From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Borislav Petkov <bp@suse.de>,
Andy Lutomirski <luto@kernel.org>,
Mathias Krause <minipli@googlemail.com>,
linux-mm@kvack.org, kernel-hardening@lists.openwall.com,
David Windsor <dave@nullcore.net>
Subject: [PATCH v2 27/30] x86: Implement thread_struct whitelist for hardened usercopy
Date: Mon, 28 Aug 2017 14:35:08 -0700 [thread overview]
Message-ID: <1503956111-36652-28-git-send-email-keescook@chromium.org> (raw)
In-Reply-To: <1503956111-36652-1-git-send-email-keescook@chromium.org>
This whitelists the FPU register state portion of the thread_struct for
copying to userspace, instead of the default entire struct.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Cc: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/x86/Kconfig | 1 +
arch/x86/include/asm/processor.h | 8 ++++++++
2 files changed, 9 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 781521b7cf9e..a8793721483c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -113,6 +113,7 @@ config X86
select HAVE_ARCH_MMAP_RND_COMPAT_BITS if MMU && COMPAT
select HAVE_ARCH_COMPAT_MMAP_BASES if MMU && COMPAT
select HAVE_ARCH_SECCOMP_FILTER
+ select HAVE_ARCH_THREAD_STRUCT_WHITELIST
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 028245e1c42b..dc52ba90f090 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -481,6 +481,14 @@ struct thread_struct {
*/
};
+/* Whitelist the FPU state from the task_struct for hardened usercopy. */
+static inline void arch_thread_struct_whitelist(unsigned long *offset,
+ unsigned long *size)
+{
+ *offset = offsetof(struct thread_struct, fpu.state);
+ *size = fpu_kernel_xstate_size;
+}
+
/*
* Thread-synchronous status.
*
--
2.7.4
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-08-28 21:53 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-28 21:34 [PATCH v2 00/30] Hardened usercopy whitelisting Kees Cook
2017-08-28 21:34 ` [PATCH v2 01/30] usercopy: Prepare for " Kees Cook
2017-08-28 21:34 ` [PATCH v2 02/30] usercopy: Enforce slab cache usercopy region boundaries Kees Cook
2017-08-28 21:34 ` [PATCH v2 03/30] usercopy: Mark kmalloc caches as usercopy caches Kees Cook
2017-08-28 21:34 ` [PATCH v2 04/30] dcache: Define usercopy region in dentry_cache slab cache Kees Cook
2017-08-28 21:34 ` [PATCH v2 05/30] vfs: Define usercopy region in names_cache slab caches Kees Cook
2017-08-28 21:34 ` [PATCH v2 06/30] vfs: Copy struct mount.mnt_id to userspace using put_user() Kees Cook
2017-08-28 21:34 ` [PATCH v2 07/30] ext4: Define usercopy region in ext4_inode_cache slab cache Kees Cook
2017-08-28 21:34 ` [PATCH v2 08/30] ext2: Define usercopy region in ext2_inode_cache " Kees Cook
2017-08-30 11:22 ` Jan Kara
2017-08-28 21:34 ` [PATCH v2 09/30] jfs: Define usercopy region in jfs_ip " Kees Cook
2017-08-28 21:34 ` [PATCH v2 10/30] befs: Define usercopy region in befs_inode_cache " Kees Cook
2017-08-29 10:12 ` Luis de Bethencourt
2017-08-29 15:36 ` Kees Cook
2017-08-29 17:10 ` Luis de Bethencourt
2017-08-28 21:34 ` [PATCH v2 11/30] exofs: Define usercopy region in exofs_inode_cache " Kees Cook
2017-08-28 21:34 ` [PATCH v2 12/30] orangefs: Define usercopy region in orangefs_inode_cache " Kees Cook
2017-08-28 21:34 ` [PATCH v2 13/30] ufs: Define usercopy region in ufs_inode_cache " Kees Cook
2017-08-28 21:34 ` [PATCH v2 14/30] vxfs: Define usercopy region in vxfs_inode " Kees Cook
2017-08-28 21:34 ` [PATCH v2 15/30] xfs: Define usercopy region in xfs_inode " Kees Cook
2017-08-28 21:49 ` Darrick J. Wong
2017-08-28 21:57 ` Kees Cook
2017-08-29 4:47 ` Darrick J. Wong
2017-08-29 18:48 ` Kees Cook
2017-08-29 19:00 ` Darrick J. Wong
2017-08-29 22:15 ` Dave Chinner
2017-08-29 22:25 ` Kees Cook
2017-08-29 8:14 ` Christoph Hellwig
2017-08-29 12:31 ` Dave Chinner
2017-08-29 12:45 ` Christoph Hellwig
2017-08-29 21:51 ` Dave Chinner
2017-08-30 7:14 ` Christoph Hellwig
2017-08-30 8:05 ` Dave Chinner
2017-08-30 8:33 ` Christoph Hellwig
2017-08-29 18:55 ` Kees Cook
2017-08-28 21:34 ` [PATCH v2 16/30] cifs: Define usercopy region in cifs_request " Kees Cook
2017-08-28 21:34 ` [PATCH v2 17/30] scsi: Define usercopy region in scsi_sense_cache " Kees Cook
2017-08-28 21:42 ` Bart Van Assche
2017-08-28 21:52 ` Kees Cook
2017-08-28 21:34 ` [PATCH v2 18/30] net: Define usercopy region in struct proto " Kees Cook
2017-08-28 21:35 ` [PATCH v2 19/30] ip: Define usercopy region in IP " Kees Cook
2017-08-28 21:35 ` [PATCH v2 20/30] caif: Define usercopy region in caif " Kees Cook
2017-08-28 21:35 ` [PATCH v2 21/30] sctp: Define usercopy region in SCTP " Kees Cook
2017-08-28 21:35 ` [PATCH v2 22/30] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() Kees Cook
2017-08-28 21:35 ` [PATCH v2 23/30] net: Restrict unwhitelisted proto caches to size 0 Kees Cook
2017-08-28 21:35 ` [PATCH v2 24/30] fork: Define usercopy region in mm_struct slab caches Kees Cook
2017-08-30 19:29 ` [kernel-hardening] " Rik van Riel
2017-08-28 21:35 ` [PATCH v2 25/30] fork: Define usercopy region in thread_stack " Kees Cook
2017-08-30 18:55 ` [kernel-hardening] " Rik van Riel
2017-08-28 21:35 ` [PATCH v2 26/30] fork: Provide usercopy whitelisting for task_struct Kees Cook
2017-08-30 18:55 ` [kernel-hardening] " Rik van Riel
2017-08-28 21:35 ` Kees Cook [this message]
2017-08-30 18:55 ` [kernel-hardening] [PATCH v2 27/30] x86: Implement thread_struct whitelist for hardened usercopy Rik van Riel
2017-08-28 21:35 ` [PATCH v2 28/30] arm64: " Kees Cook
2017-08-28 21:35 ` [PATCH v2 29/30] arm: " Kees Cook
2017-08-28 21:35 ` [PATCH v2 30/30] usercopy: Restrict non-usercopy caches to size 0 Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1503956111-36652-28-git-send-email-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=bp@suse.de \
--cc=dave@nullcore.net \
--cc=hpa@zytor.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=minipli@googlemail.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox