Re: [PATCH v3 01/31] usercopy: Prepare for usercopy whitelisting

[PATCH v3 00/31] Hardened usercopy whitelisting · Kees Cook <hidden> · 2017-09-20
[PATCH v3 01/31] usercopy: Prepare for usercopy whitelisting · Kees Cook <hidden> · 2017-09-20
Re: [PATCH v3 01/31] usercopy: Prepare for usercopy whitelisting · Christopher Lameter <hidden> · 2017-09-21
[PATCH v3 02/31] usercopy: Enforce slab cache usercopy region boundaries · Kees Cook <hidden> · 2017-09-20
Re: [PATCH v3 02/31] usercopy: Enforce slab cache usercopy region boundaries · Christopher Lameter <hidden> · 2017-09-21
[PATCH v3 03/31] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2017-09-20
Re: [PATCH v3 03/31] usercopy: Mark kmalloc caches as usercopy caches · Christopher Lameter <hidden> · 2017-09-21
Re: [kernel-hardening] Re: [PATCH v3 03/31] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2017-09-21
Re: [kernel-hardening] Re: [PATCH v3 03/31] usercopy: Mark kmalloc caches as usercopy caches · Christopher Lameter <hidden> · 2017-09-21
Re: [kernel-hardening] Re: [PATCH v3 03/31] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2017-09-21
[PATCH v3 04/31] dcache: Define usercopy region in dentry_cache slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 05/31] vfs: Define usercopy region in names_cache slab caches · Kees Cook <hidden> · 2017-09-20
[PATCH v3 06/31] vfs: Copy struct mount.mnt_id to userspace using put_user() · Kees Cook <hidden> · 2017-09-20
[PATCH v3 07/31] ext4: Define usercopy region in ext4_inode_cache slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 08/31] ext2: Define usercopy region in ext2_inode_cache slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 09/31] jfs: Define usercopy region in jfs_ip slab cache · Kees Cook <hidden> · 2017-09-20
Re: [PATCH v3 09/31] jfs: Define usercopy region in jfs_ip slab cache · Dave Kleikamp <hidden> · 2017-09-22
[PATCH v3 10/31] befs: Define usercopy region in befs_inode_cache slab cache · Kees Cook <hidden> · 2017-09-20
Re: [PATCH v3 10/31] befs: Define usercopy region in befs_inode_cache slab cache · Luis de Bethencourt <luisbg@kernel.org> · 2017-09-21
[PATCH v3 11/31] exofs: Define usercopy region in exofs_inode_cache slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 12/31] orangefs: Define usercopy region in orangefs_inode_cache slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 13/31] ufs: Define usercopy region in ufs_inode_cache slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 14/31] vxfs: Define usercopy region in vxfs_inode slab cache · Kees Cook <hidden> · 2017-09-20
Re: [PATCH v3 14/31] vxfs: Define usercopy region in vxfs_inode slab cache · Christoph Hellwig <hch@infradead.org> · 2017-09-20
Re: [PATCH v3 14/31] vxfs: Define usercopy region in vxfs_inode slab cache · Kees Cook <hidden> · 2017-09-20
Re: [PATCH v3 14/31] vxfs: Define usercopy region in vxfs_inode slab cache · Christoph Hellwig <hch@infradead.org> · 2017-09-20
[PATCH v3 15/31] xfs: Define usercopy region in xfs_inode slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 16/31] cifs: Define usercopy region in cifs_request slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 17/31] scsi: Define usercopy region in scsi_sense_cache slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 18/31] net: Define usercopy region in struct proto slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 19/31] ip: Define usercopy region in IP proto slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 20/31] caif: Define usercopy region in caif proto slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 21/31] sctp: Define usercopy region in SCTP proto slab cache · Kees Cook <hidden> · 2017-09-20
[PATCH v3 22/31] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() · Kees Cook <hidden> · 2017-09-20
[PATCH v3 23/31] net: Restrict unwhitelisted proto caches to size 0 · Kees Cook <hidden> · 2017-09-20
[PATCH v3 24/31] fork: Define usercopy region in mm_struct slab caches · Kees Cook <hidden> · 2017-09-20
[PATCH v3 25/31] fork: Define usercopy region in thread_stack slab caches · Kees Cook <hidden> · 2017-09-20
[PATCH v3 26/31] fork: Provide usercopy whitelisting for task_struct · Kees Cook <hidden> · 2017-09-20
[PATCH v3 27/31] x86: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2017-09-20
[PATCH v3 28/31] arm64: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2017-09-20
[PATCH v3 29/31] arm: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2017-09-20
[PATCH v3 30/31] usercopy: Restrict non-usercopy caches to size 0 · Kees Cook <hidden> · 2017-09-20
[PATCH v3 31/31] lkdtm: Update usercopy tests for whitelisting · Kees Cook <hidden> · 2017-09-20

From: Christopher Lameter <hidden>
Date: 2017-09-21 15:21:16
Also in: linux-fsdevel, linux-mm, linux-xfs, lkml

On Wed, 20 Sep 2017, Kees Cook wrote:

quoted hunk ↗ jump to hunk

diff --git a/include/linux/stddef.h b/include/linux/stddef.h
index 9c61c7cda936..f00355086fb2 100644
--- a/include/linux/stddef.h
+++ b/include/linux/stddef.h

@@ -18,6 +18,8 @@ enum {
 #define offsetof(TYPE, MEMBER)	((size_t)&((TYPE *)0)->MEMBER)
 #endif

+#define sizeof_field(structure, field) sizeof((((structure *)0)->field))
+
 /**
  * offsetofend(TYPE, MEMBER)
  *

Hmmm.. Is that really necessary? Code knows the type of field and can
use sizeof type.

Also this is a non slab change hidden in the patchset.

quoted hunk ↗ jump to hunk

diff --git a/mm/slab_common.c b/mm/slab_common.c
index 904a83be82de..36408f5f2a34 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c

@@ -272,6 +272,9 @@ int slab_unmergeable(struct kmem_cache *s)
 	if (s->ctor)
 		return 1;

+	if (s->usersize)
+		return 1;
+
 	/*
 	 * We may have set a slab to be unmergeable during bootstrap.
 	 */

This will ultimately make all slabs unmergeable at the end of your
patchset? Lots of space will be wasted. Is there any way to make this
feature optional?

#ifdef CONFIG_HARDENED around this?

quoted hunk ↗ jump to hunk

@@ -491,6 +509,15 @@ kmem_cache_create(const char *name, size_t size, size_t align,
 	}
 	return s;
 }
+EXPORT_SYMBOL(kmem_cache_create_usercopy);
+
+struct kmem_cache *
+kmem_cache_create(const char *name, size_t size, size_t align,
+		unsigned long flags, void (*ctor)(void *))
+{
+	return kmem_cache_create_usercopy(name, size, align, flags, 0, size,
+					  ctor);
+}
 EXPORT_SYMBOL(kmem_cache_create);

Well this makes the slab created unmergeable.

quoted hunk ↗ jump to hunk

@@ -897,7 +927,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
 	if (!s)
 		panic("Out of memory when creating slab %s\n", name);

-	create_boot_cache(s, name, size, flags);
+	create_boot_cache(s, name, size, flags, 0, size);

Ok this makes the kmalloc array unmergeable.

quoted hunk ↗ jump to hunk

@@ -5081,6 +5081,12 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
 SLAB_ATTR_RO(cache_dma);
 #endif

+static ssize_t usersize_show(struct kmem_cache *s, char *buf)
+{
+	return sprintf(buf, "%zu\n", s->usersize);
+}
+SLAB_ATTR_RO(usersize);
+
 static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
 {
 	return sprintf(buf, "%d\n", !!(s->flags & SLAB_TYPESAFE_BY_RCU));
@@ -5455,6 +5461,7 @@ static struct attribute *slab_attrs[] = {
 #ifdef CONFIG_FAILSLAB
 	&failslab_attr.attr,
 #endif
+	&usersize_attr.attr,

So useroffset is not exposed?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help