From: Kees Cook <keescook@chromium.org>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>,
David Windsor <dave@nullcore.net>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: [PATCH 03/23] vfs: define usercopy region in names_cache slab caches
Date: Mon, 19 Jun 2017 16:36:17 -0700 [thread overview]
Message-ID: <1497915397-93805-4-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1497915397-93805-1-git-send-email-keescook@chromium.org>
From: David Windsor <dave@nullcore.net>
vfs pathnames stored internally in inodes and contained in
the names_cache slab cache need to be copied to/from userspace.
In support of usercopy hardening, this patch defines the entire
cache object in the names_cache slab cache as whitelisted, since
it holds name strings to be copied to userspace.
This patch is verbatim from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <dave@nullcore.net>
[kees: adjust commit log]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
fs/dcache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index cddf39777835..f7f3c4114baa 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -3616,8 +3616,8 @@ void __init vfs_caches_init_early(void)
void __init vfs_caches_init(void)
{
- names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
- SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
+ names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL);
dcache_init();
inode_init();
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>,
David Windsor <dave@nullcore.net>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: [PATCH 03/23] vfs: define usercopy region in names_cache slab caches
Date: Mon, 19 Jun 2017 16:36:17 -0700 [thread overview]
Message-ID: <1497915397-93805-4-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1497915397-93805-1-git-send-email-keescook@chromium.org>
From: David Windsor <dave@nullcore.net>
vfs pathnames stored internally in inodes and contained in
the names_cache slab cache need to be copied to/from userspace.
In support of usercopy hardening, this patch defines the entire
cache object in the names_cache slab cache as whitelisted, since
it holds name strings to be copied to userspace.
This patch is verbatim from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <dave@nullcore.net>
[kees: adjust commit log]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
fs/dcache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index cddf39777835..f7f3c4114baa 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -3616,8 +3616,8 @@ void __init vfs_caches_init_early(void)
void __init vfs_caches_init(void)
{
- names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
- SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
+ names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL);
dcache_init();
inode_init();
--
2.7.4
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>,
David Windsor <dave@nullcore.net>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: [kernel-hardening] [PATCH 03/23] vfs: define usercopy region in names_cache slab caches
Date: Mon, 19 Jun 2017 16:36:17 -0700 [thread overview]
Message-ID: <1497915397-93805-4-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1497915397-93805-1-git-send-email-keescook@chromium.org>
From: David Windsor <dave@nullcore.net>
vfs pathnames stored internally in inodes and contained in
the names_cache slab cache need to be copied to/from userspace.
In support of usercopy hardening, this patch defines the entire
cache object in the names_cache slab cache as whitelisted, since
it holds name strings to be copied to userspace.
This patch is verbatim from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <dave@nullcore.net>
[kees: adjust commit log]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
fs/dcache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index cddf39777835..f7f3c4114baa 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -3616,8 +3616,8 @@ void __init vfs_caches_init_early(void)
void __init vfs_caches_init(void)
{
- names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
- SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
+ names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL);
dcache_init();
inode_init();
--
2.7.4
next prev parent reply other threads:[~2017-06-19 23:40 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-19 23:36 [PATCH 00/23] Hardened usercopy whitelisting Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 01/23] usercopy: Prepare for " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 02/23] usercopy: Enforce slab cache usercopy region boundaries Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` Kees Cook [this message]
2017-06-19 23:36 ` [kernel-hardening] [PATCH 03/23] vfs: define usercopy region in names_cache slab caches Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 04/23] vfs: copy struct mount.mnt_id to userspace using put_user() Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 05/23] befs: define usercopy region in befs_inode_cache slab cache Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 06/23] cifs: define usercopy region in cifs_request " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 07/23] exofs: define usercopy region in exofs_inode_cache " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 08/23] ext2: define usercopy region in ext2_inode_cache " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 09/23] ext4: define usercopy region in ext4_inode_cache " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 10/23] vxfs: define usercopy region in vxfs_inode " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 11/23] jfs: define usercopy region in jfs_ip " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 12/23] orangefs: define usercopy region in orangefs_inode_cache " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 13/23] ufs: define usercopy region in ufs_inode_cache " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 14/23] fork: define usercopy region in thread_stack, task_struct, mm_struct slab caches Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 15/23] net: define usercopy region in struct proto slab cache Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 16/23] net: copy struct sctp_sock.autoclose to userspace using put_user() Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 17/23] dcache: define usercopy region in dentry_cache slab cache Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-20 4:08 ` [kernel-hardening] " Eric Biggers
2017-06-20 4:08 ` Eric Biggers
2017-06-28 16:44 ` Kees Cook
2017-06-28 16:44 ` Kees Cook
2017-06-28 16:44 ` Kees Cook
2017-06-28 16:55 ` Eric Biggers
2017-06-28 16:55 ` Eric Biggers
2017-06-28 16:55 ` Eric Biggers
2017-06-19 23:36 ` [PATCH 18/23] scsi: define usercopy region in scsi_sense_cache " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 19/23] xfs: define usercopy region in xfs_inode " Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 20/23] usercopy: convert kmalloc caches to usercopy caches Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-19 23:36 ` [PATCH 21/23] usercopy: Restrict non-usercopy caches to size 0 Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-20 4:04 ` [kernel-hardening] " Eric Biggers
2017-06-20 4:04 ` Eric Biggers
2017-06-28 17:03 ` Kees Cook
2017-06-28 17:03 ` Kees Cook
2017-06-28 17:03 ` Kees Cook
2017-06-19 23:36 ` [PATCH 22/23] usercopy: split user-controlled slabs to separate caches Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-20 4:24 ` [kernel-hardening] " Eric Biggers
2017-06-20 4:24 ` Eric Biggers
2017-06-20 4:47 ` Eric Biggers
2017-06-20 4:47 ` Eric Biggers
2017-06-20 22:27 ` Kees Cook
2017-06-20 22:27 ` Kees Cook
2017-06-20 22:27 ` Kees Cook
2017-06-20 20:24 ` Laura Abbott
2017-06-20 20:24 ` [kernel-hardening] " Laura Abbott
2017-06-20 20:24 ` Laura Abbott
2017-06-20 22:22 ` Kees Cook
2017-06-20 22:22 ` [kernel-hardening] " Kees Cook
2017-06-20 22:22 ` Kees Cook
2017-06-27 7:31 ` Michal Hocko
2017-06-27 7:31 ` [kernel-hardening] " Michal Hocko
2017-06-27 7:31 ` Michal Hocko
2017-06-27 22:07 ` Kees Cook
2017-06-27 22:07 ` [kernel-hardening] " Kees Cook
2017-06-27 22:07 ` Kees Cook
2017-06-28 8:54 ` Michal Hocko
2017-06-28 8:54 ` [kernel-hardening] " Michal Hocko
2017-06-28 8:54 ` Michal Hocko
2017-06-19 23:36 ` [PATCH 23/23] mm: Allow slab_nomerge to be set at build time Kees Cook
2017-06-19 23:36 ` [kernel-hardening] " Kees Cook
2017-06-19 23:36 ` Kees Cook
2017-06-20 4:09 ` [kernel-hardening] " Daniel Micay
2017-06-20 4:09 ` Daniel Micay
2017-06-20 22:51 ` Kees Cook
2017-06-20 22:51 ` Kees Cook
2017-06-20 22:51 ` Kees Cook
2017-06-20 4:29 ` Eric Biggers
2017-06-20 4:29 ` Eric Biggers
2017-06-20 23:09 ` Kees Cook
2017-06-20 23:09 ` Kees Cook
2017-06-20 23:09 ` Kees Cook
2017-06-20 19:41 ` [kernel-hardening] [PATCH 00/23] Hardened usercopy whitelisting Rik van Riel
2017-10-20 22:40 ` Paolo Bonzini
2017-10-20 22:40 ` [kernel-hardening] " Paolo Bonzini
2017-10-20 22:40 ` Paolo Bonzini
2017-10-20 23:25 ` Paolo Bonzini
2017-10-20 23:25 ` [kernel-hardening] " Paolo Bonzini
2017-10-20 23:25 ` Paolo Bonzini
2017-10-21 3:04 ` Kees Cook
2017-10-21 3:04 ` [kernel-hardening] " Kees Cook
2017-10-21 3:04 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1497915397-93805-4-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=dave@nullcore.net \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.