From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Casey Schaufler <casey@schaufler-ca.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Linux-MM <linux-mm@kvack.org>, "x86@kernel.org" <x86@kernel.org>,
Jann Horn <jannh@google.com>,
Christoph Hellwig <hch@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [RFC v2 5/9] S.A.R.A. WX Protection
Date: Thu, 29 Jun 2017 21:39:20 +0200 [thread overview]
Message-ID: <CAJHCu1Lr9KOdheHMO6tkaatizDpcgjAd3ouxiUxSeVyQPpkXOg@mail.gmail.com> (raw)
In-Reply-To: <CAGXu5jJuQx2qOt_aDqDQDcqGOZ5kmr5rQ9Zjv=MRRCJ65ERfGw@mail.gmail.com>
2017-06-28 1:04 GMT+02:00 Kees Cook <keescook@chromium.org>:
> On Thu, Jun 15, 2017 at 9:42 AM, Salvatore Mesoraca
> <s.mesoraca16@gmail.com> wrote:
>> +static int sara_check_vmflags(vm_flags_t vm_flags)
>> +{
>> + u16 sara_wxp_flags = get_current_sara_wxp_flags();
>> +
>> + if (sara_enabled && wxprot_enabled) {
>> + if (sara_wxp_flags & SARA_WXP_WXORX &&
>> + vm_flags & VM_WRITE &&
>> + vm_flags & VM_EXEC) {
>> + if ((sara_wxp_flags & SARA_WXP_VERBOSE))
>> + pr_wxp("W^X");
>> + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN))
>> + return -EPERM;
>> + }
>> + if (sara_wxp_flags & SARA_WXP_MMAP &&
>> + (vm_flags & VM_EXEC ||
>> + (!(vm_flags & VM_MAYWRITE) && (vm_flags & VM_MAYEXEC))) &&
>> + get_current_sara_mmap_blocked()) {
>> + if ((sara_wxp_flags & SARA_WXP_VERBOSE))
>> + pr_wxp("executable mmap");
>> + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN))
>> + return -EPERM;
>> + }
>> + }
>
> Given the subtle differences between these various if blocks (here and
> in the other hook), I think it would be nice to have some beefy
> comments here to describe specifically what's being checked (and why).
> It'll help others review this code, and help validate code against
> intent.
>
> I would also try to minimize the written code by creating a macro for
> a repeated pattern here:
>
>> + if ((sara_wxp_flags & SARA_WXP_VERBOSE))
>> + pr_wxp("mprotect on file mmap");
>> + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN))
>> + return -EACCES;
>
> These four lines are repeated several times with only the const char *
> and return value changing. Perhaps something like:
>
> #define sara_return(err, msg) do { \
> if ((sara_wxp_flags & SARA_WXP_VERBOSE)) \
> pr_wxp(err); \
> if (!(sara_wxp_flags & SARA_WXP_COMPLAIN)) \
> return -err; \
> } while (0)
>
> Then each if block turns into something quite easier to parse:
>
> if (sara_wxp_flags & SARA_WXP_WXORX &&
> vm_flags & VM_WRITE &&
> vm_flags & VM_EXEC)
> sara_return(EPERM, "W^X");
I absolutely agree with all of the above. These issues will be addressed in v3.
Thank you for your contribution.
Salvatore
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-06-29 19:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-15 16:42 [RFC v2 0/9] S.A.R.A. a new stacked LSM Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 1/9] S.A.R.A. Documentation Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 2/9] S.A.R.A. framework creation Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 3/9] Creation of "check_vmflags" LSM hook Salvatore Mesoraca
2017-06-27 23:05 ` Kees Cook
2017-06-29 19:28 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 4/9] S.A.R.A. cred blob management Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 5/9] S.A.R.A. WX Protection Salvatore Mesoraca
2017-06-27 23:04 ` Kees Cook
2017-06-29 19:39 ` Salvatore Mesoraca [this message]
2017-06-15 16:42 ` [RFC v2 6/9] Creation of "pagefault_handler_x86" LSM hook Salvatore Mesoraca
2017-06-27 23:07 ` Kees Cook
2017-06-29 19:30 ` Salvatore Mesoraca
2017-06-29 20:20 ` Kees Cook
2017-06-15 16:42 ` [RFC v2 7/9] Trampoline emulation Salvatore Mesoraca
2017-06-15 16:47 ` [kernel-hardening] " aconcernedfossdev
2017-06-15 17:19 ` Salvatore Mesoraca
2017-06-27 23:13 ` Kees Cook
2017-06-29 19:35 ` Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 8/9] Allowing for stacking procattr support in S.A.R.A Salvatore Mesoraca
2017-06-15 16:42 ` [RFC v2 9/9] S.A.R.A. WX Protection procattr interface Salvatore Mesoraca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJHCu1Lr9KOdheHMO6tkaatizDpcgjAd3ouxiUxSeVyQPpkXOg@mail.gmail.com \
--to=s.mesoraca16@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=hch@infradead.org \
--cc=james.l.morris@oracle.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=serge@hallyn.com \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox