[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202112131548.F76CB37@keescook>
Date: Mon, 13 Dec 2021 15:50:34 -0800
From: Kees Cook <keescook@...omium.org>
To: Matthew Wilcox <willy@...radead.org>
Cc: linux-mm@...ck.org, Thomas Gleixner <tglx@...utronix.de>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH v3 3/3] mm/usercopy: Detect compound page overruns
On Mon, Dec 13, 2021 at 11:44:33PM +0000, Matthew Wilcox wrote:
> On Mon, Dec 13, 2021 at 12:52:22PM -0800, Kees Cook wrote:
> > On Mon, Dec 13, 2021 at 02:27:03PM +0000, Matthew Wilcox (Oracle) wrote:
> > > Move the compound page overrun detection out of
> > > CONFIG_HARDENED_USERCOPY_PAGESPAN so it's enabled for more people.
> >
> > I'd argue that everything else enabled by USERCOPY_PAGESPAN could be
> > removed now too. Do you want to add a 4th patch to rip that out?
> >
> > https://github.com/KSPP/linux/issues/163
>
> I don't mind ... is it your assessment that it's not worth checking for
> a copy_to/from_user that spans a boundary between a reserved and
> !reserved page, or overlaps the boundary of rodata/bss/data/CMA?
>
> I have no basis on which to judge that, so it's really up to you.
It's always been a problem because some arch mark the kernel as reserved,
so we have to do all the allow-listing first, which is tedious. I'd
certainly like to add all the checks possible, but rationally, we need
to keep only the stuff that is fast, useful, or both. PAGESPAN has been
disabled almost everywhere, too, so I don't think it's a loss.
--
Kees Cook
Powered by blists - more mailing lists