From: Kees Cook <keescook@chromium.org>
To: Chris von Recklinghausen <crecklin@redhat.com>
Cc: Laura Abbott <labbott@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH] add param that allows bootline control of hardened usercopy
Date: Mon, 25 Jun 2018 15:35:54 -0700 [thread overview]
Message-ID: <CAGXu5jJGqxKjcWGyAnbkmFebtPor0PEQ+2qpoMCGtjjdYRTHDw@mail.gmail.com> (raw)
In-Reply-To: <2e4d9686-835c-f4be-2647-2344899e3cd4@redhat.com>
On Mon, Jun 25, 2018 at 3:29 PM, Christoph von Recklinghausen
<crecklin@redhat.com> wrote:
> I have a small set of customers that want CONFIG_HARDENED_USERCOPY
> enabled, and a large number of customers who would be impacted by its
> default behavior (before my change). The desire was to have the smaller
> number of users need to change their boot lines to get the behavior they
> wanted. Adding CONFIG_HUC_DEFAULT_OFF was an attempt to preserve the
> default behavior of existing users of CONFIG_HARDENED_USERCOPY (default
> enabled) and allowing that to coexist with the desires of the greater
> number of my customers (default disabled).
>
> If folks think that it's better to have it enabled by default and the
> command line option to turn it off I can do that (it is simpler). Does
> anyone else have opinions one way or the other?
I would prefer to isolate the actual problem case, and fix it if
possible. (i.e. try to make the copy fixed-length, etc) Barring that,
yes, a kernel command line to disable the protection would be okay.
Note that the test needs to be inside __check_object_size() otherwise
the inline optimization with __builtin_constant_p() gets broken and
makes everyone slower. :)
-Kees
--
Kees Cook
Pixel Security
next prev parent reply other threads:[~2018-06-25 22:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1529939300-27461-1-git-send-email-crecklin@redhat.com>
2018-06-25 15:22 ` Christoph von Recklinghausen
2018-06-25 19:44 ` Laura Abbott
2018-06-25 22:29 ` Christoph von Recklinghausen
2018-06-25 22:35 ` Kees Cook [this message]
2018-06-25 23:17 ` Christoph von Recklinghausen
[not found] <CAGXu5jL=aEXHKr5ouVdSKwG-y7xSQFLi=x1nwSjFspYiyKL1Pw@mail.gmail.com>
[not found] ` <64bf81fa-0363-4b46-d8da-94285b592caa@redhat.com>
[not found] ` <a48538cf40c1645669326c92d9600fc98a13a260.camel@redhat.com>
[not found] ` <CAGXu5jKHz=OaU1ejYEB=t-=Gs6gVoRywFbyQw8ThHk6WYG7Qxg@mail.gmail.com>
2018-06-26 17:14 ` Paolo Abeni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5jJGqxKjcWGyAnbkmFebtPor0PEQ+2qpoMCGtjjdYRTHDw@mail.gmail.com \
--to=keescook@chromium.org \
--cc=crecklin@redhat.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox