| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5j+gZcACiLNttZmRTiWJVRZzCfE8Zjjv=gOaziKEufLUYA@mail.gmail.com> Date: Wed, 17 Aug 2016 14:50:35 -0700 From: Kees Cook <keescook@...omium.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Rik van Riel <riel@...hat.com>, kernel test robot <xiaolong.ye@...el.com>, LKP <lkp@...org>, LKML <linux-kernel@...r.kernel.org>, Valdis Kletnieks <valdis.kletnieks@...edu> Subject: Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75! On Wed, Aug 17, 2016 at 2:45 PM, Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Wed, Aug 17, 2016 at 2:37 PM, Rik van Riel <riel@...hat.com> wrote: >> >> This particular allocation is through kmalloc, but the >> kernel in question has CONFIG_SLOB=y, and usercopy has >> no code in mm/slob.c > > Oh, I didn't notice that. > > Maybe we can just say that HARDENING depends on !SLOB for now, and see > if anything else shows up. This logic (for avoiding uninstrumented allocators, which is only SLOB) already exists (via CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR). And PageSlab(page) should be catching this, so that the logic of "this is from the allocator, so we must use its checker" is supposed to get invoked. > Maybe we don't have any code that copies data from (non-kmalloc) > multi-order allocations to user space. > > Networking does, but seems to use __GFP_COMP, at least in the one case > I checked (skbuff). Was this allocation really through kmalloc? -Kees -- Kees Cook Nexus Security
Powered by blists - more mailing lists