Re: crypto: Kernel memory overwrite attempt detected to spans multiple pages

2019-04-11 Thread Kees Cook 
On Thu, Apr 11, 2019 at 12:26 PM Eric Biggers  wrote:
> Well, I guess I'll just add __GFP_COMP so I at least don't get spammed with
> useless bug reports.

Thanks, I appreciate it.

> But I don't think it's in any way acceptable to change the semantics of the
> kernel's page allocator but only under some obscure config option, don't
> document it anywhere, ignore the known problems for years, say that the option
> is broken anyway so it shouldn't be used, and have to exchange 15 emails to 
> get
> anything resembling an explanation.

I understand what you mean, yeah. I'm sorry I wasn't clear about it
earlier. What do you think might help the situation as far as
documentation?

-- 
Kees Cook

Re: crypto: Kernel memory overwrite attempt detected to spans multiple pages

2019-04-10 Thread Rik van Riel 
On Wed, 2019-04-10 at 16:11 -0700, Eric Biggers wrote:

> You've explained *what* it does again, but not *why*.  *Why* do you
> want
> hardened usercopy to detect copies across page boundaries, when there
> is no
> actual buffer overflow?

When some subsystem in the kernel allocates multiple
pages without _GFP_COMP, there is no way afterwards
to detect exactly how many pages it allocated.

In other words, there is no way to see how large the
buffer is, nor whether the copy operation in question
would overflow it.

-- 
All Rights Reversed.


signature.asc
Description: This is a digitally signed message part

Re: crypto: Kernel memory overwrite attempt detected to spans multiple pages

2019-03-21 Thread Kees Cook 
On Wed, Mar 20, 2019 at 11:57 AM Eric Biggers  wrote:
>
> On Tue, Mar 19, 2019 at 10:09:13AM -0700, Eric Biggers wrote:
> > On Tue, Mar 19, 2019 at 12:54:23PM +0100, Geert Uytterhoeven wrote:
> > > When running the sha1-asm crypto selftest on arm with
> > > CONFIG_HARDENED_USERCOPY_PAGESPAN=y:
> > >
> > > usercopy: Kernel memory overwrite attempt detected to spans
> > > multiple pages (offset 0, size 42)!
> > > [ cut here ]
> > > kernel BUG at mm/usercopy.c:102!
> > > Internal error: Oops - BUG: 0 [#1] SMP ARM
> > > Modules linked in:
> > > CPU: 0 PID: 35 Comm: cryptomgr_test Not tainted
> > > 5.1.0-rc1-koelsch-01109-gbeb7d6376ecfbf07-dirty #397
> > > Hardware name: Generic R-Car Gen2 (Flattened Device Tree)
> > > PC is at usercopy_abort+0x68/0x90
> > > LR is at usercopy_abort+0x68/0x90
> > > pc : []lr : []psr: 6013
> > > sp : ea54bc60  ip : 0010  fp : cccd
> > > r10:   r9 : c0e0ce04  r8 : ea54d009
> > > r7 : ea54d00a  r6 :   r5 : 002a  r4 : c09d1120
> > > r3 : dd6cd422  r2 : dd6cd422  r1 : 2abb4000  r0 : 005f
> > > Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
> > > Control: 30c5387d  Table: 40003000  DAC: fffd
> > > Process cryptomgr_test (pid: 35, stack limit = 0x(ptrval))
> > > Stack: (0xea54bc60 to 0xea54c000)
> > > bc60: c09d1120 c09d1120 c09d1120  002a 002a
> > >  c0310060
> > > bc80: 002a  01c0   c0eb11e8
> > > ea54cfe0 ea538c00
> > > bca0:  ea54cfe0 ebef73e0 002a ea538c20 ea54bd84
> > > 003a c0427a30
> > > bcc0: ea54bdbc   c081cf70 eb074280 c081cf70
> > > 002a c081cf80
> > > bce0: 000e c07da138 ea54bd0c  c084061c c04248e8
> > > c0e0a408 eb074240
> > > bd00: eb074200 c04253c8 eb074280 ea55 0012 dd6cd422
> > > ebef7480 eb074200
> > > bd20: ea54bd84 c081cf64 ea537200 0002  0014
> > > c084061c c0428c38
> > > bd40: ea54bd84 ea54bdbc c081cd34  c0e4e4b4 ea538c40
> > > 0002 eabe4e80
> > > bd60: ea538c00 0400 ea4f7a00 ea4f7a60 eb074240 0060
> > > 0006 c09d544c
> > > bd80: 0038 0003  0038 ea54bd7c 0001
> > > eb074200 
> > > bda0:  dead4ead   ea54bdb0 ea54bdb0
> > >  c081cf70
> > > bdc0: c081ce68 c081ce78 ea4f7480 eb000780 0dc0 eb000780
> > > c0e4ee80 443e9884
> > > bde0: 6ed23b1c a14aaeba e52951f9 f17046e5 fefefefe fefefefe
> > > fefefefe fefefefe
> > > be00: eb000780 c04292c4 c0e0a638 6013 6013 c0305298
> > > ea4f7a00 c03062bc
> > > be20: eb000780 0cc0 ea4f7a00 dd6cd422 0cc0 ea538c00
> > > 0002 eabe4e40
> > > be40: ea537200 0007  ea4f7a00 eb074200 c0429314
> > > eb074200 ea538c00
> > > be60: ea4f7a00 000a eabe4e80 c084061c c08405fc 0006
> > > c04dace8 0006
> > > be80:  c084065c ea537200 000e 0400 eb04de08
> > > ea4f71a8 c0429420
> > > bea0: 0400 ea537200 000e ea537200 000e c0429374
> > > 0400 
> > > bec0: 00a2 c042a414 0103 c0e0a408  c0e0a438
> > > c0e5a2a0 c0e5a2a0
> > > bee0: 0001 0001 0017 e000  6013
> > > c0e5a2a0 c0269470
> > > bf00: c09c9ed0 ea54bf5c 0103   c0e0a408
> > > ea537280 000e
> > > bf20: 0400 c0426500  eb04de08 ea4f71a8 c02694f4
> > > c09c9ed0 ea54bf5c
> > > bf40: ea54bf28 c02699d0 ea54bf5c dd6cd422 ea537200 dd6cd422
> > > c09c9ed0 ea537200
> > > bf60: ea4af1c0 ea54a000 ea537200 c0426500  eb04de08
> > > ea4f71a8 c0426524
> > > bf80: ea4f7180 c023dcec ea54a000 ea4af1c0 c023dbb4 
> > >  
> > > bfa0:    c02010d8  
> > >  
> > > bfc0:      
> > >  
> > > bfe0:     0013 
> > >  
> > > [] (usercopy_abort) from []
> > > (__check_object_size+0x2d8/0x448)
> > > [] (__check_object_size) from []
> > > (build_test_sglist+0x268/0x2d8)
> > > [] (build_test_sglist) from []
> > > (test_hash_vec_cfg+0x110/0x694)
> > > [] (test_hash_vec_cfg) from []
> > > (__alg_test_hash+0x158/0x1b8)
> > > [] (__alg_test_hash) from [] 
> > > (alg_test_hash+0xac/0xf4)
> > > [] (alg_test_hash) from [] 
> > > (alg_test.part.4+0x264/0x2f8)
> > > [] (alg_test.part.4) from [] 
> > > (cryptomgr_test+0x24/0x44)
> > > [] (cryptomgr_test) from [] (kthread+0x138/0x150)
> > > [] (kthread) from [] (ret_from_fork+0x14/0x3c)
> > > Exception stack(0xea54bfb0 to 0xea54bff8)
> > > bfa0:  
> > >  
> > > bfc0:      
> > >