From patchwork Mon Jun 19 23:36:19 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 9798049
Return-Path: 
 <kernel-hardening-return-8650-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	3E49F60381 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 19 Jun 2017 23:38:40 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A9D726C9B
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 19 Jun 2017 23:38:40 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2F9D727F92; Mon, 19 Jun 2017 23:38:40 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED, T_DKIM_INVALID,
	URIBL_BLACK autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 9EACC26C9B
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Mon, 19 Jun 2017 23:38:32 +0000 (UTC)
Received: (qmail 13713 invoked by uid 550); 19 Jun 2017 23:37:16 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 11544 invoked from network); 19 Jun 2017 23:37:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=chromium.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=odQGChsNub88PQ06AUXUa+offH/b/GStzEMa537P5uA=;
	b=NQQq833xhk07PwTWDMtw+9TkqyJJw8kjqj09nTrpo9HcF5wCs8YX+v8JMHijTogFL8
	nDZ2CN8UfSVNorog6+zeghgycC268/B/NwI2tCuIOkoJxUG3wG5Ty1BjNmWAeaS4rdtr
	X3r7737Fe7zgdrqV8wK0y9Ax+XR/2Lk/w96D4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=odQGChsNub88PQ06AUXUa+offH/b/GStzEMa537P5uA=;
	b=E2wv3w4Zfvk4/iv/AHVjPzztf5PCMC1bZGNaZM0xS6H3Z1+dAvJw+aIyt0ALhhUYi9
	dlKrg9Atk0eWwuP6lWO17Cxy/vsvydIMZwD8AC86PsMAEPDVRGWOCpR5dxHnwiBPO6ko
	QxqXszcN9FOirCwV3G1/tXlBwJX4B82a5c/ue9Qbyr+ujR5uGMJyuPeUTbxOKE2UYAVV
	zBHx8/xW2cJdhm1h6nr63eUXIqS3ZsbubRT3aI6YCI5zEHU6+dULL+aHSGfUqEt0SRgs
	qCzpQxPe9CmniGFmsgphFwJFftF+nh8pNgRIqdveTMe7uJ8Izv3roXxrc5nKPMFPEsNi
	1BuQ==
X-Gm-Message-State: AKS2vOyVzMvzDRbTV48lpxMu+0EubcJMR9QcJCkAOZo1lTbznC/pCRKT
	GN1SWX+yOtnkAzmv
X-Received: by 10.84.218.8 with SMTP id q8mr9409636pli.59.1497915409078;
	Mon, 19 Jun 2017 16:36:49 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>, David Windsor <dave@nullcore.net>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Date: Mon, 19 Jun 2017 16:36:19 -0700
Message-Id: <1497915397-93805-6-git-send-email-keescook@chromium.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1497915397-93805-1-git-send-email-keescook@chromium.org>
References: <1497915397-93805-1-git-send-email-keescook@chromium.org>
Subject: [kernel-hardening] [PATCH 05/23] befs: define usercopy region in
	befs_inode_cache slab cache
X-Virus-Scanned: ClamAV using ClamSMTP

From: David Windsor <dave@nullcore.net>

The befs symlink pathnames, stored in struct befs_inode_info.i_data.symlink
and therefore contained in the befs_inode_cache slab cache, need to be
copied to/from userspace.

In support of usercopy hardening, this patch defines a region in
the befs_inode_cache slab cache in which userspace copy operations
are allowed.

This region is known as the slab cache's usercopy region.  Slab
caches can now check that each copy operation involving cache-managed
memory falls entirely within the slab's usercopy region.

This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.

Signed-off-by: David Windsor <dave@nullcore.net>
[kees: adjust commit log]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 fs/befs/linuxvfs.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
index 63e7c4760bfb..893607591805 100644
--- a/fs/befs/linuxvfs.c
+++ b/fs/befs/linuxvfs.c
@@ -442,11 +442,15 @@ static struct inode *befs_iget(struct super_block *sb, unsigned long ino)
 static int __init
 befs_init_inodecache(void)
 {
-	befs_inode_cachep = kmem_cache_create("befs_inode_cache",
-					      sizeof (struct befs_inode_info),
-					      0, (SLAB_RECLAIM_ACCOUNT|
-						SLAB_MEM_SPREAD|SLAB_ACCOUNT),
-					      init_once);
+	befs_inode_cachep = kmem_cache_create_usercopy("befs_inode_cache",
+				sizeof(struct befs_inode_info), 0,
+				(SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD|
+					SLAB_ACCOUNT),
+				offsetof(struct befs_inode_info,
+					i_data.symlink),
+				sizeof_field(struct befs_inode_info,
+					i_data.symlink),
+				init_once);
 	if (befs_inode_cachep == NULL)
 		return -ENOMEM;