Re: [PATCH 1/9] mm: Hardened usercopy

From: Kees Cook
Date: Thu Jul 07 2016 - 13:41:46 EST

Next message: Robert Jarzmik: "Re: [RFC] [PATCH v2 1/3] scatterlist: Add support to clone scatterlist"
Previous message: Andreas Noever: "Re: [PATCH v2 00/13] Runtime PM for Thunderbolt on Macs"
In reply to: Rik van Riel: "Re: [PATCH 1/9] mm: Hardened usercopy"
Next in thread: Kees Cook: "[PATCH 7/9] sparc/uaccess: Enable hardened usercopy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 7, 2016 at 12:35 PM, Rik van Riel <riel@xxxxxxxxxx> wrote:
> On Wed, 2016-07-06 at 15:25 -0700, Kees Cook wrote:
>>
>> + /* Allow kernel rodata region (if not marked as Reserved).
>> */
>> + if (ptr >= (const void *)__start_rodata &&
>> + end <= (const void *)__end_rodata)
>> + return NULL;
>>
> One comment here.
>
> __check_object_size gets "to_user" as an argument.
>
> It may make sense to pass that to check_heap_object, and
> only allow copy_to_user from rodata, never copy_from_user,
> since that section should be read only.

Well, that's two votes for this extra check, but I'm still not sure
since it may already be allowed by the Reserved check, but I can
reorder things to _reject_ on rodata writes before the Reserved check,
etc.

I'll see what could work here...

-Kees

>
>> +void __check_object_size(const void *ptr, unsigned long n, bool
>> to_user)
>> +{
>>
>
> --
>
> All Rights Reversed.

--
Kees Cook
Chrome OS & Brillo Security

Next message: Robert Jarzmik: "Re: [RFC] [PATCH v2 1/3] scatterlist: Add support to clone scatterlist"
Previous message: Andreas Noever: "Re: [PATCH v2 00/13] Runtime PM for Thunderbolt on Macs"
In reply to: Rik van Riel: "Re: [PATCH 1/9] mm: Hardened usercopy"
Next in thread: Kees Cook: "[PATCH 7/9] sparc/uaccess: Enable hardened usercopy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]