From patchwork Mon Jun 19 23:36:25 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 9798055
Return-Path: 
 <kernel-hardening-return-8655-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	013E160381 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 19 Jun 2017 23:38:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F1D8D26C9B
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 19 Jun 2017 23:38:46 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E5E7A27DCD; Mon, 19 Jun 2017 23:38:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED, T_DKIM_INVALID,
	URIBL_BLACK autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 8C6CD27861
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 19 Jun 2017 23:38:45 +0000 (UTC)
Received: (qmail 14333 invoked by uid 550); 19 Jun 2017 23:37:23 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 11751 invoked from network); 19 Jun 2017 23:37:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=chromium.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=l7CFwWr50mnqJcX99pPbnFzUubHxP5q3B+rjU++xKJI=;
	b=ZfqIAyzJHepvB1pP5HhMWiarJUeDN4q9TBZJGeLMl69M2jv+BGZuHu/zoKoCIo0JZJ
	nfyWvpnc6mdbhq9ODJjcBCznFuA2SCjSLPOj/x1h20DgmHspy9qv/tfaYZlFkevjdFyz
	hOuTuJBz15wPDIlqLY/p9ZBOi6qI3QwOUzh1I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=l7CFwWr50mnqJcX99pPbnFzUubHxP5q3B+rjU++xKJI=;
	b=hTo/HlxA+mw52Agzu81O2uoehLeRo6CpkmbPoqkailUomADzzEJTNbiD+2ertPd+fg
	rGwckSb8BzMmMMjRkW6WQCJQHD5MDTKw/cCHUPi6FxZdt9/rvzPq+WgkkUvdZ2fm3ssB
	PLs8/I6baUbMiAG2rLgSPciUG26ciyb/ZGzC02Ld+7uMp9MVffS4FqEQ3lwiUQy2RwiP
	KUXyn/BmqTfC+EUmiYqIIjI9NyutKE8sPdExv25mEVdJPJmjT61t1bFm9LgQhCowoLnx
	vVsgIWjkfQZeMVO3Wfy7Bk/Hel6H+AhsYE7rMzXaMoF9MC83jkQnoVr2tZnAaPKHJnlH
	akMw==
X-Gm-Message-State: AKS2vOyDzXuLfjPHXHanVbm89VwlfDYyCDd23UHfJ07cXN4BupWOIZjE
	rbNXba5Myw0JBgUA
X-Received: by 10.99.123.81 with SMTP id k17mr20635710pgn.71.1497915412591;
	Mon, 19 Jun 2017 16:36:52 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>, David Windsor <dave@nullcore.net>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Date: Mon, 19 Jun 2017 16:36:25 -0700
Message-Id: <1497915397-93805-12-git-send-email-keescook@chromium.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1497915397-93805-1-git-send-email-keescook@chromium.org>
References: <1497915397-93805-1-git-send-email-keescook@chromium.org>
Subject: [kernel-hardening] [PATCH 11/23] jfs: define usercopy region in
	jfs_ip slab cache
X-Virus-Scanned: ClamAV using ClamSMTP

From: David Windsor <dave@nullcore.net>

The jfs symlink pathnames, stored in struct jfs_inode_info.i_inline
and therefore contained in the jfs_ip slab cache, need to be copied to/from
userspace.

In support of usercopy hardening, this patch defines a region in
the jfs_ip slab cache in which userspace copy operations
are allowed.

This region is known as the slab cache's usercopy region.  Slab
caches can now check that each copy operation involving cache-managed
memory falls entirely within the slab's usercopy region.

This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.

Signed-off-by: David Windsor <dave@nullcore.net>
[kees: adjust commit log]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 fs/jfs/super.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/jfs/super.c b/fs/jfs/super.c
index e8aad7d87b8c..10b958f49f57 100644
--- a/fs/jfs/super.c
+++ b/fs/jfs/super.c
@@ -972,9 +972,11 @@ static int __init init_jfs_fs(void)
 	int rc;
 
 	jfs_inode_cachep =
-	    kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0,
-			    SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD|SLAB_ACCOUNT,
-			    init_once);
+	    kmem_cache_create_usercopy("jfs_ip", sizeof(struct jfs_inode_info),
+			0, SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD|SLAB_ACCOUNT,
+			offsetof(struct jfs_inode_info, i_inline),
+			sizeof_field(struct jfs_inode_info, i_inline),
+			init_once);
 	if (jfs_inode_cachep == NULL)
 		return -ENOMEM;