From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f70.google.com (mail-wm0-f70.google.com [74.125.82.70]) by kanga.kvack.org (Postfix) with ESMTP id BCEB16B0005 for ; Fri, 15 Jul 2016 00:25:45 -0400 (EDT) Received: by mail-wm0-f70.google.com with SMTP id f126so6266201wma.3 for ; Thu, 14 Jul 2016 21:25:45 -0700 (PDT) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com. [2a00:1450:400c:c09::231]) by mx.google.com with ESMTPS id b70si1317192wmg.18.2016.07.14.21.25.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Jul 2016 21:25:44 -0700 (PDT) Received: by mail-wm0-x231.google.com with SMTP id f65so10976279wmi.0 for ; Thu, 14 Jul 2016 21:25:44 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20160714232019.GA28254@350D> References: <1468446964-22213-1-git-send-email-keescook@chromium.org> <1468446964-22213-3-git-send-email-keescook@chromium.org> <20160714232019.GA28254@350D> From: Kees Cook Date: Thu, 14 Jul 2016 21:25:42 -0700 Message-ID: Subject: Re: [PATCH v2 02/11] mm: Hardened usercopy Content-Type: text/plain; charset=UTF-8 Sender: owner-linux-mm@kvack.org List-ID: To: bsingharora@gmail.com Cc: LKML , Rik van Riel , Casey Schaufler , PaX Team , Brad Spengler , Russell King , Catalin Marinas , Will Deacon , Ard Biesheuvel , Benjamin Herrenschmidt , Michael Ellerman , Tony Luck , Fenghua Yu , "David S. Miller" , "x86@kernel.org" , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Andy Lutomirski , Borislav Petkov , Mathias Krause , Jan Kara , Vitaly Wool , Andrea Arcangeli , Dmitry Vyukov , Laura Abbott , "linux-arm-kernel@lists.infradead.org" , linux-ia64@vger.kernel.org, "linuxppc-dev@lists.ozlabs.org" , sparclinux , linux-arch , Linux-MM , "kernel-hardening@lists.openwall.com" On Thu, Jul 14, 2016 at 4:20 PM, Balbir Singh wrote: > On Wed, Jul 13, 2016 at 02:55:55PM -0700, Kees Cook wrote: >> [...] >> +++ b/mm/usercopy.c >> @@ -0,0 +1,219 @@ >> [...] >> +/* >> + * Checks if a given pointer and length is contained by the current >> + * stack frame (if possible). >> + * >> + * 0: not at all on the stack >> + * 1: fully within a valid stack frame >> + * 2: fully on the stack (when can't do frame-checking) >> + * -1: error condition (invalid stack position or bad stack frame) > > Can we use enums? Makes it easier to read/debug Sure, I will update this. >> [...] >> +static void report_usercopy(const void *ptr, unsigned long len, >> + bool to_user, const char *type) >> +{ >> + pr_emerg("kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", >> + to_user ? "exposure" : "overwrite", >> + to_user ? "from" : "to", ptr, type ? : "unknown", len); >> + dump_stack(); >> + do_group_exit(SIGKILL); > > SIGKILL -- SIGBUS? I'd like to keep SIGKILL since it indicates a process fiddling with a kernel bug. The real problem here is that there doesn't seem to be an arch-independent way to Oops the kernel and kill a process ("die()" is closest, but it's defined on a per-arch basis with varying arguments). This could be a BUG, but I'd rather not panic the entire kernel. -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org