On 20/06/2017 01:36, Kees Cook wrote: > > This updates the slab allocator to add annotations (useroffset and > usersize) to define allowed usercopy regions. Currently, hardened > usercopy performs dynamic bounds checking on whole slab cache objects. > This is good, but still leaves a lot of kernel slab memory available to > be copied to/from userspace in the face of bugs. To further restrict > what memory is available for copying, this creates a way to whitelist > specific areas of a given slab cache object for copying to/from userspace, > allowing much finer granularity of access control. Slab caches that are > never exposed to userspace can declare no whitelist for their objects, > thereby keeping them unavailable to userspace via dynamic copy operations. > (Note, an implicit form of whitelisting is the use of constant sizes > in usercopy operations and get_user()/put_user(); these bypass hardened > usercopy checks since these sizes cannot change at runtime.) This breaks KVM completely on x86, due to two ioctls (KVM_GET/SET_CPUID2) accessing the cpuid_entries field of struct kvm_vcpu_arch. There's also another broken ioctl, KVM_XEN_HVM_CONFIG, but it is obsolete and not a big deal at all. I can post some patches, but probably not until the beginning of November due to travelling. Please do not send this too close to the beginning of the merge window. Paolo -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
