| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5j+Ub2-jmTa-XmF90Gd+ze1os+eqk_yijouCSQoLvU1hNQ@mail.gmail.com> Date: Thu, 14 Jul 2016 21:29:25 -0700 From: Kees Cook <keescook@...omium.org> To: Balbir Singh <bsingharora@...il.com> Cc: LKML <linux-kernel@...r.kernel.org>, Rik van Riel <riel@...hat.com>, Casey Schaufler <casey@...aufler-ca.com>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Russell King <linux@...linux.org.uk>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Michael Ellerman <mpe@...erman.id.au>, Tony Luck <tony.luck@...el.com>, Fenghua Yu <fenghua.yu@...el.com>, "David S. Miller" <davem@...emloft.net>, "x86@...nel.org" <x86@...nel.org>, Christoph Lameter <cl@...ux.com>, Pekka Enberg <penberg@...nel.org>, David Rientjes <rientjes@...gle.com>, Joonsoo Kim <iamjoonsoo.kim@....com>, Andrew Morton <akpm@...ux-foundation.org>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...e.de>, Mathias Krause <minipli@...glemail.com>, Jan Kara <jack@...e.cz>, Vitaly Wool <vitalywool@...il.com>, Andrea Arcangeli <aarcange@...hat.com>, Dmitry Vyukov <dvyukov@...gle.com>, Laura Abbott <labbott@...oraproject.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, linux-ia64@...r.kernel.org, "linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>, sparclinux <sparclinux@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: [PATCH v2 11/11] mm: SLUB hardened usercopy support On Thu, Jul 14, 2016 at 7:05 PM, Balbir Singh <bsingharora@...il.com> wrote: > On Wed, Jul 13, 2016 at 02:56:04PM -0700, Kees Cook wrote: >> Under CONFIG_HARDENED_USERCOPY, this adds object size checking to the >> SLUB allocator to catch any copies that may span objects. Includes a >> redzone handling fix from Michael Ellerman. >> >> Based on code from PaX and grsecurity. >> >> Signed-off-by: Kees Cook <keescook@...omium.org> >> --- >> init/Kconfig | 1 + >> mm/slub.c | 36 ++++++++++++++++++++++++++++++++++++ >> 2 files changed, 37 insertions(+) >> >> diff --git a/init/Kconfig b/init/Kconfig >> index 798c2020ee7c..1c4711819dfd 100644 >> --- a/init/Kconfig >> +++ b/init/Kconfig >> @@ -1765,6 +1765,7 @@ config SLAB >> >> config SLUB >> bool "SLUB (Unqueued Allocator)" >> + select HAVE_HARDENED_USERCOPY_ALLOCATOR > > Should this patch come in earlier from a build perspective? I think > patch 1 introduces and uses __check_heap_object. __check_heap_object in patch 1 is protected by a check for CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR. It seemed better to be to do arch enablement first, and then add the per-allocator heap object size check since it was a distinct piece. I'm happy to rearrange things, though, if there's a good reason. -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists