Re: [kernel-hardening] [PATCH v2 27/30] x86: Implement thread_struct whitelist for hardened usercopy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Rik van Riel <riel@redhat.com>
To: Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org, Borislav Petkov <bp@suse.de>,
	Andy Lutomirski <luto@kernel.org>,
	Mathias Krause <minipli@googlemail.com>,
	linux-mm@kvack.org, kernel-hardening@lists.openwall.com,
	David Windsor <dave@nullcore.net>
Subject: Re: [kernel-hardening] [PATCH v2 27/30] x86: Implement thread_struct whitelist for hardened usercopy
Date: Wed, 30 Aug 2017 14:55:05 -0400	[thread overview]
Message-ID: <1504119305.26846.78.camel@redhat.com> (raw)
In-Reply-To: <1503956111-36652-28-git-send-email-keescook@chromium.org>

[-- Attachment #1: Type: text/plain, Size: 747 bytes --]

On Mon, 2017-08-28 at 14:35 -0700, Kees Cook wrote:
> This whitelists the FPU register state portion of the thread_struct
> for
> copying to userspace, instead of the default entire struct.
> 
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: x86@kernel.org
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Mathias Krause <minipli@googlemail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  arch/x86/Kconfig                 | 1 +
>  arch/x86/include/asm/processor.h | 8 ++++++++
>  2 files changed, 9 insertions(+)
> 
Acked-by: Rik van Riel <riel@redhat.com>

-- 
All rights reversed

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

next prev parent reply	other threads:[~2017-08-30 18:55 UTC|newest]

Thread overview: 163+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-28 21:34 [kernel-hardening] [PATCH v2 00/30] Hardened usercopy whitelisting Kees Cook
2017-08-28 21:34 ` Kees Cook
2017-08-28 21:34 ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 01/30] usercopy: Prepare for " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 02/30] usercopy: Enforce slab cache usercopy region boundaries Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 03/30] usercopy: Mark kmalloc caches as usercopy caches Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 04/30] dcache: Define usercopy region in dentry_cache slab cache Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 05/30] vfs: Define usercopy region in names_cache slab caches Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 06/30] vfs: Copy struct mount.mnt_id to userspace using put_user() Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 07/30] ext4: Define usercopy region in ext4_inode_cache slab cache Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 08/30] ext2: Define usercopy region in ext2_inode_cache " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-30 11:22   ` [kernel-hardening] " Jan Kara
2017-08-30 11:22     ` Jan Kara
2017-08-30 11:22     ` Jan Kara
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 09/30] jfs: Define usercopy region in jfs_ip " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 10/30] befs: Define usercopy region in befs_inode_cache " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-29 10:12   ` [kernel-hardening] " Luis de Bethencourt
2017-08-29 10:12     ` Luis de Bethencourt
2017-08-29 10:12     ` Luis de Bethencourt
2017-08-29 15:36     ` [kernel-hardening] " Kees Cook
2017-08-29 15:36       ` Kees Cook
2017-08-29 15:36       ` Kees Cook
2017-08-29 17:10       ` [kernel-hardening] " Luis de Bethencourt
2017-08-29 17:10         ` Luis de Bethencourt
2017-08-29 17:10         ` Luis de Bethencourt
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 11/30] exofs: Define usercopy region in exofs_inode_cache " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 12/30] orangefs: Define usercopy region in orangefs_inode_cache " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 13/30] ufs: Define usercopy region in ufs_inode_cache " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 14/30] vxfs: Define usercopy region in vxfs_inode " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 15/30] xfs: Define usercopy region in xfs_inode " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:49   ` [kernel-hardening] " Darrick J. Wong
2017-08-28 21:49     ` Darrick J. Wong
2017-08-28 21:49     ` Darrick J. Wong
2017-08-28 21:57     ` [kernel-hardening] " Kees Cook
2017-08-28 21:57       ` Kees Cook
2017-08-28 21:57       ` Kees Cook
2017-08-29  4:47       ` [kernel-hardening] " Darrick J. Wong
2017-08-29  4:47         ` Darrick J. Wong
2017-08-29  4:47         ` Darrick J. Wong
2017-08-29 18:48         ` [kernel-hardening] " Kees Cook
2017-08-29 18:48           ` Kees Cook
2017-08-29 18:48           ` Kees Cook
2017-08-29 19:00           ` [kernel-hardening] " Darrick J. Wong
2017-08-29 19:00             ` Darrick J. Wong
2017-08-29 19:00             ` Darrick J. Wong
2017-08-29 22:15           ` [kernel-hardening] " Dave Chinner
2017-08-29 22:15             ` Dave Chinner
2017-08-29 22:15             ` Dave Chinner
2017-08-29 22:25             ` [kernel-hardening] " Kees Cook
2017-08-29 22:25               ` Kees Cook
2017-08-29 22:25               ` Kees Cook
2017-08-29  8:14   ` [kernel-hardening] " Christoph Hellwig
2017-08-29  8:14     ` Christoph Hellwig
2017-08-29  8:14     ` Christoph Hellwig
2017-08-29 12:31     ` [kernel-hardening] " Dave Chinner
2017-08-29 12:31       ` Dave Chinner
2017-08-29 12:31       ` Dave Chinner
2017-08-29 12:45       ` [kernel-hardening] " Christoph Hellwig
2017-08-29 12:45         ` Christoph Hellwig
2017-08-29 12:45         ` Christoph Hellwig
2017-08-29 21:51         ` [kernel-hardening] " Dave Chinner
2017-08-29 21:51           ` Dave Chinner
2017-08-29 21:51           ` Dave Chinner
2017-08-30  7:14           ` [kernel-hardening] " Christoph Hellwig
2017-08-30  7:14             ` Christoph Hellwig
2017-08-30  7:14             ` Christoph Hellwig
2017-08-30  8:05             ` [kernel-hardening] " Dave Chinner
2017-08-30  8:05               ` Dave Chinner
2017-08-30  8:05               ` Dave Chinner
2017-08-30  8:33               ` [kernel-hardening] " Christoph Hellwig
2017-08-30  8:33                 ` Christoph Hellwig
2017-08-30  8:33                 ` Christoph Hellwig
2017-08-29 18:55     ` [kernel-hardening] " Kees Cook
2017-08-29 18:55       ` Kees Cook
2017-08-29 18:55       ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 16/30] cifs: Define usercopy region in cifs_request " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 17/30] scsi: Define usercopy region in scsi_sense_cache " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:42   ` [kernel-hardening] " Bart Van Assche
2017-08-28 21:42     ` Bart Van Assche
2017-08-28 21:52     ` [kernel-hardening] " Kees Cook
2017-08-28 21:52       ` Kees Cook
2017-08-28 21:52       ` Kees Cook
2017-08-28 21:34 ` [kernel-hardening] [PATCH v2 18/30] net: Define usercopy region in struct proto " Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:34   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 19/30] ip: Define usercopy region in IP " Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 20/30] caif: Define usercopy region in caif " Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 21/30] sctp: Define usercopy region in SCTP " Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 22/30] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 23/30] net: Restrict unwhitelisted proto caches to size 0 Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 24/30] fork: Define usercopy region in mm_struct slab caches Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-30 19:29   ` [kernel-hardening] " Rik van Riel
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 25/30] fork: Define usercopy region in thread_stack " Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-30 18:55   ` [kernel-hardening] " Rik van Riel
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 26/30] fork: Provide usercopy whitelisting for task_struct Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-30 18:55   ` [kernel-hardening] " Rik van Riel
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 27/30] x86: Implement thread_struct whitelist for hardened usercopy Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-30 18:55   ` Rik van Riel [this message]
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 28/30] arm64: " Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 29/30] arm: " Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35 ` [kernel-hardening] [PATCH v2 30/30] usercopy: Restrict non-usercopy caches to size 0 Kees Cook
2017-08-28 21:35   ` Kees Cook
2017-08-28 21:35   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1504119305.26846.78.camel@redhat.com \
    --to=riel@redhat.com \
    --cc=bp@suse.de \
    --cc=dave@nullcore.net \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=mingo@redhat.com \
    --cc=minipli@googlemail.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.