On Tue, Sep 17, 2024 at 4:33 PM Boqun Feng wrote:
> Hazard pointers [1] provide a way to dynamically distribute refcounting
> and can be used to improve the scalability of refcounting without
> significant space cost.
> +static inline void *__hazptr_tryprotect(hazptr_t *hzp,
> +
+brauner for "struct file" lifetime
On Thu, Aug 15, 2024 at 7:45 PM Suren Baghdasaryan wrote:
> On Thu, Aug 15, 2024 at 9:47 AM Andrii Nakryiko
> wrote:
> >
> > On Thu, Aug 15, 2024 at 6:44 AM Mateusz Guzik wrote:
> > >
> > > On Tue, Aug 13, 2024 at 08:36:03AM -0700, Suren Baghdasaryan wrote:
>
On Wed, Apr 14, 2021 at 2:20 PM Florian Weimer wrote:
>
> * Jann Horn:
>
> > On Wed, Apr 14, 2021 at 12:27 PM Florian Weimer wrote:
> >>
> >> * Andrei Vagin:
> >>
> >> > We already have process_vm_readv and process_vm_writev to read and
On Wed, Apr 14, 2021 at 12:27 PM Florian Weimer wrote:
>
> * Andrei Vagin:
>
> > We already have process_vm_readv and process_vm_writev to read and write
> > to a process memory faster than we can do this with ptrace. And now it
> > is time for process_vm_exec that allows executing code in an addr
On Wed, Apr 14, 2021 at 7:59 AM Andrei Vagin wrote:
> We already have process_vm_readv and process_vm_writev to read and write
> to a process memory faster than we can do this with ptrace. And now it
> is time for process_vm_exec that allows executing code in an address
> space of another process.
On Tue, Mar 30, 2021 at 5:01 PM David Hildenbrand wrote:
> >> +long faultin_vma_page_range(struct vm_area_struct *vma, unsigned long
> >> start,
> >> + unsigned long end, bool write, int *locked)
> >> +{
> >> + struct mm_struct *mm = vma->vm_mm;
> >> + unsign
On Wed, Mar 17, 2021 at 12:07 PM David Hildenbrand wrote:
> I. Background: Sparse Memory Mappings
>
> When we manage sparse memory mappings dynamically in user space - also
> sometimes involving MAP_NORESERVE - we want to dynamically populate/
> discard memory inside such a sparse memory region. E
On Sun, Feb 21, 2021 at 7:56 PM Chang S. Bae wrote:
> Intel's Extended Feature Disable (XFD) feature is an extension of the XSAVE
> architecture. XFD allows the kernel to enable a feature state in XCR0 and
> to receive a #NM trap when a task uses instructions accessing that state.
> In this way, L
Hi!
Tavis noticed that on ARM kernels with CONFIG_BINFMT_ELF_FDPIC, it
looks like the FDPIC_FUNCPTRS personality flag is not reset on
execve(). This would mean that if a process first executes an ELF
FDPIC binary (which forces the personality to PER_LINUX_FDPIC), and
then executes a non-FDPIC bina
On Tue, Mar 23, 2021 at 8:22 PM Mickaël Salaün wrote:
> On 23/03/2021 18:49, Jann Horn wrote:
> > On Tue, Mar 23, 2021 at 4:54 PM Mickaël Salaün wrote:
> >> On 23/03/2021 01:13, Jann Horn wrote:
> >>> On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
>
On Tue, Mar 23, 2021 at 4:54 PM Mickaël Salaün wrote:
> On 23/03/2021 01:13, Jann Horn wrote:
> > On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
> >> Using Landlock objects and ruleset, it is possible to tag inodes
> >> according to a process's dom
On Tue, Mar 16, 2021 at 9:43 PM Mickaël Salaün wrote:
> Using Landlock objects and ruleset, it is possible to tag inodes
> according to a process's domain.
[...]
> +static void release_inode(struct landlock_object *const object)
> + __releases(object->lock)
> +{
> + struct inode *cons
ain can transition to a new domain which is the
> intersection of all its constraints and those of a ruleset provided by
> the current process. This modification only impact the current process.
> This means that a process can only gain more constraints (i.e. lose
> accesses) over time
On Wed, Mar 17, 2021 at 7:00 PM Christian Brauner
wrote:
> On Mon, Mar 15, 2021 at 06:16:27PM -0700, Li Li wrote:
> > To improve the user experience when switching between recently used
> > applications, the background applications which are not currently needed
> > are cached in the memory. Norma
On Wed, Mar 17, 2021 at 9:04 PM Gustavo A. R. Silva
wrote:
> On 3/17/21 13:57, Jann Horn wrote:
> >>>> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
> >>>> b/drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
> >>>> index 62ddb452f8
On Wed, Mar 17, 2021 at 7:27 PM Gustavo A. R. Silva
wrote:
> On 3/17/21 12:11, Jann Horn wrote:
> > On Wed, Mar 17, 2021 at 8:43 AM Gustavo A. R. Silva
> > wrote:
> >> Fix the following out-of-bounds warning by replacing the one-element
> >> array in
On Wed, Mar 17, 2021 at 8:43 AM Gustavo A. R. Silva
wrote:
> Fix the following out-of-bounds warning by replacing the one-element
> array in an anonymous union with a pointer:
>
> CC [M] drivers/net/ethernet/intel/ixgbe/ixgbe_common.o
> drivers/net/ethernet/intel/ixgbe/ixgbe_common.c: In functi
On Tue, Mar 16, 2021 at 8:26 PM Mickaël Salaün wrote:
> On 16/03/2021 20:04, Jann Horn wrote:
> > On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote:
> >> One could argue that chroot(2) is useless without a properly populated
> >> root hierarchy (i.e. without /dev
On Tue, Mar 16, 2021 at 6:02 PM Mickaël Salaün wrote:
> One could argue that chroot(2) is useless without a properly populated
> root hierarchy (i.e. without /dev and /proc). However, there are
> multiple use cases that don't require the chrooting process to create
> file hierarchies with special
On Wed, Mar 10, 2021 at 8:23 PM Eric W. Biederman wrote:
>
> Mickaël Salaün writes:
>
> > From: Mickaël Salaün
> >
> > Being able to easily change root directories enable to ease some
> > development workflow and can be used as a tool to strengthen
> > unprivileged security sandboxes. chroot(2)
+jeffv from Android
On Tue, Jan 26, 2021 at 11:51 PM Kalesh Singh wrote:
> In order to measure how much memory a process actually consumes, it is
> necessary to include the DMA buffer sizes for that process in the memory
> accounting. Since the handle to DMA buffers are raw FDs, it is important
>
On Fri, Jan 22, 2021 at 2:05 PM Jann Horn wrote:
> On Thu, Jan 21, 2021 at 7:19 PM Vlastimil Babka wrote:
> > On 1/21/21 11:01 AM, Christoph Lameter wrote:
> > > On Thu, 21 Jan 2021, Bharata B Rao wrote:
> > >
> > >> > The problem is that cal
On Thu, Jan 21, 2021 at 7:19 PM Vlastimil Babka wrote:
> On 1/21/21 11:01 AM, Christoph Lameter wrote:
> > On Thu, 21 Jan 2021, Bharata B Rao wrote:
> >
> >> > The problem is that calculate_order() is called a number of times
> >> > before secondaries CPUs are booted and it returns 1 instead of 22
On Wed, Jan 13, 2021 at 3:22 PM Michal Hocko wrote:
> On Tue 12-01-21 09:51:24, Suren Baghdasaryan wrote:
> > On Tue, Jan 12, 2021 at 9:45 AM Oleg Nesterov wrote:
> > >
> > > On 01/12, Michal Hocko wrote:
> > > >
> > > > On Mon 11-01-21 09:06:22, Suren Baghdasaryan wrote:
> > > >
> > > > > What w
s
percpu list) and we don't want to create unnecessary cache/memory
traffic. (And it's a good cleanup regardless, I think.)
> Signed-off-by: Vlastimil Babka
Reviewed-by: Jann Horn
[...]
> /*
> -* Stage two: Ensure that the page is unfrozen w
On Fri, Jan 15, 2021 at 10:10 AM Mickaël Salaün wrote:
> On 14/01/2021 23:43, Jann Horn wrote:
> > On Thu, Jan 14, 2021 at 7:54 PM Mickaël Salaün wrote:
> >> On 14/01/2021 04:22, Jann Horn wrote:
> >>> On Wed, Dec 9, 2020 at 8:28 PM Mickaël Salaün wrote:
> &g
On Thu, Jan 14, 2021 at 7:54 PM Mickaël Salaün wrote:
> On 14/01/2021 04:22, Jann Horn wrote:
> > On Wed, Dec 9, 2020 at 8:28 PM Mickaël Salaün wrote:
> >> Thanks to the Landlock objects and ruleset, it is possible to identify
> >> inodes according to a proc
On Wed, Dec 9, 2020 at 8:28 PM Mickaël Salaün wrote:
> Thanks to the Landlock objects and ruleset, it is possible to identify
> inodes according to a process's domain. To enable an unprivileged
> process to express a file hierarchy, it first needs to open a directory
> (or a file) and pass this f
On Wed, Dec 9, 2020 at 8:28 PM Mickaël Salaün wrote:
> This patch series adds new built-time checks, a new test, renames some
> variables and functions to improve readability, and shift syscall
> numbers to align with -next.
Sorry, I've finally gotten around to looking at v26 - I hadn't
actually
ain can transition to a new domain which is the
> intersection of all its constraints and those of a ruleset provided by
> the current process. This modification only impact the current process.
> This means that a process can only gain more constraints (i.e. lose
> accesses) over time.
>
le code... but I guess I should. You can add
Reviewed-by: Jann Horn
if you fix the following nits:
[...]
> diff --git a/samples/Kconfig b/samples/Kconfig
[...]
> +config SAMPLE_LANDLOCK
> + bool "Build Landlock sample code"
> + depends on HEADERS_INSTALL
>
On Wed, Jan 13, 2021 at 8:14 PM Vlastimil Babka wrote:
> On 1/12/21 12:12 AM, Jann Horn wrote:
> It doesn't help that slabinfo (global or per-memcg) is also
> inaccurate as it cannot count free objects on per-cpu partial slabs and thus
> reports them as active.
Maybe SLUB c
[This is not something I intend to work on myself. But since I
stumbled over this issue, I figured I should at least document/report
it, in case anyone is willing to pick it up.]
Hi!
I was poking around in SLUB internals and noticed that the estimate of
how many free objects exist on a percpu par
On Mon, Jan 4, 2021 at 7:55 PM Eric Biggers wrote:
> On Fri, Nov 20, 2020 at 10:52:14AM -0800, Eric Biggers wrote:
> > On Mon, Oct 26, 2020 at 09:33:43AM -0700, Eric Biggers wrote:
> > > On Tue, Oct 06, 2020 at 08:50:21PM -0700, Eric Biggers wrote:
> > > > On Tue, Sep 15, 2020 at 09:19:08PM -0700,
On Mon, Dec 28, 2020 at 6:14 PM Andy Lutomirski wrote:
> On Mon, Dec 28, 2020 at 2:25 AM Russell King - ARM Linux admin
> wrote:
> >
> > On Sun, Dec 27, 2020 at 01:36:13PM -0800, Andy Lutomirski wrote:
> > > On Sun, Dec 27, 2020 at 12:18 PM Mathieu Desnoyers
> > > wrote:
> > > >
> > > > - On
could lead to an unnecessary
increase in memory fragmentation.
Fixes: 7ced37197196 ("slub: Acquire_slab() avoid loop")
Signed-off-by: Jann Horn
---
mm/slub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/slub.c b/mm/slub.c
index 0c8b43a5b3b0..b1777ba06735 100644
> and do an immediate SIGSEGV instead.
>
> This overflow is known to occur on systems with large XSAVE state. The
> effort to increase the size typically used for altstacks reduces the
> frequency of these overflows, but this approach is still useful for legacy
> binaries.
>
> Sugg
On Wed, Dec 16, 2020 at 3:21 AM Ted Estes wrote:
> On 12/15/2020 6:01 PM, Jann Horn wrote:
> > On Wed, Dec 16, 2020 at 12:25 AM Alejandro Colomar (man-pages)
> > wrote:
> >> On 12/16/20 12:23 AM, Alejandro Colomar (man-pages) wrote:
> >>> On 12/16/20 12:0
Am Tue, Dec 15, 2020 at 06:01:25PM +0100 schrieb Alejandro Colomar (man-pages):
> Hi,
>
> There's a bug report: https://bugzilla.kernel.org/show_bug.cgi?id=210655
>
> [[
> Under "Ptrace access mode checking", the documentation states:
> "1. If the calling thread and the target thread are in the
On Wed, Dec 16, 2020 at 12:25 AM Alejandro Colomar (man-pages)
wrote:
> On 12/16/20 12:23 AM, Alejandro Colomar (man-pages) wrote:
> > On 12/16/20 12:07 AM, Jann Horn wrote:
> >> Am Tue, Dec 15, 2020 at 06:01:25PM +0100 schrieb Alejandro Colomar
> >> (man-pages):
On Sat, Dec 12, 2020 at 12:01 AM Minchan Kim wrote:
> On Fri, Dec 11, 2020 at 09:27:46PM +0100, Jann Horn wrote:
> > +CC Christoph Hellwig for opinions on compat
> >
> > On Thu, Nov 26, 2020 at 12:22 AM Minchan Kim wrote:
> > > On Mon, Nov 23, 2020 at 09:39:42PM -
+CC Christoph Hellwig for opinions on compat
On Thu, Nov 26, 2020 at 12:22 AM Minchan Kim wrote:
> On Mon, Nov 23, 2020 at 09:39:42PM -0800, Suren Baghdasaryan wrote:
> > process_madvise requires a vector of address ranges to be provided for
> > its operations. When an advice should be applied to
On Tue, Nov 24, 2020 at 6:50 AM Suren Baghdasaryan wrote:
> In modern systems it's not unusual to have a system component monitoring
> memory conditions of the system and tasked with keeping system memory
> pressure under control. One way to accomplish that is to kill
> non-essential processes to
copy_siginfo_from_user_any() takes a userspace pointer as second
argument; annotate the parameter type accordingly.
Signed-off-by: Jann Horn
---
I'm messing around with clang's version of __user annotation checking
and it spotted this issue:
kernel/signal.c:3759:44: warning:
On Sun, Dec 6, 2020 at 4:37 PM Dave Hansen wrote:
> On 12/6/20 5:10 AM, Vladimir Kondratiev wrote:
> > Double fault detected in do_exit() is symptom of integrity
> > compromised. For safety critical systems, it may be better to
> > panic() in this case to minimize risk.
>
> Does this fix a real pr
ot;tty: Add termiox") in v2.6.28.
Similarly, no driver actually implements .set_termiox; and it looks like
no driver ever has.
Delete this dead code; but leave the definition of struct termiox in the
UAPI headers intact.
Signed-off-by: Jann Horn
---
drivers/tty/tty
On Fri, Nov 27, 2020 at 8:04 PM Catangiu, Adrian Costin
wrote:
> On 27/11/2020 20:22, Jann Horn wrote:
> > On Fri, Nov 20, 2020 at 11:29 PM Jann Horn wrote:
> >> On Mon, Nov 16, 2020 at 4:35 PM Catangiu, Adrian Costin
> >> wrote:
> >>> This patch is a driv
[resend in the hope that amazon will accept my mail this time instead
of replying "550 Too many invalid recipients" again]
On Fri, Nov 20, 2020 at 11:29 PM Jann Horn wrote:
> On Mon, Nov 16, 2020 at 4:35 PM Catangiu, Adrian Costin
> wrote:
> > This patch is a driver th
On Tue, Nov 24, 2020 at 9:43 PM Bae, Chang Seok
wrote:
> > On Nov 24, 2020, at 10:41, Jann Horn wrote:
> > On Tue, Nov 24, 2020 at 7:22 PM Bae, Chang Seok
> > wrote:
> >>> On Nov 20, 2020, at 15:04, Jann Horn wrote:
> >>> On Thu, Nov 19,
On Tue, Nov 24, 2020 at 7:22 PM Bae, Chang Seok
wrote:
> > On Nov 20, 2020, at 15:04, Jann Horn wrote:
> > On Thu, Nov 19, 2020 at 8:40 PM Chang S. Bae
> > wrote:
> >>
> >> diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
> >> index
On Tue, Nov 24, 2020 at 6:44 PM Greg KH wrote:
> On Tue, Nov 24, 2020 at 06:30:28PM +0100, Jann Horn wrote:
> > On Tue, Nov 24, 2020 at 6:15 PM Greg KH wrote:
> > > On Tue, Nov 24, 2020 at 06:06:38PM +0100, Jann Horn wrote:
> > > > +seccomp maintainers/reviewers
On Tue, Nov 24, 2020 at 6:15 PM Greg KH wrote:
> On Tue, Nov 24, 2020 at 06:06:38PM +0100, Jann Horn wrote:
> > +seccomp maintainers/reviewers
> > [thread context is at
> > https://lore.kernel.org/linux-api/87lfer2c0b@oldenburg2.str.redhat.com/
> > ]
> >
&g
+seccomp maintainers/reviewers
[thread context is at
https://lore.kernel.org/linux-api/87lfer2c0b@oldenburg2.str.redhat.com/
]
On Tue, Nov 24, 2020 at 5:49 PM Christoph Hellwig wrote:
> On Tue, Nov 24, 2020 at 03:08:05PM +0100, Mark Wielaard wrote:
> > For valgrind the issue is statx which we
On Tue, Nov 24, 2020 at 11:40 AM Lukas Bulwahn wrote:
> Since commit acaab7335bd6 ("lib/zlib: remove outdated and incorrect
> pre-increment optimization"), get_unaligned16() is only used when
> !CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS.
>
> Hence, make CC=clang W=1 warns:
>
> lib/zlib_inflate/inff
When the semantics of the ->read() handlers were changed such that "buffer"
is a kernel pointer, some __user annotations survived.
Since they're wrong now, get rid of them.
Fixes: d3ec10aa9581 ("KEYS: Don't write out to userspace while holding key
semaphor
On Mon, Nov 23, 2020 at 10:16 PM Mickaël Salaün wrote:
> On 23/11/2020 20:44, Jann Horn wrote:
> > On Sat, Nov 21, 2020 at 11:06 AM Mickaël Salaün wrote:
> >> On 21/11/2020 08:00, Jann Horn wrote:
> >>> On Thu, Nov 12, 2020 at 9:52 PM Mickaël Salaün wrote:
> &g
On Sat, Nov 21, 2020 at 11:06 AM Mickaël Salaün wrote:
> On 21/11/2020 08:00, Jann Horn wrote:
> > On Thu, Nov 12, 2020 at 9:52 PM Mickaël Salaün wrote:
> >> Thanks to the Landlock objects and ruleset, it is possible to identify
> >> inodes according to a proc
On Mon, Nov 23, 2020 at 2:45 PM Arnd Bergmann wrote:
> On Mon, Nov 23, 2020 at 12:15 PM Naresh Kamboju
> wrote:
> >
> > While booting arm64 kernel the following kernel BUG noticed on several arm64
> > devices running linux next 20201123 tag kernel.
> >
> >
> > $ git log --oneline next-20201120..n
ommit):
> * Documentation/userspace-api/landlock.rst
> * Documentation/security/landlock.rst
>
> Cc: Arnd Bergmann
> Cc: James Morris
> Cc: Jann Horn
> Cc: Kees Cook
> Cc: Serge E. Hallyn
> Signed-off-by: Mickaël Salaün
Reviewed-by: Jann Horn
ain can transition to a new domain which is the
> intersection of all its constraints and those of a ruleset provided by
> the current process. This modification only impact the current process.
> This means that a process can only gain more constraints (i.e. lose
> accesses) over time
rict the use of syscall families which may
> not be currently handled by Landlock.
>
> Cc: Al Viro
> Cc: Anton Ivanov
> Cc: James Morris
> Cc: Jann Horn
> Cc: Jeff Dike
> Cc: Kees Cook
> Cc: Richard Weinberger
> Cc: Serge E. Hallyn
> Signed-off-by: Mickaël Sa
On Thu, Nov 12, 2020 at 9:52 PM Mickaël Salaün wrote:
> This documentation can be built with the Sphinx framework.
>
> Cc: James Morris
> Cc: Jann Horn
> Cc: Kees Cook
> Cc: Serge E. Hallyn
> Signed-off-by: Mickaël Salaün
> Reviewed-by: Vincent Dagonneau
Reviewed-by: Jann Horn
;
> A following commit uses this generic object management for inodes.
>
> Cc: James Morris
> Cc: Kees Cook
> Cc: Serge E. Hallyn
> Signed-off-by: Mickaël Salaün
> Reviewed-by: Jann Horn
Still looks good, except for one comment:
[...]
> + /**
> +* @lock: Gua
On Thu, Nov 19, 2020 at 8:40 PM Chang S. Bae wrote:
> The kernel pushes data on the userspace stack when entering a signal. If
> using a sigaltstack(), the kernel precisely knows the user stack size.
>
> When the kernel knows that the user stack is too small, avoid the overflow
> and do an immedia
On Mon, Nov 16, 2020 at 4:35 PM Catangiu, Adrian Costin
wrote:
> This patch is a driver that exposes a monotonic incremental Virtual
> Machine Generation u32 counter via a char-dev FS interface that
> provides sync and async VmGen counter updates notifications. It also
> provides VmGen counter ret
Buffers that are passed to read_actions_logged() and write_actions_logged()
are in kernel memory; the sysctl core takes care of copying from/to
userspace.
Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler")
Reviewed-by: Tyler Hicks
Signed-off-by: Jann Horn
---
On Fri, Nov 20, 2020 at 4:36 PM Tyler Hicks wrote:
> Hey Jann - Thanks for cleaning this up!
>
> On 2020-11-20 02:59:13, Jann Horn wrote:
> > Buffers that are passed to read_actions_logged() and write_actions_logged()
> > are in kernel memory; the sysctl core takes ca
Buffers that are passed to read_actions_logged() and write_actions_logged()
are in kernel memory; the sysctl core takes care of copying from/to
userspace.
Fixes: 0ddec0fc8900 ("seccomp: Sysctl to configure actions that are allowed to
be logged")
Signed-off-by: Jann Horn
---
kernel
On Tue, Nov 17, 2020 at 5:55 PM Matthew Wilcox wrote:
> On Mon, Oct 26, 2020 at 06:05:18PM +0200, Topi Miettinen wrote:
> > Writing a new value of 3 to /proc/sys/kernel/randomize_va_space
> > enables full randomization of memory mappings created with mmap(NULL,
> > ...). With 2, the base of the VM
On Wed, Nov 11, 2020 at 5:06 PM Zhaoxiu Zeng wrote:
> 在 2020/11/11 11:46, Jann Horn 写道:
> > On Mon, Nov 9, 2020 at 8:27 PM wrote:
> >> This patch does:
> >> 1. Cleanup code and reduce branches
> >> 2. Use copy_from_back to copy the matched bytes from the bac
On Mon, Nov 9, 2020 at 8:27 PM wrote:
> This patch does:
> 1. Cleanup code and reduce branches
> 2. Use copy_from_back to copy the matched bytes from the back output buffer
What exactly is copy_from_back()? Is it like memmove()? If yes, have
you tried using memmove() instead of the code added in
common case
> is therefore not affected by this change.
>
> Reviewed-by: Dmitry Vyukov
> Co-developed-by: Alexander Potapenko
> Signed-off-by: Alexander Potapenko
> Signed-off-by: Marco Elver
Reviewed-by: Jann Horn
ed reports to the console.
>
> Reviewed-by: Dmitry Vyukov
> Co-developed-by: Alexander Potapenko
> Signed-off-by: Alexander Potapenko
> Signed-off-by: Marco Elver
Reviewed-by: Jann Horn
On Tue, Nov 3, 2020 at 6:59 PM Marco Elver wrote:
> Add KFENCE documentation in dev-tools/kfence.rst, and add to index.
>
> Reviewed-by: Dmitry Vyukov
> Co-developed-by: Alexander Potapenko
> Signed-off-by: Alexander Potapenko
> Signed-off-by: Marco Elver
Reviewed-by: Jann Horn
otecting and unprotecting pages.
>
> For x86, we need to ensure that the pool uses 4K pages, which is done
> using the set_memory_4k() helper function.
>
> Reviewed-by: Dmitry Vyukov
> Co-developed-by: Marco Elver
> Signed-off-by: Marco Elver
> Signed-off-by: Alexander Potapenko
Reviewed-by: Jann Horn
On Tue, Nov 3, 2020 at 6:58 PM Marco Elver wrote:
> This adds the Kernel Electric-Fence (KFENCE) infrastructure. KFENCE is a
> low-overhead sampling-based memory safety error detector of heap
> use-after-free, invalid-free, and out-of-bounds access errors.
Reviewed-by: Jann Horn
On Tue, Oct 20, 2020 at 9:15 PM Jason Gunthorpe wrote:
> On Sat, Oct 17, 2020 at 12:57:13AM +0200, Jann Horn wrote:
> > @@ -1545,6 +1532,18 @@ void setup_new_exec(struct linux_binprm * bprm)
> > me->mm->task_size = TASK_SIZE;
> > mutex_unlock(&am
On Tue, Nov 3, 2020 at 3:11 AM Jann Horn wrote:
> On Sat, Oct 17, 2020 at 2:30 AM Jann Horn wrote:
> > On Sat, Oct 17, 2020 at 1:21 AM Jason Gunthorpe wrote:
> > > On Sat, Oct 17, 2020 at 01:09:12AM +0200, Jann Horn wrote:
> > > > Currentl
On Sat, Oct 17, 2020 at 2:30 AM Jann Horn wrote:
> On Sat, Oct 17, 2020 at 1:21 AM Jason Gunthorpe wrote:
> > On Sat, Oct 17, 2020 at 01:09:12AM +0200, Jann Horn wrote:
> > > Currently, mm_struct has two refcounts:
> > >
> > > - mm_users: preserves everyth
SECCOMP_IOCTL_NOTIF_RECV. Alternatively we could also set SIGCHLD to
SIG_IGN and let the kernel autoreap exiting children.
Signed-off-by: Jann Horn
---
samples/seccomp/user-trap.c | 163 +++-
1 file changed, 87 insertions(+), 76 deletions(-)
diff --git a/samples/seccomp/user
Signed-off-by: Jann Horn
---
kernel/seccomp.c | 62 +--
samples/seccomp/user-trap.c | 16 +
tools/testing/selftests/seccomp/seccomp_bpf.c | 21 +++
3 files changed, 79 insertions(+), 20 deletions(-)
diff --git a/kernel/seccomp.
Test that SECCOMP_IOCTL_NOTIF_RECV on a seccomp fd with zero users returns
-ENOTCONN, both in blocking and in non-blocking mode.
Also test that SECCOMP_IOCTL_NOTIF_RECV on a seccomp fd with no active
notifications returns -ENOENT in non-blocking mode.
Signed-off-by: Jann Horn
---
tools/testing
On Mon, Nov 2, 2020 at 8:50 PM Sargun Dhillon wrote:
> On Mon, Nov 2, 2020 at 11:45 AM Michael Kerrisk (man-pages)
> wrote:
> >Caveats regarding blocking system calls
> >Suppose that the target performs a blocking system call (e.g.,
> >accept(2)) that the supervisor should han
On Mon, Nov 2, 2020 at 5:52 PM Alexey Gladkov wrote:
> Add a new prctl to change the user namespace in which the process
> counter is located. A pointer to the user namespace is in cred struct
> to be inherited by all child processes.
[...]
> + case PR_SET_RLIMIT_USER_NAMESPACE:
> +
ASSERT_GE() is defined as:
/**
* ASSERT_GE(expected, seen)
*
* @expected: expected value
* @seen: measured value
*
* ASSERT_GE(expected, measured): expected >= measured
*/
#define ASSERT_GE(expected, seen) \
__EXPECT(expected, #expected, seen, #seen, >=, 1)
but that means that logically, i
On Sat, Oct 31, 2020 at 9:51 AM Michael Kerrisk (man-pages)
wrote:
> On 10/30/20 8:20 PM, Jann Horn wrote:
> > On Thu, Oct 29, 2020 at 8:14 PM Michael Kerrisk (man-pages)
> > wrote:
> >> On 10/29/20 2:42 AM, Jann Horn wrote:
> >>> As discussed
On Sat, Oct 31, 2020 at 9:31 AM Michael Kerrisk (man-pages)
wrote:
> On 10/30/20 8:14 PM, Jann Horn wrote:
> > With the caveat that a cancelled syscall
> > could've also led to the memory being munmap()ed, so the nread==0 case
> > could also happen legitimately - so y
On Thu, Oct 29, 2020 at 8:14 PM Michael Kerrisk (man-pages)
wrote:
> On 10/29/20 2:42 AM, Jann Horn wrote:
> > As discussed at
> > <https://lore.kernel.org/r/CAG48ez0m4Y24ZBZCh+Tf4ORMm9_q4n7VOzpGjwGF7_Fe8EQH=q...@mail.gmail.com>,
> > we need to re-check checkNotificati
On Thu, Oct 29, 2020 at 8:53 PM Michael Kerrisk (man-pages)
wrote:
> On 10/29/20 4:26 PM, Christian Brauner wrote:
> > I like this manpage. I think this is the most comprehensive explanation
> > of any seccomp feature
>
> Thanks (at least, I think so...)
>
> > and somewhat understandable.
>
On Thu, Oct 29, 2020 at 3:19 PM Michael Kerrisk (man-pages)
wrote:
> On 10/29/20 2:42 AM, Jann Horn wrote:
> > On Mon, Oct 26, 2020 at 10:55 AM Michael Kerrisk (man-pages)
> > wrote:
> >>static bool
> >>getTargetPathname(struct
On Fri, Oct 30, 2020 at 5:06 PM Mickaël Salaün wrote:
> On 30/10/2020 16:47, Jann Horn wrote:
> > On Fri, Oct 30, 2020 at 1:39 PM Mickaël Salaün wrote:
> >> Commit 69f594a38967 ("ptrace: do not audit capability check when outputing
> >> /proc/pid/stat")
()"), a
> new ns_capable_noaudit() helper is available. Let's use it!
>
> As a result, the signature of ptrace_has_cap() is restored to its original
> one.
>
> Cc: Christian Brauner
> Cc: Eric Paris
> Cc: Jann Horn
> Cc: Kees Cook
> Cc: Oleg Nesterov
dit() helper is available. Let's
> use it!
>
> Cc: Jann Horn
> Cc: Kees Cook
> Cc: Tyler Hicks
> Cc: Will Drewry
> Cc: sta...@vger.kernel.org
> Fixes: e2cfabdfd075 ("seccomp: add system call filtering using BPF")
> Signed-off-by: Mickaël Salaün
Reviewed-by: Jann Horn
On Fri, Oct 30, 2020 at 2:00 PM Marco Elver wrote:
> On Fri, 30 Oct 2020 at 03:49, Jann Horn wrote:
> > On Thu, Oct 29, 2020 at 2:17 PM Marco Elver wrote:
> > > Add architecture specific implementation details for KFENCE and enable
> > > KFENCE for the x86 archit
On Fri, Oct 30, 2020 at 2:46 PM Marco Elver wrote:
> On Fri, 30 Oct 2020 at 03:50, Jann Horn wrote:
> > On Thu, Oct 29, 2020 at 2:17 PM Marco Elver wrote:
> > > We make KFENCE compatible with KASAN for testing KFENCE itself. In
> > > particular, KASAN helps to catch a
On Thu, Oct 29, 2020 at 12:30 PM Mickaël Salaün wrote:
> On 29/10/2020 02:06, Jann Horn wrote:
> > On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün wrote:
> >> These 3 system calls are designed to be used by unprivileged processes
> >
On Thu, Oct 29, 2020 at 10:30 AM Mickaël Salaün wrote:
> On 29/10/2020 02:05, Jann Horn wrote:
> > On Tue, Oct 27, 2020 at 9:04 PM Mickaël Salaün wrote:
> >> A Landlock object enables to identify a kernel object (e.g. an inode).
> >> A Landlock rule is a set of access
>
> When KFENCE is disabled, there is no additional overhead, since
> slab_alloc*() functions are __always_inline.
>
> Reviewed-by: Dmitry Vyukov
> Co-developed-by: Marco Elver
> Signed-off-by: Marco Elver
> Signed-off-by: Alexander Potapenko
Reviewed-by: Jann Horn
if you fi
On Thu, Oct 29, 2020 at 2:17 PM Marco Elver wrote:
> Add KFENCE test suite, testing various error detection scenarios. Makes
> use of KUnit for test organization. Since KFENCE's interface to obtain
> error reports is via the console, the test verifies that KFENCE outputs
> expected reports to the
On Thu, Oct 29, 2020 at 2:17 PM Marco Elver wrote:
> Add architecture specific implementation details for KFENCE and enable
> KFENCE for the arm64 architecture. In particular, this implements the
> required interface in .
>
> KFENCE requires that attributes for pages from its memory pool can
> ind
1 - 100 of 1002 matches
Mail list logo