From patchwork Mon Jun 19 23:36:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9798037 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1BFBC60381 for ; Mon, 19 Jun 2017 23:37:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 18B0026C9B for ; Mon, 19 Jun 2017 23:37:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0D51627F92; Mon, 19 Jun 2017 23:37:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 8501D26C9B for ; Mon, 19 Jun 2017 23:37:25 +0000 (UTC) Received: (qmail 12065 invoked by uid 550); 19 Jun 2017 23:37:08 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11491 invoked from network); 19 Jun 2017 23:36:59 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=32ICfrPnAMJcqBQTjAzM1Od0YcnpfLp2Ev8Snq8RtpE=; b=LKoFdUYZu+LHu93/6fkTp34MrGUvbkjueXailDms/MQsExyEM9gY+rN3CuLug2QrNm UWknAwDb5rEXExgg92VlqXyqEGWaysXxRHXp9hd2ZdEgyCRAJlWQ1z5cBLIJ9+fMxjRu HOVqmo+AKJQVX60XatT1nwRm3bbeJT7tti2aY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=32ICfrPnAMJcqBQTjAzM1Od0YcnpfLp2Ev8Snq8RtpE=; b=TV+pDOzn86uDA6b7RROJ/z4bNlM9BY5eaQ9kXyFASEOXuLFUBf1D3xWZlR7fyCLoWw vw/fOOrvTWWpYhTY9/inOoAUKZHeeTCwMtLaXzuVgJ2O6zWL3q33P2oZ8ShcsjZirF9J WU+Z816N0eJSN10fJ0D4V+JSdG/0LFzxAjmCJG7R38tQmCEg0QRlDdQyST6PxWB54Mku eP6peVtTbrWUV1FBnl5D/44BS2TKsgKv8VFcYwlV7Un6zwieFd8chb3V3TKY6p2lIhjU q/B6PgLZO2TUG7V/0cqxQppAJiu6wCHGr0HvCM5kvWlIamcoL1R73ljdLIBcslRO3Dr9 onhQ== X-Gm-Message-State: AKS2vOxIV4jBvz6xXuwGv9VO/qZReYxaT+VwPglaHVbFNibo4O0JebKn 9XvBLmJFvLWhB+hD X-Received: by 10.99.96.132 with SMTP id u126mr28210225pgb.121.1497915407444; Mon, 19 Jun 2017 16:36:47 -0700 (PDT) From: Kees Cook To: kernel-hardening@lists.openwall.com Cc: Kees Cook , David Windsor , linux-mm@kvack.org, linux-kernel@vger.kernel.org Date: Mon, 19 Jun 2017 16:36:17 -0700 Message-Id: <1497915397-93805-4-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1497915397-93805-1-git-send-email-keescook@chromium.org> References: <1497915397-93805-1-git-send-email-keescook@chromium.org> Subject: [kernel-hardening] [PATCH 03/23] vfs: define usercopy region in names_cache slab caches X-Virus-Scanned: ClamAV using ClamSMTP From: David Windsor vfs pathnames stored internally in inodes and contained in the names_cache slab cache need to be copied to/from userspace. In support of usercopy hardening, this patch defines the entire cache object in the names_cache slab cache as whitelisted, since it holds name strings to be copied to userspace. This patch is verbatim from Brad Spengler/PaX Team's PAX_USERCOPY whitelisting code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: David Windsor [kees: adjust commit log] Signed-off-by: Kees Cook --- fs/dcache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index cddf39777835..f7f3c4114baa 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -3616,8 +3616,8 @@ void __init vfs_caches_init_early(void) void __init vfs_caches_init(void) { - names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); + names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0, + SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL); dcache_init(); inode_init();