From patchwork Thu Jun 16 23:36:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Valdis_Kl_=C4=93_tnieks?= X-Patchwork-Id: 9181869 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6A1EA60573 for ; Thu, 16 Jun 2016 23:37:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5814C28308 for ; Thu, 16 Jun 2016 23:37:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 48F192838D; Thu, 16 Jun 2016 23:37:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 7B6F428308 for ; Thu, 16 Jun 2016 23:37:25 +0000 (UTC) Received: (qmail 18196 invoked by uid 550); 16 Jun 2016 23:37:23 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: kernel-hardening@lists.openwall.com Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 18172 invoked from network); 16 Jun 2016 23:37:23 -0000 X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6+dev To: Kees Cook Cc: "kernel-hardening@lists.openwall.com" , Brad Spengler , PaX Team , Casey Schaufler , Rik van Riel , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton From: Valdis.Kletnieks@vt.edu In-Reply-To: References: <1465420302-23754-1-git-send-email-keescook@chromium.org> <9020.1466040627@turing-police.cc.vt.edu> Mime-Version: 1.0 Date: Thu, 16 Jun 2016 19:36:52 -0400 Message-ID: <16741.1466120212@turing-police.cc.vt.edu> Subject: Re: [kernel-hardening] [RFC][PATCH v2 0/4] mm: Hardened usercopy X-Virus-Scanned: ClamAV using ClamSMTP On Wed, 15 Jun 2016 18:38:31 -0700, Kees Cook said: > On Wed, Jun 15, 2016 at 6:30 PM, wrote: > > So I guess you can stick a: > > > > Tested-By: Valdis Kletnieks > > > > on that patch set. :) > > Awesome, thanks! It's good to know the system operated normally up > until that point. I'm glad to have lots of people testing. Following up - I did a BFI patch against the NVidia driver that basically tagged all its memory allocations as USERCOPY, and the resulting kernel has gotten up to multiuser and XOrg. Been up for a half hour doing my usual stuff on the laptop, and no usercopy whines. Workload: email, pidgin IM, Google Chrome with some 30 tabs, some streaming audio. Plenty of room for corner cases still lurking, but all the basic stuff is working. I may whomp on it with trinity for a while, see if anything falls out... Today's surprise: VirtualBox 5.0.22 was released - and it was able to boot a Windows 7 image to the desktop without complaint. Something still wonky there, as it gets unstable at some point, but given the lack of dmesg entries, I suspect it's a linux-next regression rather than a usercopy issue. Will debug more later tonight. NVidia patch attached as guidance to what's needed for anybody else who's facing patching an out-of-tree module. --- nvidia-uvm/uvm_linux.h.dist 2016-06-16 04:54:42.573247324 -0400 +++ nvidia-uvm/uvm_linux.h 2016-06-16 17:23:29.863108182 -0400 @@ -185,7 +185,11 @@ #define __GFP_NORETRY 0 #endif -#define NV_UVM_GFP_FLAGS (GFP_KERNEL | __GFP_NORETRY) +#if !defined(__GFP_USERCOPY) +#define __GFP_USERCOPY 0 +#endif + +#define NV_UVM_GFP_FLAGS (GFP_KERNEL | __GFP_NORETRY | __GFP_USERCOPY) #if defined(NV_VM_INSERT_PAGE_PRESENT) #define NV_VM_INSERT_PAGE(vma, addr, page) \ --- nvidia/nv-vm.c.dist 2016-06-09 20:37:13.000000000 -0400 +++ nvidia/nv-vm.c 2016-06-16 17:32:51.357212907 -0400 @@ -265,6 +265,9 @@ if (at->flags & NV_ALLOC_TYPE_ZEROED) gfp_mask |= __GFP_ZERO; #endif +#if defined(__GPF_USERCOPY) + gfp_mask |= __GFP_USERCOPY; +#endif return gfp_mask; } --- common/inc/nv-linux.h.dist 2016-06-16 04:49:57.775133204 -0400 +++ common/inc/nv-linux.h 2016-06-16 18:36:13.760153738 -0400 @@ -412,12 +412,16 @@ #define __GFP_COMP 0 #endif +#if !defined(GFP_USERCOPY) +#define GPF_USERCOPY 0 +#endif + #if !defined(DEBUG) && defined(__GFP_NOWARN) -#define NV_GFP_KERNEL (GFP_KERNEL | __GFP_NOWARN) -#define NV_GFP_ATOMIC (GFP_ATOMIC | __GFP_NOWARN) +#define NV_GFP_KERNEL (GFP_KERNEL | __GFP_NOWARN | GFP_USERCOPY) +#define NV_GFP_ATOMIC (GFP_ATOMIC | __GFP_NOWARN | GFP_USERCOPY) #else -#define NV_GFP_KERNEL (GFP_KERNEL) -#define NV_GFP_ATOMIC (GFP_ATOMIC) +#define NV_GFP_KERNEL (GFP_KERNEL | GFP_USERCOPY) +#define NV_GFP_ATOMIC (GFP_ATOMIC | GFP_USERCOPY) #endif #if defined(GFP_DMA32) @@ -427,9 +431,9 @@ * such as Linux/x86-64; the alternative is to use an IOMMU such * as the one implemented with the K8 GART, if available. */ -#define NV_GFP_DMA32 (NV_GFP_KERNEL | GFP_DMA32) +#define NV_GFP_DMA32 (NV_GFP_KERNEL | GFP_DMA32 | GFP_USERCOPY) #else -#define NV_GFP_DMA32 (NV_GFP_KERNEL) +#define NV_GFP_DMA32 (NV_GFP_KERNEL | GFP_USERCOPY) #endif #if defined(NVCPU_X86) || defined(NVCPU_X86_64) @@ -1307,8 +1311,12 @@ kmem_cache_create(name, size, align, flags, ctor, NULL) #endif +#if !defined(SLAB_USERCOPY) +#define SLAB_USERCOPY 0 +#endif + #define NV_KMEM_CACHE_CREATE(name, type) \ - NV_KMEM_CACHE_CREATE_FULL(name, sizeof(type), 0, 0, NULL) + NV_KMEM_CACHE_CREATE_FULL(name, sizeof(type), 0, SLAB_USERCOPY, NULL) #define NV_KMEM_CACHE_DESTROY(kmem_cache) \ kmem_cache_destroy(kmem_cache)