Re: [PATCH 34/38] arm: Implement thread_struct whitelist for hardened usercopy

[PATCH v5 00/38] Hardened usercopy whitelisting · Kees Cook <hidden> · 2018-01-11
[PATCH 01/38] usercopy: Remove pointer from overflow report · Kees Cook <hidden> · 2018-01-11
[PATCH 02/38] usercopy: Enhance and rename report_usercopy() · Kees Cook <hidden> · 2018-01-11
Re: [PATCH 02/38] usercopy: Enhance and rename report_usercopy() · Christopher Lameter <hidden> · 2018-01-11
Re: [PATCH 02/38] usercopy: Enhance and rename report_usercopy() · Kees Cook <hidden> · 2018-01-14
[PATCH 03/38] usercopy: Include offset in hardened usercopy report · Kees Cook <hidden> · 2018-01-11
[PATCH 04/38] lkdtm/usercopy: Adjust test to include an offset to check reporting · Kees Cook <hidden> · 2018-01-11
[PATCH 05/38] stddef.h: Introduce sizeof_field() · Kees Cook <hidden> · 2018-01-11
[PATCH 06/38] usercopy: Prepare for usercopy whitelisting · Kees Cook <hidden> · 2018-01-11
[PATCH 07/38] usercopy: WARN() on slab cache usercopy region violations · Kees Cook <hidden> · 2018-01-11
[PATCH 08/38] usercopy: Allow strict enforcement of whitelists · Kees Cook <hidden> · 2018-01-11
[PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2018-01-11
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Jiri Slaby <hidden> · 2019-11-12
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2019-11-12
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2019-11-15
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Jiri Slaby <hidden> · 2020-01-23
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2020-01-27
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christian Borntraeger <hidden> · 2020-01-28
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2020-01-28
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Ursula Braun <hidden> · 2020-01-29
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christopher Lameter <hidden> · 2020-01-29
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christian Borntraeger <hidden> · 2020-01-29
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christoph Hellwig <hch@infradead.org> · 2020-01-29
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christian Borntraeger <hidden> · 2020-01-29
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2020-01-30
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Jann Horn <jannh@google.com> · 2020-01-31
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2020-02-01
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Jann Horn <jannh@google.com> · 2020-02-01
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Matthew Wilcox <willy@infradead.org> · 2020-02-03
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christoph Hellwig <hch@infradead.org> · 2020-02-03
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christopher Lameter <hidden> · 2020-02-03
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Vlastimil Babka <hidden> · 2020-04-07
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christian Borntraeger <hidden> · 2020-04-07
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Jiri Slaby <hidden> · 2020-04-20
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Kees Cook <hidden> · 2020-04-20
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christoph Hellwig <hch@infradead.org> · 2020-02-03
Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches · Christoph Hellwig <hch@infradead.org> · 2020-02-03
[PATCH 10/38] dcache: Define usercopy region in dentry_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 11/38] vfs: Define usercopy region in names_cache slab caches · Kees Cook <hidden> · 2018-01-11
[PATCH 12/38] vfs: Copy struct mount.mnt_id to userspace using put_user() · Kees Cook <hidden> · 2018-01-11
[PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache · Theodore Ts'o <tytso@mit.edu> · 2018-01-11
Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache · Matthew Wilcox <willy@infradead.org> · 2018-01-14
Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 14/38] ext2: Define usercopy region in ext2_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 15/38] jfs: Define usercopy region in jfs_ip slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 16/38] befs: Define usercopy region in befs_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 17/38] exofs: Define usercopy region in exofs_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 18/38] orangefs: Define usercopy region in orangefs_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 19/38] ufs: Define usercopy region in ufs_inode_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 20/38] vxfs: Define usercopy region in vxfs_inode slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 21/38] cifs: Define usercopy region in cifs_request slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 22/38] scsi: Define usercopy region in scsi_sense_cache slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 23/38] net: Define usercopy region in struct proto slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 24/38] ip: Define usercopy region in IP proto slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 25/38] caif: Define usercopy region in caif proto slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 26/38] sctp: Define usercopy region in SCTP proto slab cache · Kees Cook <hidden> · 2018-01-11
[PATCH 27/38] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() · Kees Cook <hidden> · 2018-01-11
Re: [PATCH 27/38] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() · Laura Abbott <hidden> · 2018-01-18
Re: [PATCH 27/38] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() · Kees Cook <hidden> · 2018-01-18
[PATCH 28/38] net: Restrict unwhitelisted proto caches to size 0 · Kees Cook <hidden> · 2018-01-11
[PATCH 29/38] fork: Define usercopy region in mm_struct slab caches · Kees Cook <hidden> · 2018-01-11
[PATCH 30/38] fork: Define usercopy region in thread_stack slab caches · Kees Cook <hidden> · 2018-01-11
[PATCH 31/38] fork: Provide usercopy whitelisting for task_struct · Kees Cook <hidden> · 2018-01-11
[PATCH 32/38] x86: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2018-01-11
[PATCH 33/38] arm64: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2018-01-11
Re: [PATCH 33/38] arm64: Implement thread_struct whitelist for hardened usercopy · Dave P Martin <Dave.Martin@arm.com> · 2018-01-15
Re: [PATCH 33/38] arm64: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2018-01-15
Re: [PATCH 33/38] arm64: Implement thread_struct whitelist for hardened usercopy · Dave Martin <Dave.Martin@arm.com> · 2018-01-16
[PATCH 34/38] arm: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2018-01-11
Re: [PATCH 34/38] arm: Implement thread_struct whitelist for hardened usercopy · Russell King - ARM Linux <linux@armlinux.org.uk> · 2018-01-11
Re: [PATCH 34/38] arm: Implement thread_struct whitelist for hardened usercopy · Kees Cook <hidden> · 2018-01-11
[PATCH 35/38] kvm: whitelist struct kvm_vcpu_arch · Kees Cook <hidden> · 2018-01-11
[PATCH 36/38] kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl · Kees Cook <hidden> · 2018-01-11
[PATCH 37/38] usercopy: Restrict non-usercopy caches to size 0 · Kees Cook <hidden> · 2018-01-11
[PATCH 38/38] lkdtm: Update usercopy tests for whitelisting · Kees Cook <hidden> · 2018-01-11

From: Russell King - ARM Linux <linux@armlinux.org.uk>
Date: 2018-01-11 10:24:00
Also in: linux-arch, linux-arm-kernel, linux-fsdevel, linux-mm, lkml

On Wed, Jan 10, 2018 at 06:03:06PM -0800, Kees Cook wrote:

ARM does not carry FPU state in the thread structure, so it can declare
no usercopy whitelist at all.

This comment seems to be misleading.  We have stored FP state in the
thread structure for a long time - for example, VFP state is stored
in thread->vfpstate.hard, so we _do_ have floating point state in
the thread structure.

What I think this commit message needs to describe is why we don't
need a whitelist _despite_ having FP state in the thread structure.

At the moment, the commit message is making me think that this patch
is wrong and will introduce a regression.

Thanks.

quoted hunk ↗ jump to hunk

Cc: Russell King <linux@armlinux.org.uk>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Christian Borntraeger <redacted>
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Kees Cook <redacted>
---
 arch/arm/Kconfig                 | 1 +
 arch/arm/include/asm/processor.h | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 51c8df561077..3ea00d65f35d 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig

@@ -50,6 +50,7 @@ config ARM
 	select HAVE_ARCH_KGDB if !CPU_ENDIAN_BE32 && MMU
 	select HAVE_ARCH_MMAP_RND_BITS if MMU
 	select HAVE_ARCH_SECCOMP_FILTER if (AEABI && !OABI_COMPAT)
+	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
 	select HAVE_ARCH_TRACEHOOK
 	select HAVE_ARM_SMCCC if CPU_V7
 	select HAVE_EBPF_JIT if !CPU_ENDIAN_BE32

diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h
index 338cbe0a18ef..01a41be58d43 100644
--- a/arch/arm/include/asm/processor.h
+++ b/arch/arm/include/asm/processor.h

@@ -45,6 +45,13 @@ struct thread_struct {
 	struct debug_info	debug;
 };
 
+/* Nothing needs to be usercopy-whitelisted from thread_struct. */
+static inline void arch_thread_struct_whitelist(unsigned long *offset,
+						unsigned long *size)
+{
+	*offset = *size = 0;
+}
+
 #define INIT_THREAD  {	}
 
 #define start_thread(regs,pc,sp)					\

-- 
2.7.4

-- 
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 8.8Mbps down 630kbps up
According to speedtest.net: 8.21Mbps down 510kbps up

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help