| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <jgyz66gu5ormzmr2jrgyyksbm5q2mduvb7w7zxefoamlwe7l6a@o3j77ebpjwyx>
Date: Thu, 23 Jan 2025 11:37:24 +0000
From: Mel Gorman <mgorman@...hsingularity.net>
To: Kees Cook <kees@...nel.org>
Cc: Daniel Micay <danielmicay@...il.com>, Paul Moore <paul@...l-moore.com>,
linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/4] mm: security: Allow default HARDENED_USERCOPY to be
set at compile time
On Wed, Jan 22, 2025 at 04:57:37PM -0800, Kees Cook wrote:
> On Wed, Jan 22, 2025 at 05:19:23PM +0000, Mel Gorman wrote:
> > HARDENED_USERCOPY defaults to on if enabled at compile time. Allow
> > hardened_usercopy= default to be set at compile time similar to
> > init_on_alloc= and init_on_free=. The intent is that hardening
> > options that can be disabled at runtime can set their default at
> > build time.
> >
> > Signed-off-by: Mel Gorman <mgorman@...hsingularity.net>
> > ---
> > Documentation/admin-guide/kernel-parameters.txt | 4 +++-
> > mm/usercopy.c | 3 ++-
> > security/Kconfig.hardening | 8 ++++++++
> > 3 files changed, 13 insertions(+), 2 deletions(-)
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 3872bc6ec49d..5d759b20540a 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -1773,7 +1773,9 @@
> > allocation boundaries as a proactive defense
> > against bounds-checking flaws in the kernel's
> > copy_to_user()/copy_from_user() interface.
> > - on Perform hardened usercopy checks (default).
> > + The default is determined by
> > + CONFIG_HARDENED_USERCOPY_DEFAULT_ON.
> > + on Perform hardened usercopy checks.
> > off Disable hardened usercopy checks.
> >
> > hardlockup_all_cpu_backtrace=
> > diff --git a/mm/usercopy.c b/mm/usercopy.c
> > index 83c164aba6e0..4cf33305347a 100644
> > --- a/mm/usercopy.c
> > +++ b/mm/usercopy.c
> > @@ -255,7 +255,8 @@ void __check_object_size(const void *ptr, unsigned long n, bool to_user)
> > }
> > EXPORT_SYMBOL(__check_object_size);
> >
> > -static bool enable_checks __initdata = true;
> > +static bool enable_checks __initdata =
> > + IS_ENABLED(CONFIG_HARDENED_USERCOPY_DEFAULT_ON);
> >
> > static int __init parse_hardened_usercopy(char *str)
> > {
> > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
> > index 9088d613d519..adcc260839c7 100644
> > --- a/security/Kconfig.hardening
> > +++ b/security/Kconfig.hardening
> > @@ -293,6 +293,14 @@ config HARDENED_USERCOPY
> > or are part of the kernel text. This prevents entire classes
> > of heap overflow exploits and similar kernel memory exposures.
> >
> > +config HARDENED_USERCOPY_DEFAULT_ON
> > + bool "Harden memory copies by default"
> > + depends on HARDENED_USERCOPY
> > + default n
>
> This must be "default HARDENED_USERCOPY" or existing distro builds will
> break. All major distros enable this by default, and I don't want to
> risk HARDENED_USERCOPY_DEFAULT_ON getting missed and getting globally
> disabled.
>
Ok. I dislike that HARDENED_USERCOPY will be inconsistent with INIT_ON*
but it's not a hill I'm willing to die on. Will be in v3
--
Mel Gorman
SUSE Labs
Powered by blists - more mailing lists