Re: CONFIG_HARDENED_USERCOPY

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dave Chinner <david@fromorbit.com>
To: Kees Cook <keescook@chromium.org>
Cc: Jason Yan <yanaijie@huawei.com>,
	kernel-hardening@lists.openwall.com,
	linux-fsdevel@vger.kernel.org
Subject: Re: CONFIG_HARDENED_USERCOPY
Date: Fri, 30 Aug 2019 14:29:58 +1000	[thread overview]
Message-ID: <20190830042958.GC7777@dread.disaster.area> (raw)
In-Reply-To: <201908290914.F0F929EA@keescook>

On Thu, Aug 29, 2019 at 09:15:36AM -0700, Kees Cook wrote:
> On Thu, Aug 29, 2019 at 08:42:30PM +0800, Jason Yan wrote:
> > We found an issue of kernel bug related to HARDENED_USERCOPY.
> > When copying an IO buffer to userspace, HARDENED_USERCOPY thought it is
> > illegal to copy this buffer. Actually this is because this IO buffer was
> > merged from two bio vectors, and the two bio vectors buffer was allocated
> > with kmalloc() in the filesystem layer.
> 
> Ew. I thought the FS layer was always using page_alloc?

No, they don't. It's perfectly legal to use heap memory for bio
buffers - we've been doing it since, at least, XFS got merged all
those years ago.

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com

next prev parent reply	other threads:[~2019-08-30  4:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-29 12:42 CONFIG_HARDENED_USERCOPY Jason Yan
2019-08-29 16:15 ` CONFIG_HARDENED_USERCOPY Kees Cook
2019-08-30  4:29   ` Dave Chinner [this message]
2019-08-30 19:47     ` CONFIG_HARDENED_USERCOPY Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190830042958.GC7777@dread.disaster.area \
    --to=david@fromorbit.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=yanaijie@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.