[kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
From: mingo@kernel.org (Ingo Molnar)
Date: 2017-05-12 06:57:41
Also in:
linux-api, linux-s390, lkml
* Kees Cook [off-list ref] wrote:
quoted
git commit b5a882fcf146c87cb6b67c6df353e1c042b8773d "s390: restore address space when returning to user space".If I'm understanding this, it won't catch corruption of addr_limit during fast-path syscalls, though (i.e. addr_limit changed without a call to set_fs()). :(
Nor does it, or the patch you propose, protect against against something corrupting task->mm pointer, or the task->*uid values, or any of the myriads of security relevant values stored in the task structure! Making sure API (set_fs()) usage is bug-free and protecting against the effects of general data corruption are two unrelated things that should not mixed. Thanks, Ingo