From: Kees Cook <keescook@chromium.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Michael Ellerman <mpe@ellerman.id.au>,
x86@kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH 06/11] lkdtm: disable set_fs-based tests for !CONFIG_SET_FS
Date: Tue, 18 Aug 2020 12:32:36 -0700 [thread overview]
Message-ID: <202008181228.D2DBEC6C6@keescook> (raw)
In-Reply-To: <20200817073212.830069-7-hch@lst.de>
On Mon, Aug 17, 2020 at 09:32:07AM +0200, Christoph Hellwig wrote:
> Once we can't manipulate the address limit, we also can't test what
> happens when the manipulation is abused.
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/misc/lkdtm/bugs.c | 2 ++
> drivers/misc/lkdtm/core.c | 4 ++++
> drivers/misc/lkdtm/usercopy.c | 2 ++
> 3 files changed, 8 insertions(+)
>
> diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c
> index 4dfbfd51bdf774..66f1800b1cb82d 100644
> --- a/drivers/misc/lkdtm/bugs.c
> +++ b/drivers/misc/lkdtm/bugs.c
> @@ -312,6 +312,7 @@ void lkdtm_CORRUPT_LIST_DEL(void)
> pr_err("list_del() corruption not detected!\n");
> }
>
> +#ifdef CONFIG_SET_FS
> /* Test if unbalanced set_fs(KERNEL_DS)/set_fs(USER_DS) check exists. */
> void lkdtm_CORRUPT_USER_DS(void)
> {
> @@ -321,6 +322,7 @@ void lkdtm_CORRUPT_USER_DS(void)
> /* Make sure we do not keep running with a KERNEL_DS! */
> force_sig(SIGKILL);
> }
> +#endif
Please let the test defined, but it should XFAIL with a message about
the CONFIG (see similar ifdefs in lkdtm).
> /* Test that VMAP_STACK is actually allocating with a leading guard page */
> void lkdtm_STACK_GUARD_PAGE_LEADING(void)
> diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c
> index a5e344df916632..aae08b33a7ee2a 100644
> --- a/drivers/misc/lkdtm/core.c
> +++ b/drivers/misc/lkdtm/core.c
> @@ -112,7 +112,9 @@ static const struct crashtype crashtypes[] = {
> CRASHTYPE(CORRUPT_STACK_STRONG),
> CRASHTYPE(CORRUPT_LIST_ADD),
> CRASHTYPE(CORRUPT_LIST_DEL),
> +#ifdef CONFIG_SET_FS
> CRASHTYPE(CORRUPT_USER_DS),
> +#endif
> CRASHTYPE(STACK_GUARD_PAGE_LEADING),
> CRASHTYPE(STACK_GUARD_PAGE_TRAILING),
> CRASHTYPE(UNSET_SMEP),
> @@ -172,7 +174,9 @@ static const struct crashtype crashtypes[] = {
> CRASHTYPE(USERCOPY_STACK_FRAME_FROM),
> CRASHTYPE(USERCOPY_STACK_BEYOND),
> CRASHTYPE(USERCOPY_KERNEL),
> +#ifdef CONFIG_SET_FS
> CRASHTYPE(USERCOPY_KERNEL_DS),
> +#endif
> CRASHTYPE(STACKLEAK_ERASING),
> CRASHTYPE(CFI_FORWARD_PROTO),
Then none of these are needed.
> #ifdef CONFIG_X86_32
Hmpf, this ifdef was missed in ae56942c1474 ("lkdtm: Make arch-specific
tests always available"). I will fix that.
> diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c
> index b833367a45d053..4b632fe79ab6bb 100644
> --- a/drivers/misc/lkdtm/usercopy.c
> +++ b/drivers/misc/lkdtm/usercopy.c
> @@ -325,6 +325,7 @@ void lkdtm_USERCOPY_KERNEL(void)
> vm_munmap(user_addr, PAGE_SIZE);
> }
>
> +#ifdef CONFIG_SET_FS
> void lkdtm_USERCOPY_KERNEL_DS(void)
> {
> char __user *user_ptr =
> @@ -339,6 +340,7 @@ void lkdtm_USERCOPY_KERNEL_DS(void)
> pr_err("copy_to_user() to noncanonical address succeeded!?\n");
> set_fs(old_fs);
> }
> +#endif
(Same here, please.)
>
> void __init lkdtm_usercopy_init(void)
> {
> --
> 2.28.0
>
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Christoph Hellwig <hch@lst.de>
Cc: linux-arch@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH 06/11] lkdtm: disable set_fs-based tests for !CONFIG_SET_FS
Date: Tue, 18 Aug 2020 12:32:36 -0700 [thread overview]
Message-ID: <202008181228.D2DBEC6C6@keescook> (raw)
In-Reply-To: <20200817073212.830069-7-hch@lst.de>
On Mon, Aug 17, 2020 at 09:32:07AM +0200, Christoph Hellwig wrote:
> Once we can't manipulate the address limit, we also can't test what
> happens when the manipulation is abused.
>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/misc/lkdtm/bugs.c | 2 ++
> drivers/misc/lkdtm/core.c | 4 ++++
> drivers/misc/lkdtm/usercopy.c | 2 ++
> 3 files changed, 8 insertions(+)
>
> diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c
> index 4dfbfd51bdf774..66f1800b1cb82d 100644
> --- a/drivers/misc/lkdtm/bugs.c
> +++ b/drivers/misc/lkdtm/bugs.c
> @@ -312,6 +312,7 @@ void lkdtm_CORRUPT_LIST_DEL(void)
> pr_err("list_del() corruption not detected!\n");
> }
>
> +#ifdef CONFIG_SET_FS
> /* Test if unbalanced set_fs(KERNEL_DS)/set_fs(USER_DS) check exists. */
> void lkdtm_CORRUPT_USER_DS(void)
> {
> @@ -321,6 +322,7 @@ void lkdtm_CORRUPT_USER_DS(void)
> /* Make sure we do not keep running with a KERNEL_DS! */
> force_sig(SIGKILL);
> }
> +#endif
Please let the test defined, but it should XFAIL with a message about
the CONFIG (see similar ifdefs in lkdtm).
> /* Test that VMAP_STACK is actually allocating with a leading guard page */
> void lkdtm_STACK_GUARD_PAGE_LEADING(void)
> diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c
> index a5e344df916632..aae08b33a7ee2a 100644
> --- a/drivers/misc/lkdtm/core.c
> +++ b/drivers/misc/lkdtm/core.c
> @@ -112,7 +112,9 @@ static const struct crashtype crashtypes[] = {
> CRASHTYPE(CORRUPT_STACK_STRONG),
> CRASHTYPE(CORRUPT_LIST_ADD),
> CRASHTYPE(CORRUPT_LIST_DEL),
> +#ifdef CONFIG_SET_FS
> CRASHTYPE(CORRUPT_USER_DS),
> +#endif
> CRASHTYPE(STACK_GUARD_PAGE_LEADING),
> CRASHTYPE(STACK_GUARD_PAGE_TRAILING),
> CRASHTYPE(UNSET_SMEP),
> @@ -172,7 +174,9 @@ static const struct crashtype crashtypes[] = {
> CRASHTYPE(USERCOPY_STACK_FRAME_FROM),
> CRASHTYPE(USERCOPY_STACK_BEYOND),
> CRASHTYPE(USERCOPY_KERNEL),
> +#ifdef CONFIG_SET_FS
> CRASHTYPE(USERCOPY_KERNEL_DS),
> +#endif
> CRASHTYPE(STACKLEAK_ERASING),
> CRASHTYPE(CFI_FORWARD_PROTO),
Then none of these are needed.
> #ifdef CONFIG_X86_32
Hmpf, this ifdef was missed in ae56942c1474 ("lkdtm: Make arch-specific
tests always available"). I will fix that.
> diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c
> index b833367a45d053..4b632fe79ab6bb 100644
> --- a/drivers/misc/lkdtm/usercopy.c
> +++ b/drivers/misc/lkdtm/usercopy.c
> @@ -325,6 +325,7 @@ void lkdtm_USERCOPY_KERNEL(void)
> vm_munmap(user_addr, PAGE_SIZE);
> }
>
> +#ifdef CONFIG_SET_FS
> void lkdtm_USERCOPY_KERNEL_DS(void)
> {
> char __user *user_ptr =
> @@ -339,6 +340,7 @@ void lkdtm_USERCOPY_KERNEL_DS(void)
> pr_err("copy_to_user() to noncanonical address succeeded!?\n");
> set_fs(old_fs);
> }
> +#endif
(Same here, please.)
>
> void __init lkdtm_usercopy_init(void)
> {
> --
> 2.28.0
>
--
Kees Cook
next prev parent reply other threads:[~2020-08-18 19:32 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 7:32 remove the last set_fs() in common code, and remove it for x86 and powerpc Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-17 7:32 ` [PATCH 01/11] mem: remove duplicate ops for /dev/zero and /dev/null Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-18 19:33 ` Kees Cook
2020-08-18 19:33 ` Kees Cook
2020-08-17 7:32 ` [PATCH 02/11] fs: don't allow kernel reads and writes without iter ops Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-18 19:34 ` Kees Cook
2020-08-18 19:34 ` Kees Cook
2020-08-17 7:32 ` [PATCH 03/11] fs: don't allow splice read/write without explicit ops Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-18 19:39 ` Kees Cook
2020-08-18 19:39 ` Kees Cook
2020-08-18 19:54 ` Christoph Hellwig
2020-08-18 19:54 ` Christoph Hellwig
2020-08-18 19:58 ` Kees Cook
2020-08-18 19:58 ` Kees Cook
2020-08-18 20:07 ` Christoph Hellwig
2020-08-18 20:07 ` Christoph Hellwig
2020-08-17 7:32 ` [PATCH 04/11] uaccess: add infrastructure for kernel builds with set_fs() Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-18 19:40 ` Kees Cook
2020-08-18 19:40 ` Kees Cook
2020-08-17 7:32 ` [PATCH 05/11] test_bitmap: skip user bitmap tests for !CONFIG_SET_FS Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-17 7:50 ` Christophe Leroy
2020-08-17 7:52 ` Christoph Hellwig
2020-08-17 7:52 ` Christoph Hellwig
2020-08-18 19:43 ` Kees Cook
2020-08-18 19:43 ` Kees Cook
2020-08-17 7:32 ` [PATCH 06/11] lkdtm: disable set_fs-based " Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-18 19:32 ` Kees Cook [this message]
2020-08-18 19:32 ` Kees Cook
2020-08-17 7:32 ` [PATCH 07/11] x86: move PAGE_OFFSET, TASK_SIZE & friends to page_{32,64}_types.h Christoph Hellwig
2020-08-17 7:32 ` [PATCH 07/11] x86: move PAGE_OFFSET, TASK_SIZE & friends to page_{32, 64}_types.h Christoph Hellwig
2020-08-18 19:27 ` [PATCH 07/11] x86: move PAGE_OFFSET, TASK_SIZE & friends to page_{32,64}_types.h Kees Cook
2020-08-18 19:27 ` Kees Cook
2020-08-17 7:32 ` [PATCH 08/11] x86: make TASK_SIZE_MAX usable from assembly code Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-18 19:44 ` Kees Cook
2020-08-18 19:44 ` Kees Cook
2020-08-18 19:55 ` Christoph Hellwig
2020-08-18 19:55 ` Christoph Hellwig
2020-08-18 19:59 ` Kees Cook
2020-08-18 19:59 ` Kees Cook
2020-08-18 20:00 ` Christoph Hellwig
2020-08-18 20:00 ` Christoph Hellwig
2020-08-18 20:08 ` Kees Cook
2020-08-18 20:08 ` Kees Cook
2020-08-17 7:32 ` [PATCH 09/11] x86: remove address space overrides using set_fs() Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-17 8:23 ` David Laight
2020-08-17 8:23 ` David Laight
2020-08-27 9:37 ` 'Christoph Hellwig'
2020-08-27 9:37 ` 'Christoph Hellwig'
2020-08-18 19:46 ` Kees Cook
2020-08-18 19:46 ` Kees Cook
2020-08-17 7:32 ` [PATCH 10/11] powerpc: use non-set_fs based maccess routines Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-17 15:47 ` Christophe Leroy
2020-08-17 7:32 ` [PATCH 11/11] powerpc: remove address space overrides using set_fs() Christoph Hellwig
2020-08-17 7:32 ` Christoph Hellwig
2020-08-17 7:39 ` remove the last set_fs() in common code, and remove it for x86 and powerpc Christoph Hellwig
2020-08-17 7:39 ` Christoph Hellwig
2020-08-18 17:46 ` Christophe Leroy
2020-08-18 18:05 ` Christoph Hellwig
2020-08-18 18:05 ` Christoph Hellwig
2020-08-18 18:23 ` Christophe Leroy
2020-08-18 18:23 ` Christophe Leroy
2020-08-19 7:16 ` Christophe Leroy
2020-08-19 7:22 ` iter and normal ops on /dev/zero & co, was " Christoph Hellwig
2020-08-19 7:22 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202008181228.D2DBEC6C6@keescook \
--to=keescook@chromium.org \
--cc=hch@lst.de \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.