Re: [PATCH 2/2] Add a new sysctl knob: unprivileged_userfaultfd_user_mode_only

On Wed, May 20, 2020 at 11:17 PM Andrea Arcangeli wrote: > > On Wed, May 20, 2020 at 01:17:20PM -0700, Lokesh Gidra wrote: > > Adding the Android kernel team in the discussion. > > Unless I'm mistaken that you can already enforce bit 1 of the second > parameter of the userfaultfd syscall to be

Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open

Far from trying to kill perf, we want (and require) perf to be available to developers on Android. All that this patch enables us to do is gate it behind developer settings - just like we do with other developer targeted features. (apologies for the dup, bounced due to non-plaintext) On Tue, Aug

Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open

Far from trying to kill perf, we want (and require) perf to be available to developers on Android. All that this patch enables us to do is gate it behind developer settings - just like we do with other developer targeted features. (apologies for the dup, bounced due to non-plaintext) On Tue, Aug

Re: [kernel-hardening] [PATCH 2/2] security,perf: Allow further restriction of perf_event_open

Acked-by: Jeff Vander Stoep In addition to Debian, this patch has been merged into AOSP and is a requirement for Android: https://android-review.googlesource.com/#/q/topic:CONFIG_SECURITY_PERF_EVENTS_RESTRICT On Wed, Apr 13, 2016 at 9:12 AM, Kees Cook

Re: [kernel-hardening] [PATCH 2/2] security,perf: Allow further restriction of perf_event_open

Acked-by: Jeff Vander Stoep In addition to Debian, this patch has been merged into AOSP and is a requirement for Android: https://android-review.googlesource.com/#/q/topic:CONFIG_SECURITY_PERF_EVENTS_RESTRICT On Wed, Apr 13, 2016 at 9:12 AM, Kees Cook wrote: > On Mon, Jan 11, 2016 at 7:23 AM,

Patch for CVE-2016-0774 missing from stable 3.4 and 3.10 kernels

https://lkml.org/lkml/2016/2/23/812 "pipe: Fix buffer offset after partially failed read" is missing from the stable 3.4.y and 3.10.y kernels. It has been included in 3.2.y and 3.14.y. I am able to cause a kernel panic without this patch. Regards, Jeff Vander Stoep

Patch for CVE-2016-0774 missing from stable 3.4 and 3.10 kernels

https://lkml.org/lkml/2016/2/23/812 "pipe: Fix buffer offset after partially failed read" is missing from the stable 3.4.y and 3.10.y kernels. It has been included in 3.2.y and 3.14.y. I am able to cause a kernel panic without this patch. Regards, Jeff Vander Stoep

Re: [RFC][PATCH] seccomp: add SECCOMP_RET_ACK for non-fatal SIGSYS

Thanks! This is just what I need. What are the drawbacks to returning the sigsys before executing the system call? Otherwise this loses the benefit of properly reporting registers for argument inspection. How about SECCOMP_RET_PERMISSIVE? Describes the application rather than the implementation.

Re: [RFC][PATCH] seccomp: add SECCOMP_RET_ACK for non-fatal SIGSYS

Thanks! This is just what I need. What are the drawbacks to returning the sigsys before executing the system call? Otherwise this loses the benefit of properly reporting registers for argument inspection. How about SECCOMP_RET_PERMISSIVE? Describes the application rather than the implementation.

Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

plain text this time... > This all would be much cleaner if the arm architecture code were just to > register the sysctl itself. > > As it sits this looks like a patchset that does not meaninfully bisect, > and would result in code that is hard to trace and understand. I believe the intent is to

Re: [PATCH 1/2] mm: mmap: Add new /proc tunable for mmap_base ASLR.

plain text this time... > This all would be much cleaner if the arm architecture code were just to > register the sysctl itself. > > As it sits this looks like a patchset that does not meaninfully bisect, > and would result in code that is hard to trace and understand. I believe the intent is to

Re: [PATCH 1/2] selinux: ioctl_has_perm should be static

Acked-by: Jeff Vander Stoep On Sun, Sep 27, 2015 at 8:10 AM, Geliang Tang wrote: > Fixes the following sparse warning: > > security/selinux/hooks.c:3242:5: warning: symbol 'ioctl_has_perm' was > not declared. Should it be static? > > Signed-off-by: Geliang Tang > --- >

Re: [PATCH 1/2] selinux: ioctl_has_perm should be static

Acked-by: Jeff Vander Stoep On Sun, Sep 27, 2015 at 8:10 AM, Geliang Tang wrote: > Fixes the following sparse warning: > > security/selinux/hooks.c:3242:5: warning: symbol 'ioctl_has_perm' was > not declared. Should it be static? > > Signed-off-by:

Re: [PATCH] mm: reorder can_do_mlock to fix audit denial

Yes, minor issue. I appreciate the advice. On Mon, Mar 2, 2015 at 4:42 PM, Andrew Morton wrote: > On Mon, 2 Mar 2015 09:20:32 -0800 Jeff Vander Stoep wrote: > >> A userspace call to mmap(MAP_LOCKED) may result in the successful >> locking of memory while also producing a confusing audit log

Re: [PATCH] mm: reorder can_do_mlock to fix audit denial

Yes, minor issue. I appreciate the advice. On Mon, Mar 2, 2015 at 4:42 PM, Andrew Morton a...@linux-foundation.org wrote: On Mon, 2 Mar 2015 09:20:32 -0800 Jeff Vander Stoep je...@google.com wrote: A userspace call to mmap(MAP_LOCKED) may result in the successful locking of memory while

Re: [PATCH] Add security hooks to binder and implement the hooks for SELinux.

ACK. This has been in the android tree since Nov 2012. Forward port of commit: 6639e3d91a05bafa2a85c24c211c43fcaa1b17c5 in https://android.googlesource.com/kernel/common.git Apologies for the double send. Forgot to disable formatting. Thanks, Jeff On Thu, Jan 22, 2015 at 12:51 AM, Greg KH

Re: [PATCH] Add security hooks to binder and implement the hooks for SELinux.

ACK. This has been in the android tree since Nov 2012. Forward port of commit: 6639e3d91a05bafa2a85c24c211c43fcaa1b17c5 in https://android.googlesource.com/kernel/common.git Apologies for the double send. Forgot to disable formatting. Thanks, Jeff On Thu, Jan 22, 2015 at 12:51 AM, Greg KH