system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-20 11:07:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers
History
Linus Torvalds 617aebe6a9 Currently, hardened usercopy performs dynamic bounds checking on slab 
cache objects. This is good, but still leaves a lot of kernel memory
 available to be copied to/from userspace in the face of bugs. To further
 restrict what memory is available for copying, this creates a way to
 whitelist specific areas of a given slab cache object for copying to/from
 userspace, allowing much finer granularity of access control. Slab caches
 that are never exposed to userspace can declare no whitelist for their
 objects, thereby keeping them unavailable to userspace via dynamic copy
 operations. (Note, an implicit form of whitelisting is the use of constant
 sizes in usercopy operations and get_user()/put_user(); these bypass all
 hardened usercopy checks since these sizes cannot change at runtime.)
 
 This new check is WARN-by-default, so any mistakes can be found over the
 next several releases without breaking anyone's system.
 
 The series has roughly the following sections:
 - remove %p and improve reporting with offset
 - prepare infrastructure and whitelist kmalloc
 - update VFS subsystem with whitelists
 - update SCSI subsystem with whitelists
 - update network subsystem with whitelists
 - update process memory with whitelists
 - update per-architecture thread_struct with whitelists
 - update KVM with whitelists and fix ioctl bug
 - mark all other allocations as not whitelisted
 - update lkdtm for more sensible test overage
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 Comment: Kees Cook <kees@outflux.net>
 
 iQIcBAABCgAGBQJabvleAAoJEIly9N/cbcAmO1kQAJnjVPutnLSbnUteZxtsv7W4
 43Cggvokfxr6l08Yh3hUowNxZVKjhF9uwMVgRRg9Nl5WdYCN+vCQbHz+ZdzGJXKq
 cGqdKWgexMKX+aBdNDrK7BphUeD46sH7JWR+a/lDV/BgPxBCm9i5ZZCgXbPP89AZ
 NpLBji7gz49wMsnm/x135xtNlZ3dG0oKETzi7MiR+NtKtUGvoIszSKy5JdPZ4m8q
 9fnXmHqmwM6uQFuzDJPt1o+D1fusTuYnjI7EgyrJRRhQ+BB3qEFZApXnKNDRS9Dm
 uB7jtcwefJCjlZVCf2+PWTOEifH2WFZXLPFlC8f44jK6iRW2Nc+wVRisJ3vSNBG1
 gaRUe/FSge68eyfQj5OFiwM/2099MNkKdZ0fSOjEBeubQpiFChjgWgcOXa5Bhlrr
 C4CIhFV2qg/tOuHDAF+Q5S96oZkaTy5qcEEwhBSW15ySDUaRWFSrtboNt6ZVOhug
 d8JJvDCQWoNu1IQozcbv6xW/Rk7miy8c0INZ4q33YUvIZpH862+vgDWfTJ73Zy9H
 jR/8eG6t3kFHKS1vWdKZzOX1bEcnd02CGElFnFYUEewKoV7ZeeLsYX7zodyUAKyi
 Yp5CImsDbWWTsptBg6h9nt2TseXTxYCt2bbmpJcqzsqSCUwOQNQ4/YpuzLeG0ihc
 JgOmUnQNJWCTwUUw5AS1
 =tzmJ
 -----END PGP SIGNATURE-----

Merge tag 'usercopy-v4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardened usercopy whitelisting from Kees Cook:
 "Currently, hardened usercopy performs dynamic bounds checking on slab
  cache objects. This is good, but still leaves a lot of kernel memory
  available to be copied to/from userspace in the face of bugs.

  To further restrict what memory is available for copying, this creates
  a way to whitelist specific areas of a given slab cache object for
  copying to/from userspace, allowing much finer granularity of access
  control.

  Slab caches that are never exposed to userspace can declare no
  whitelist for their objects, thereby keeping them unavailable to
  userspace via dynamic copy operations. (Note, an implicit form of
  whitelisting is the use of constant sizes in usercopy operations and
  get_user()/put_user(); these bypass all hardened usercopy checks since
  these sizes cannot change at runtime.)

  This new check is WARN-by-default, so any mistakes can be found over
  the next several releases without breaking anyone's system.

  The series has roughly the following sections:
   - remove %p and improve reporting with offset
   - prepare infrastructure and whitelist kmalloc
   - update VFS subsystem with whitelists
   - update SCSI subsystem with whitelists
   - update network subsystem with whitelists
   - update process memory with whitelists
   - update per-architecture thread_struct with whitelists
   - update KVM with whitelists and fix ioctl bug
   - mark all other allocations as not whitelisted
   - update lkdtm for more sensible test overage"

* tag 'usercopy-v4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (38 commits)
  lkdtm: Update usercopy tests for whitelisting
  usercopy: Restrict non-usercopy caches to size 0
  kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
  kvm: whitelist struct kvm_vcpu_arch
  arm: Implement thread_struct whitelist for hardened usercopy
  arm64: Implement thread_struct whitelist for hardened usercopy
  x86: Implement thread_struct whitelist for hardened usercopy
  fork: Provide usercopy whitelisting for task_struct
  fork: Define usercopy region in thread_stack slab caches
  fork: Define usercopy region in mm_struct slab caches
  net: Restrict unwhitelisted proto caches to size 0
  sctp: Copy struct sctp_sock.autoclose to userspace using put_user()
  sctp: Define usercopy region in SCTP proto slab cache
  caif: Define usercopy region in caif proto slab cache
  ip: Define usercopy region in IP proto slab cache
  net: Define usercopy region in struct proto slab cache
  scsi: Define usercopy region in scsi_sense_cache slab cache
  cifs: Define usercopy region in cifs_request slab cache
  vxfs: Define usercopy region in vxfs_inode slab cache
  ufs: Define usercopy region in ufs_inode_cache slab cache
  ...
2018-02-03 16:25:42 -08:00
..
accessibility
acpi Driver Core updates for 4.16-rc1 2018-02-01 10:00:28 -08:00
amba
android Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
ata Merge branch 'for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2018-01-30 14:48:30 -08:00
atm
auxdisplay
base drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-19 22:59:33 -05:00
block Merge branch 'work.sock_recvmsg' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-30 18:59:03 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
bus ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
cdrom
char drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
clk The core framework has a handful of patches this time around, mostly due 2018-02-01 16:56:07 -08:00
clocksource
connector
cpufreq
cpuidle powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-31 14:22:45 -08:00
dax
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-02-02 09:50:51 -08:00
dma-buf drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
edac
eisa EISA: Delete error message for a failed memory allocation in eisa_probe() 2018-01-23 09:04:10 +01:00
extcon
firewire IEEE 1394 subsystem patches: 2018-02-02 14:57:44 -08:00
firmware Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2018-02-03 13:46:14 -08:00
fmc
fpga
fsi
gpio This is the bulk of pin control changes for the v4.16 kernel cycle: 2018-02-02 14:22:53 -08:00
gpu drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2018-01-31 13:00:01 -08:00
hsi HSI changes for the v4.16 series 2018-01-31 12:54:05 -08:00
hv Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
hwmon hwmon: (dell-smm) Disable fan support for Dell Vostro 3360 2018-01-27 09:34:22 -08:00
hwspinlock
hwtracing Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
i2c ARM: SoC platform updates for 4.16 2018-02-01 16:17:40 -08:00
ide ide: remove duplicated assignment to 'cursg' 2018-01-29 15:01:09 -05:00
idle
iio Staging/IIO patches for 4.16-rc1 2018-02-01 09:51:57 -08:00
infiniband Merge branch 'akpm' (patches from Andrew) 2018-01-31 18:46:22 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-02-01 10:49:58 -08:00
iommu ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
ipack
irqchip arm64 updates for 4.16: 2018-01-30 13:57:43 -08:00
isdn Merge branch 'work.sock_recvmsg' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-30 18:59:03 -08:00
leds LED updates for 4.16-rc1 2018-01-31 12:22:41 -08:00
lightnvm
macintosh powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
mailbox
mcb
md - DM core fixes to ensure that bio submission follows a depth-first tree 2018-01-31 11:05:47 -08:00
media drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
memory ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
memstick
message
mfd regmap: Updates for v4.16 2018-01-29 11:35:24 -08:00
misc Currently, hardened usercopy performs dynamic bounds checking on slab 2018-02-03 16:25:42 -08:00
mmc There are two major achievements for MMC in this release, which deserves to be 2018-01-29 11:26:11 -08:00
mtd dma mapping changes for Linux 4.16: 2018-01-31 11:32:27 -08:00
mux Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-03 13:16:55 -08:00
nfc
ntb
nubus
nvdimm
nvme Driver Core updates for 4.16-rc1 2018-02-01 10:00:28 -08:00
nvmem
of ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
opp
oprofile
parisc
parport
pci powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
pcmcia
perf
phy USB/PHY updates for 4.16-rc1 2018-02-01 09:40:49 -08:00
pinctrl This is the bulk of pin control changes for the v4.16 kernel cycle: 2018-02-02 14:22:53 -08:00
platform Driver Core updates for 4.16-rc1 2018-02-01 10:00:28 -08:00
pnp
power power supply and reset changes for the v4.16 series 2018-01-31 12:55:31 -08:00
powercap
pps
ps3
ptp
pwm
rapidio
ras mm/memory_failure: Remove unused trapno from memory_failure 2018-01-23 12:17:42 -06:00
regulator Merge remote-tracking branch 'regulator/topic/tps65218' into regulator-next 2018-01-26 17:57:05 +00:00
remoteproc
reset
rpmsg
rtc RTC for 4.16 2018-02-02 14:19:19 -08:00
s390 Driver Core updates for 4.16-rc1 2018-02-01 10:00:28 -08:00
sbus oradax: Fix return value check in dax_attach() 2018-01-29 14:28:48 -05:00
scsi Currently, hardened usercopy performs dynamic bounds checking on slab 2018-02-03 16:25:42 -08:00
sfi
sh
siox
slimbus
sn
soc ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
soundwire soundwire: Fix a signedness bug 2018-01-22 16:45:26 +01:00
spi Merge remote-tracking branch 'spi/topic/xilinx' into spi-next 2018-01-26 17:57:34 +00:00
spmi
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-19 22:59:33 -05:00
staging drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
target Merge branch 'for-4.16/block' of git://git.kernel.dk/linux-block 2018-01-29 11:51:49 -08:00
tc
tee
thermal Driver Core updates for 4.16-rc1 2018-02-01 10:00:28 -08:00
thunderbolt
tty Driver Core updates for 4.16-rc1 2018-02-01 10:00:28 -08:00
uio Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
usb Driver Core updates for 4.16-rc1 2018-02-01 10:00:28 -08:00
uwb
vfio VFIO updates for v4.16-rc1 2018-02-01 13:18:25 -08:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
video drm/graphics pull request for v4.16-rc1 2018-02-01 17:48:47 -08:00
virt Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
virtio
visorbus
vlynq
vme
w1 Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
watchdog
xen dma mapping changes for Linux 4.16: 2018-01-31 11:32:27 -08:00
zorro
Kconfig Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
Makefile Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00