lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190211175935.4602-4-will.deacon@arm.com>
Date:   Mon, 11 Feb 2019 17:59:34 +0000
From:   Will Deacon <will.deacon@....com>
To:     linux-kernel@...r.kernel.org
Cc:     Will Deacon <will.deacon@....com>,
        Kees Cook <keescook@...omium.org>,
        Jann Horn <jannh@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Matthew Wilcox <willy@...radead.org>,
        Michal Hocko <mhocko@...e.com>,
        Peter Zijlstra <peterz@...radead.org>
Subject: [RFC PATCH 3/4] mm: Add kconfig entries for user stack pointer checking

Provide Kconfig entries to enable/disable user stack pointer checking
and also for architectures to expose the system call controls via
prctl() once they have augmented their system call entry path to perform
the necessary checks.

Cc: Kees Cook <keescook@...omium.org>
Cc: Jann Horn <jannh@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Matthew Wilcox <willy@...radead.org>
Cc: Michal Hocko <mhocko@...e.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Signed-off-by: Will Deacon <will.deacon@....com>
---
 mm/Kconfig | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/mm/Kconfig b/mm/Kconfig
index 25c71eb8a7db..35f044162501 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -758,4 +758,21 @@ config GUP_BENCHMARK
 config ARCH_HAS_PTE_SPECIAL
 	bool
 
+config USER_STACK_POINTER_CHECKS
+	bool "Check user stack pointer points to stack pages"
+	depends on MMU
+	default y
+	help
+	  This feature can be used to enforce that the user stack pointer
+	  points to either the kernel-allocated user stack or a mapping
+	  created with the MAP_STACK flag.
+
+	  By default, no checks are performed, and an application must
+	  opt-in via the PR_SP_CHECK prctl() system call if it wishes to
+	  enable checking. Checking can be independently controlled for
+	  system calls and page fault handling.
+
+config ARCH_HAS_USP_CHECK_SYSCALL
+	bool
+
 endmenu
-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ