Hi, This is my next pull request for v4.8, which introduces a kernel self protection of copy_to_user/copy_from_user that has been under review and test on the kernel-hardening list for a while. It has lived for a bit in -next, and appears to be ready IMO. There will be more improvements in the future, but this is a solid start.
Again, if I can improve these pull request emails in any way, please let me know. :) Thanks! -Kees The following changes since commit 523d939ef98fd712632d93a5a2b588e477a7565e: Linux 4.7 (2016-07-24 12:23:50 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/usercopy-v4.8 for you to fetch changes up to ed18adc1cdd00a5c55a20fbdaed4804660772281: mm: SLUB hardened usercopy support (2016-07-26 14:43:54 -0700) ---------------------------------------------------------------- Implements HARDENED_USERCOPY verification of copy_to_user/copy_from_user bounds checking for most architectures on SLAB and SLUB. ---------------------------------------------------------------- Kees Cook (11): mm: Implement stack frame object validation mm: Hardened usercopy x86/uaccess: Enable hardened usercopy ARM: uaccess: Enable hardened usercopy arm64/uaccess: Enable hardened usercopy ia64/uaccess: Enable hardened usercopy powerpc/uaccess: Enable hardened usercopy sparc/uaccess: Enable hardened usercopy s390/uaccess: Enable hardened usercopy mm: SLAB hardened usercopy support mm: SLUB hardened usercopy support Laura Abbott (1): mm: Add is_migrate_cma_page arch/Kconfig | 9 ++ arch/arm/Kconfig | 1 + arch/arm/include/asm/uaccess.h | 11 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/uaccess.h | 29 +++- arch/arm64/kernel/arm64ksyms.c | 4 +- arch/arm64/lib/copy_from_user.S | 4 +- arch/arm64/lib/copy_to_user.S | 4 +- arch/ia64/Kconfig | 1 + arch/ia64/include/asm/uaccess.h | 18 ++- arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/uaccess.h | 21 ++- arch/s390/Kconfig | 1 + arch/s390/lib/uaccess.c | 2 + arch/sparc/Kconfig | 1 + arch/sparc/include/asm/uaccess_32.h | 14 +- arch/sparc/include/asm/uaccess_64.h | 11 +- arch/x86/Kconfig | 2 + arch/x86/include/asm/thread_info.h | 44 ++++++ arch/x86/include/asm/uaccess.h | 10 +- arch/x86/include/asm/uaccess_32.h | 2 + arch/x86/include/asm/uaccess_64.h | 2 + include/linux/mmzone.h | 2 + include/linux/slab.h | 12 ++ include/linux/thread_info.h | 24 ++++ init/Kconfig | 2 + mm/Makefile | 4 + mm/slab.c | 30 ++++ mm/slub.c | 40 ++++++ mm/usercopy.c | 268 ++++++++++++++++++++++++++++++++++++ security/Kconfig | 28 ++++ 31 files changed, 573 insertions(+), 30 deletions(-) create mode 100644 mm/usercopy.c -- Kees Cook Brillo & Chrome OS Security