From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,FSL_HELO_FAKE,MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED, USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0FC7C10F14 for ; Wed, 10 Apr 2019 23:12:04 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5FD4C217D4 for ; Wed, 10 Apr 2019 23:12:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="csrtEh3l"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="f81Qq4io" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5FD4C217D4 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=OfJ0hBN8yW3Z+iGP4vjpmwZtAR8GdiXxG5CHim9QqQ4=; b=csrtEh3lmj/nT0 /joCKdwTKSyXWFcRM2mmbkOn0GN1r4ODQm2jiASJetiO6tZFEUNKOvtPlJPRFryW1DcUcDlg2DPFl enfudAVsFecpRwb4Wr5//ZZ0oHaU9+UMPObaz0PpwcsgOpOhjHjTdSnHGeAPHIpIoDMRqktk/OBXP sX/vz2iE0zjarxTCW+hBDJE1zZKSYT/ZXtC5a74TKzdGw6rQMP+2lCKR6XC7MYOF//FILlUkR+l91 rES++JB060/GZ5YYi6fZucBTop837sKKpmirkhmB6m+lLuxR2kQ9+ZCMqbfG6rz89LdhWGbcb+6Sx YGaCqn4r5dgePlcRUtzg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEMNv-0002sN-Ev; Wed, 10 Apr 2019 23:12:03 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hEMNs-0002rw-I7 for linux-arm-kernel@lists.infradead.org; Wed, 10 Apr 2019 23:12:01 +0000 Received: from gmail.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6CE1D20850; Wed, 10 Apr 2019 23:11:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554937919; bh=q6C6asliB+R3GiA6MRBIkiZPDalhAROlS4ZO33DglG0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=f81Qq4iocQpcOMtiR/t0Rc4UGVCF32ESP7I2KWwf81yZwHCWE9mGd9sRVmo1c0Xlv /y9pJUesNDA1OihDE32NMDVFKUK+ByAhVfv/WJT/nXo25R1ENmGuBxDC5/h8G4E99R e406h9JxbuxcxrU7vgv31/fKl9m+ewipryJAmJtQ= Date: Wed, 10 Apr 2019 16:11:58 -0700 From: Eric Biggers To: Kees Cook Subject: Re: crypto: Kernel memory overwrite attempt detected to spans multiple pages Message-ID: <20190410231156.GB120258@gmail.com> References: <20190319170911.GB202956@gmail.com> <20190320185719.GB180195@gmail.com> <20190321175122.GA1587@sol.localdomain> <20190410031734.GB7140@sol.localdomain> <20190410190729.GA120258@gmail.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190410_161200_618942_30D0B6C3 X-CRM114-Status: GOOD ( 14.97 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Herbert Xu , Rik van Riel , Linux Kernel Mailing List , linux-security-module , Geert Uytterhoeven , Linux Crypto Mailing List , Laura Abbott , Linux ARM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Apr 10, 2019 at 02:57:46PM -0700, Kees Cook wrote: > On Wed, Apr 10, 2019 at 12:07 PM Eric Biggers wrote: > > That didn't answer my question. My question is what is the purpose of this? If > > there was actual buffer overflow when __GFP_COMP isn't specified that would make > > perfect sense, but AFAICS there isn't. So why does hardened usercopy consider > > it broken when __GFP_COMP isn't specified? > > The goal of CONFIG_HARDENED_USERCOPY_PAGESPAN was to detect copies > across page boundaries in memory allocated by the page allocator. > There appear to be enough cases of allocations that span pages but do > not mark them with __GFP_COMP, so this logic hasn't proven useful in > the real world (which is why no one should use the ..._PAGESPAN config > in production). I'd like to get the kernel to the point where hardened > usercopy can correctly do these checks (right now it's mainly only > useful at checking for overflows in slub and slab), but it'll take > time/focus for a while. No one has had time yet to track all of these > down and fix them. (I defer to Laura and Rik on the design of the > pagespan checks; they did the bulk of the work there.) > > Does that help explain it, or am I still missing your question? > > -- > Kees Cook You've explained *what* it does again, but not *why*. *Why* do you want hardened usercopy to detect copies across page boundaries, when there is no actual buffer overflow? - Eric _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel