on
x86.
It can be used to avoid segfaulting the originating process.
If it's the case it can modify process registers before returning.
This is not a security feature by itself, it's a way to soften some
unwanted side-effects of restrictive security features.
In particular this is used by S.A.R.A. can be used to implement what
PaX call "trampoline emulation" that, in practice, allow for some specific
code sequences to be executed even if they are in non executable memory.
This may look like a bad thing at first, but you have to consider
that:
- This allows for strict memory restrictions (e.g. W^X) to stay on even
when they should be turned off. And, even if this emulation
makes those features less effective, it's still better than having
them turned off completely.
- The only code sequences emulated are trampolines used to make
function calls. In many cases, when you have the chance to
make arbitrary memory writes, you can already manipulate the
control flow of the program by overwriting function pointers or
return values. So, in many cases, the "trampoline emulation"
doesn't introduce new exploit vectors.
- It's a feature that can be turned on only if needed, on a per
executable file basis.
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
---
arch/x86/mm/fault.c | 6 ++++++
include/linux/lsm_hooks.h | 9 +++++++++
include/linux/security.h | 11 +++++++++++
security/security.c | 11 +++++++++++
4 files changed, 37 insertions(+)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 8ad91a0..b75b81a 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -15,6 +15,7 @@
#include <linux/prefetch.h> /* prefetchw */
#include <linux/context_tracking.h> /* exception_enter(), ... */
#include <linux/uaccess.h> /* faulthandler_disabled() */
+#include <linux/security.h> /* security_pagefault_handler */
#include <asm/cpufeature.h> /* boot_cpu_has, ... */
#include <asm/traps.h> /* dotraplinkage, ... */
@@ -1358,6 +1359,11 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
local_irq_enable();
}
+ if (unlikely(security_pagefault_handler_x86(regs,
+ error_code,
+ address)))
+ return;
+
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
if (error_code & PF_WRITE)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 33dab16..da487e5 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -488,6 +488,11 @@
* @vmflags contains requested the vmflags.
* Return 0 if the operation is allowed to continue otherwise return
* the appropriate error code.
+ * @pagefault_handler_x86:
+ * Handle pagefaults on x86.
+ * @regs contains process' registers.
+ * @error_code contains error code for the pagefault.
+ * @address contains the address that caused the pagefault.
* @file_lock:
* Check permission before performing file locking operations.
* Note: this hook mediates both flock and fcntl style locks.
@@ -1483,6 +1488,9 @@
int (*file_mprotect)(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int (*check_vmflags)(vm_flags_t vmflags);
+ int (*pagefault_handler_x86)(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int (*file_lock)(struct file *file, unsigned int cmd);
int (*file_fcntl)(struct file *file, unsigned int cmd,
unsigned long arg);
@@ -1754,6 +1762,7 @@ struct security_hook_heads {
struct list_head mmap_file;
struct list_head file_mprotect;
struct list_head check_vmflags;
+ struct list_head pagefault_handler_x86;
struct list_head file_lock;
struct list_head file_fcntl;
struct list_head file_set_fowner;
diff --git a/include/linux/security.h b/include/linux/security.h
index 8701872..3b91999 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -301,6 +301,9 @@ int security_mmap_file(struct file *file, unsigned long prot,
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int security_check_vmflags(vm_flags_t vmflags);
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int security_file_lock(struct file *file, unsigned int cmd);
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
void security_file_set_fowner(struct file *file);
@@ -829,6 +832,14 @@ static inline int security_check_vmflags(vm_flags_t vmflags)
return 0;
}
+static inline int __maybe_unused security_pagefault_handler_x86(
+ struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return 0;
+}
+
static inline int security_file_lock(struct file *file, unsigned int cmd)
{
return 0;
diff --git a/security/security.c b/security/security.c
index 7e45846..f7df697 100644
--- a/security/security.c
+++ b/security/security.c
@@ -905,6 +905,17 @@ int security_check_vmflags(vm_flags_t vmflags)
return call_int_hook(check_vmflags, 0, vmflags);
}
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return call_int_hook(pagefault_handler_x86,
+ 0,
+ regs,
+ error_code,
+ address);
+}
+
int security_file_lock(struct file *file, unsigned int cmd)
{
return call_int_hook(file_lock, 0, file, cmd);
--
1.9.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Salvatore Mesoraca <s.mesoraca16@gmail.com>,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Casey Schaufler <casey@schaufler-ca.com>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-mm@kvack.org, x86@kernel.org, Jann Horn <jannh@google.com>,
Christoph Hellwig <hch@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: [kernel-hardening] [RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook
Date: Thu, 15 Jun 2017 18:42:53 +0200 [thread overview]
Message-ID: <1497544976-7856-7-git-send-email-s.mesoraca16@gmail.com> (raw)
In-Reply-To: <1497544976-7856-1-git-send-email-s.mesoraca16@gmail.com>
Creation of a new hook to let LSM modules handle user-space pagefaults on
x86.
It can be used to avoid segfaulting the originating process.
If it's the case it can modify process registers before returning.
This is not a security feature by itself, it's a way to soften some
unwanted side-effects of restrictive security features.
In particular this is used by S.A.R.A. can be used to implement what
PaX call "trampoline emulation" that, in practice, allow for some specific
code sequences to be executed even if they are in non executable memory.
This may look like a bad thing at first, but you have to consider
that:
- This allows for strict memory restrictions (e.g. W^X) to stay on even
when they should be turned off. And, even if this emulation
makes those features less effective, it's still better than having
them turned off completely.
- The only code sequences emulated are trampolines used to make
function calls. In many cases, when you have the chance to
make arbitrary memory writes, you can already manipulate the
control flow of the program by overwriting function pointers or
return values. So, in many cases, the "trampoline emulation"
doesn't introduce new exploit vectors.
- It's a feature that can be turned on only if needed, on a per
executable file basis.
Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
---
arch/x86/mm/fault.c | 6 ++++++
include/linux/lsm_hooks.h | 9 +++++++++
include/linux/security.h | 11 +++++++++++
security/security.c | 11 +++++++++++
4 files changed, 37 insertions(+)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 8ad91a0..b75b81a 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -15,6 +15,7 @@
#include <linux/prefetch.h> /* prefetchw */
#include <linux/context_tracking.h> /* exception_enter(), ... */
#include <linux/uaccess.h> /* faulthandler_disabled() */
+#include <linux/security.h> /* security_pagefault_handler */
#include <asm/cpufeature.h> /* boot_cpu_has, ... */
#include <asm/traps.h> /* dotraplinkage, ... */
@@ -1358,6 +1359,11 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
local_irq_enable();
}
+ if (unlikely(security_pagefault_handler_x86(regs,
+ error_code,
+ address)))
+ return;
+
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
if (error_code & PF_WRITE)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 33dab16..da487e5 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -488,6 +488,11 @@
* @vmflags contains requested the vmflags.
* Return 0 if the operation is allowed to continue otherwise return
* the appropriate error code.
+ * @pagefault_handler_x86:
+ * Handle pagefaults on x86.
+ * @regs contains process' registers.
+ * @error_code contains error code for the pagefault.
+ * @address contains the address that caused the pagefault.
* @file_lock:
* Check permission before performing file locking operations.
* Note: this hook mediates both flock and fcntl style locks.
@@ -1483,6 +1488,9 @@
int (*file_mprotect)(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int (*check_vmflags)(vm_flags_t vmflags);
+ int (*pagefault_handler_x86)(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int (*file_lock)(struct file *file, unsigned int cmd);
int (*file_fcntl)(struct file *file, unsigned int cmd,
unsigned long arg);
@@ -1754,6 +1762,7 @@ struct security_hook_heads {
struct list_head mmap_file;
struct list_head file_mprotect;
struct list_head check_vmflags;
+ struct list_head pagefault_handler_x86;
struct list_head file_lock;
struct list_head file_fcntl;
struct list_head file_set_fowner;
diff --git a/include/linux/security.h b/include/linux/security.h
index 8701872..3b91999 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -301,6 +301,9 @@ int security_mmap_file(struct file *file, unsigned long prot,
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
int security_check_vmflags(vm_flags_t vmflags);
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address);
int security_file_lock(struct file *file, unsigned int cmd);
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
void security_file_set_fowner(struct file *file);
@@ -829,6 +832,14 @@ static inline int security_check_vmflags(vm_flags_t vmflags)
return 0;
}
+static inline int __maybe_unused security_pagefault_handler_x86(
+ struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return 0;
+}
+
static inline int security_file_lock(struct file *file, unsigned int cmd)
{
return 0;
diff --git a/security/security.c b/security/security.c
index 7e45846..f7df697 100644
--- a/security/security.c
+++ b/security/security.c
@@ -905,6 +905,17 @@ int security_check_vmflags(vm_flags_t vmflags)
return call_int_hook(check_vmflags, 0, vmflags);
}
+int __maybe_unused security_pagefault_handler_x86(struct pt_regs *regs,
+ unsigned long error_code,
+ unsigned long address)
+{
+ return call_int_hook(pagefault_handler_x86,
+ 0,
+ regs,
+ error_code,
+ address);
+}
+
int security_file_lock(struct file *file, unsigned int cmd)
{
return call_int_hook(file_lock, 0, file, cmd);
--
1.9.1
next prev parent reply other threads:[~2017-06-15 16:45 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-15 16:42 [RFC v2 0/9] S.A.R.A. a new stacked LSM Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 1/9] S.A.R.A. Documentation Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 2/9] S.A.R.A. framework creation Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 3/9] Creation of "check_vmflags" LSM hook Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-27 23:05 ` Kees Cook
2017-06-27 23:05 ` [kernel-hardening] " Kees Cook
2017-06-27 23:05 ` Kees Cook
2017-06-27 23:05 ` Kees Cook
2017-06-29 19:28 ` Salvatore Mesoraca
2017-06-29 19:28 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-29 19:28 ` Salvatore Mesoraca
2017-06-29 19:28 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 4/9] S.A.R.A. cred blob management Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 5/9] S.A.R.A. WX Protection Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-27 23:04 ` Kees Cook
2017-06-27 23:04 ` [kernel-hardening] " Kees Cook
2017-06-27 23:04 ` Kees Cook
2017-06-27 23:04 ` Kees Cook
2017-06-29 19:39 ` Salvatore Mesoraca
2017-06-29 19:39 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-29 19:39 ` Salvatore Mesoraca
2017-06-29 19:39 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca [this message]
2017-06-15 16:42 ` [kernel-hardening] [RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-27 23:07 ` Kees Cook
2017-06-27 23:07 ` [kernel-hardening] " Kees Cook
2017-06-27 23:07 ` Kees Cook
2017-06-27 23:07 ` Kees Cook
2017-06-29 19:30 ` Salvatore Mesoraca
2017-06-29 19:30 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-29 19:30 ` Salvatore Mesoraca
2017-06-29 19:30 ` Salvatore Mesoraca
2017-06-29 20:20 ` Kees Cook
2017-06-29 20:20 ` [kernel-hardening] " Kees Cook
2017-06-29 20:20 ` Kees Cook
2017-06-29 20:20 ` Kees Cook
2017-06-15 16:42 ` [RFC v2 7/9] Trampoline emulation Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:47 ` [kernel-hardening] " aconcernedfossdev
2017-06-15 16:47 ` aconcernedfossdev
2017-06-15 16:47 ` aconcernedfossdev at airmail.cc
2017-06-15 17:19 ` Salvatore Mesoraca
2017-06-15 17:19 ` Salvatore Mesoraca
2017-06-15 17:19 ` Salvatore Mesoraca
2017-06-27 23:13 ` Kees Cook
2017-06-27 23:13 ` [kernel-hardening] " Kees Cook
2017-06-27 23:13 ` Kees Cook
2017-06-27 23:13 ` Kees Cook
2017-06-29 19:35 ` Salvatore Mesoraca
2017-06-29 19:35 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-29 19:35 ` Salvatore Mesoraca
2017-06-29 19:35 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 8/9] Allowing for stacking procattr support in S.A.R.A Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 9/9] S.A.R.A. WX Protection procattr interface Salvatore Mesoraca
2017-06-15 16:42 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
2017-06-15 16:42 ` Salvatore Mesoraca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1497544976-7856-7-git-send-email-s.mesoraca16@gmail.com \
--to=s.mesoraca16@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=hch@infradead.org \
--cc=james.l.morris@oracle.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=serge@hallyn.com \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.