Re: [PATCH 1/9] mm: Hardened usercopy
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Baruch Siach <baruch@xxxxxxxxxx>
- Subject: Re: [PATCH 1/9] mm: Hardened usercopy
- From: Kees Cook <keescook@xxxxxxxxxxxx>
- Date: Thu, 7 Jul 2016 13:25:21 -0400
- Cc: LKML <linux-kernel@xxxxxxxxxxxxxxx>, Jan Kara <jack@xxxxxxx>, "kernel-hardening@xxxxxxxxxxxxxxxxxx" <kernel-hardening@xxxxxxxxxxxxxxxxxx>, Catalin Marinas <catalin.marinas@xxxxxxx>, Will Deacon <will.deacon@xxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, sparclinux <sparclinux@xxxxxxxxxxxxxxx>, linux-ia64@xxxxxxxxxxxxxxx, Christoph Lameter <cl@xxxxxxxxx>, Andrea Arcangeli <aarcange@xxxxxxxxxx>, linux-arch <linux-arch@xxxxxxxxxxxxxxx>, Michael Ellerman <mpe@xxxxxxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, Russell King <linux@xxxxxxxxxxxxxxx>, "linux-arm-kernel@xxxxxxxxxxxxxxxxxxx" <linux-arm-kernel@xxxxxxxxxxxxxxxxxxx>, Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>, PaX Team <pageexec@xxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Mathias Krause <minipli@xxxxxxxxxxxxxx>, Fenghua Yu <fenghua.yu@xxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Vitaly Wool <vitalywool@xxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>, Tony Luck <tony.luck@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>, Dmitry Vyukov <dvyukov@xxxxxxxxxx>, Laura Abbott <labbott@xxxxxxxxxxxxxxxxx>, Brad Spengler <spender@xxxxxxxxxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, Pekka Enberg <penberg@xxxxxxxxxx>, Casey Schaufler <casey@xxxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "linuxppc-dev@xxxxxxxxxxxxxxxx" <linuxppc-dev@xxxxxxxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>
- In-reply-to: <20160707053710.GH2118@tarshish>
- List-id: <linux-ia64.vger.kernel.org>
- References: <1467843928-29351-1-git-send-email-keescook@chromium.org> <1467843928-29351-2-git-send-email-keescook@chromium.org> <20160707053710.GH2118@tarshish>
On Thu, Jul 7, 2016 at 1:37 AM, Baruch Siach <baruch@xxxxxxxxxx> wrote:
> Hi Kees,
>
> On Wed, Jul 06, 2016 at 03:25:20PM -0700, Kees Cook wrote:
>> +#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR
>
> Should be CONFIG_HARDENED_USERCOPY to match the slab/slub implementation
> condition.
>
>> +const char *__check_heap_object(const void *ptr, unsigned long n,
>> + struct page *page);
>> +#else
>> +static inline const char *__check_heap_object(const void *ptr,
>> + unsigned long n,
>> + struct page *page)
>> +{
>> + return NULL;
>> +}
>> +#endif
Hmm, I think what I have is correct: if the allocator supports the
heap object checking, it defines __check_heap_object as existing via
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR. If usercopy checking is done
at all is controlled by CONFIG_HARDENED_USERCOPY.
I.e. you can have the other usercopy checks even if your allocator
doesn't support object size checking.
-Kees
--
Kees Cook
Chrome OS & Brillo Security
--
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Index of Archives]
[Linux Kernel]
[Sparc Linux]
[DCCP]
[Linux ARM]
[Yosemite News]
[Linux SCSI]
[Linux x86_64]
[Linux for Ham Radio]