[PATCH] drivers/net: netronome: Convert timers to use timer_setup()

mloft.net> Cc: Jiri Pirko <j...@mellanox.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Simon Horman <simon.hor...@netronome.com> Cc: oss-driv...@netronome.com Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/netrono

[PATCH] drivers/net: hippi: Convert timers to use timer_setup()

ed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/hippi/rrunner.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/hippi/rrunner.c b/drivers/net/hippi/rrunner.c index 76cc140774a2..8483f03d5a41 100644 --- a/drivers/net/hippi/rrunner.c +++ b

[PATCH] drivers/net: hamradio/yam: Convert timers to use timer_setup()

el.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/hamradio/yam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/hamradio/yam.c b/drivers/net/hamradio/yam.c index 7a7c5224a336..b88c5cc00a63 100644 --- a

[PATCH] drivers/net: can: Convert timers to use timer_setup()

Cc: "David S. Miller" <da...@davemloft.net> Cc: Allen Pais <allen.l...@gmail.com> Cc: linux-...@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/can/grcan.c | 19 --- driv

[PATCH] drivers/net: nuvoton: Convert timers to use timer_setup()

el.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/nuvoton/w90p910_ether.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/nuvoton/w90p910_ether.c b/drivers/net/ethernet/nuvoton/w90p910_ether.c index

[PATCH] drivers/net: realtek: Convert timers to use timer_setup()

.@davemloft.net> Cc: David Howells <dhowe...@redhat.com> Cc: Jay Vosburgh <jay.vosbu...@canonical.com> Cc: Allen Pais <allen.l...@gmail.com> Cc: Eric Dumazet <eduma...@google.com> Cc: Tobias Klauser <tklau...@distanz.ch> Cc: netdev@vger.kernel.org Signed-off-by: Kees Co

[PATCH] drivers/net: sxgbe: Convert timers to use timer_setup()

a <vipul.pan...@samsung.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 16 +++- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c

[PATCH] drivers/net: wan/sdla: Convert timers to use timer_setup()

Tobias Klauser <tklau...@distanz.ch> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/wan/sdla.c | 12 +--- include/linux/if_frad.h | 1 + 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/net/wan/sdl

[PATCH] drivers/net: arcnet: Convert timers to use timer_setup()

In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Cc: Michael Grzeschik <m.grzesc...@pengutronix.de> Cc: netdev@vger.kernel.org Signed-off-by: Kee

[PATCH] drivers/net: wan/dscc4: Remove unused timer

This removes an entirely unused timer, which avoids needing to convert it to timer_setup(). Cc: Francois Romieu <rom...@fr.zoreil.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/wan/dscc4.c | 20 1 file changed,

[PATCH] drivers/net: wan/lmc: Convert timers to use timer_setup()

oft.net> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/wan/lmc/lmc_main.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/wan/lmc/lmc_main.c b/drivers/net/wan/lmc/lmc_main.c index ae69d65158e6..37b1e0d03e31 1006

[PATCH] isdn/gigaset: Provide cardstate context for bas timer callbacks

("isdn/gigaset: Convert timers to use timer_setup()") Cc: Paul Bolle <pebo...@tiscali.nl> Cc: Karsten Keil <i...@linux-pingi.de> Cc: "David S. Miller" <da...@davemloft.net> Cc: Johan Hovold <jo...@kernel.org> Cc: gigaset307x-com...@lists.sourceforge.net C

[PATCH] drivers/net: tundra: Convert timers to use timer_setup()

.com> Cc: "yuval.sh...@oracle.com" <yuval.sh...@oracle.com> Cc: Eric Dumazet <eduma...@google.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/tundra/tsi108_eth.c | 10 +- 1 file changed, 5 insertions(+), 5 dele

[PATCH] drivers/net: ntb_netdev: Convert timers to use timer_setup()

n.hu...@emc.com> Cc: linux-...@googlegroups.com Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ntb_netdev.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ntb_netdev.c b/drivers/net/ntb_netdev.c index 02

[PATCH v2] net: tipc: Convert timers to use timer_setup()

id S. Miller" <da...@davemloft.net> Cc: netdev@vger.kernel.org Cc: tipc-discuss...@lists.sourceforge.net Signed-off-by: Kees Cook <keesc...@chromium.org> --- Rebased on commit 0d5fcebf3c37 ("tipc: refactor tipc_sk_timeout() function"). --- net/tipc/discover.c | 6 +++--- net/

[PATCH] drivers/net: cris: Convert timers to use timer_setup()

> Cc: Arnd Bergmann <a...@arndb.de> Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org> Cc: "yuval.sh...@oracle.com" <yuval.sh...@oracle.com> Cc: Paul Gortmaker <paul.gortma...@windriver.com> Cc: Philippe Reynes <trem...@gmail.com> Cc: netdev@vger.kernel.org S

Re: [PATCH] net: tipc: Convert timers to use timer_setup()

On Mon, Oct 30, 2017 at 2:57 AM, Jon Maloy <jon.ma...@ericsson.com> wrote: > > >> -Original Message- >> From: keesc...@google.com [mailto:keesc...@google.com] On Behalf Of >> Kees Cook >> Sent: Friday, October 27, 2017 06:58 >> To: Jon Maloy <j

[PATCH] net: recvmsg: Unconditionally zero struct sockaddr_storage

with CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y Reported-by: Alexander Potapenko <gli...@google.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/socket.c | 1 + 1 file changed, 1 insertion(+) dif

Re: [PATCH v6 05/13] firmware_loader: enhance Kconfig documentation over FW_LOADER

longer required unless you have a special firmware file that > - resides in a non-standard path. Moreover, the udev support has > - been deprecated upstream. > + Enabling this option forces a sysfs userspace fallback mechanism > + to be used for all firmware requests which explicitly do not > disable a > + a fallback mechanism. Firmware calls which do prohibit a fallback > + mechanism is request_firmware_direct(). This option is kept for > + backward compatibility purposes given this precise mechanism can > also > + be enabled by setting the proc sysctl value to true: > + > + /proc/sys/kernel/firmware_config/force_sysfs_fallback > > If you are unsure about this, say N here. > > +endif # FW_LOADER > +endmenu > + > config WANT_DEV_COREDUMP > bool > help > -- > 2.17.0 > -Kees -- Kees Cook Pixel Security

Re: [PATCH v6 00/13] firmware_loader changes for v4.18

ing. > > As for the rename that you wanted, perhaps we can do this late in the > merge window considering we're at rc4 now. I can prep something up for > that later. > > Question, and specially rants are warmly welcomed. I sent some typo catches, but with those fixed, please c

Re: [PATCH v6 05/13] firmware_loader: enhance Kconfig documentation over FW_LOADER

On Wed, May 9, 2018 at 1:55 PM, Luis R. Rodriguez <mcg...@kernel.org> wrote: > On Tue, May 08, 2018 at 03:42:33PM -0700, Kees Cook wrote: >> On Tue, May 8, 2018 at 11:12 AM, Luis R. Rodriguez <mcg...@kernel.org> wrote: >> > + This used to be the default firmw

Re: [PATCH v2 net-next 1/4] umh: introduce fork_usermode_blob() helper

th file interfaces, I'm cautious to add a new blob interface. Maybe just pull all the blob-finding/loading into the interface, and just make it something like fork_usermode_kmod(struct module *mod, struct umh_info *info) ? -Kees -- Kees Cook Pixel Security

Re: [PATCH] net: dsa: drop some VLAs in switch.c

; You could make the bitmap part of the dsa_switch structure. This is > allocated by dsa_switch_alloc() and is passed the number of ports. > Doing the allocation there means you don't need to worry about it > failing in dsa_switch_mdb_add() or dsa_switch_vlan_add(). Are dsa_switch_mdb_add() and dsa_switch_vlan_add() guaranteed to be single-threaded? -Kees -- Kees Cook Pixel Security

Re: [net-next:master 375/376] net/core/rtnetlink.c:3099:1: warning: the frame size of 1280 bytes is larger than 1024 bytes

default 1280 if (!64BIT && PARISC) default 1024 if (!64BIT && !PARISC) default 2048 if 64BIT Just dropping the defconfig there should fix it. (And I think it was just a mistake to port that value when splitting the um defconfig in commit e40f04d040c6 ("arch/um: make it work with defconfig and x86_64"). -Kees -- Kees Cook Pixel Security

Re: [PATCH net-next] rtnetlink: Fix null-ptr-deref in rtnl_newlink

-2936,7 +2936,7 @@ static int rtnl_newlink(struct sk_buff *skb, struct >> nlmsghdr *nlh, >> } >> >> if (m_ops) { >> - if (ops->slave_maxtype > RTNL_SLAVE_MAX_TYPE) >> + if (m_ops->slave_maxtype > RTNL_SLAVE_MAX_TYPE) >> return -EINVAL; > > > Oh nice > > CC Kees Cook. Argh. Thank you, yes. Acked-by: Kees Cook -Kees -- Kees Cook Pixel Security

Re: [PATCH bpf 3/3] bpf: undo prog rejection on read-only lock failure

On Fri, Jun 29, 2018 at 4:47 PM, Daniel Borkmann wrote: > On 06/29/2018 08:42 PM, Kees Cook wrote: >> On Thu, Jun 28, 2018 at 2:34 PM, Daniel Borkmann >> wrote: >>> Kees suggested that if set_memory_*() can fail, we should annotate it with >>> __must_ch

Re: [PATCH bpf 3/3] bpf: undo prog rejection on read-only lock failure

pened, the transition from RW -> RO could > be made more robust that way, while subsequent RO -> RW transition /must/ > continue guaranteeing to always succeed the undo part. Does this mean we can have BPF filters that aren't read-only then? What's the situation where set_memory_ro() fai

[PATCH] net: stmmac: Avoid VLA usage

[1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/etherne

Re: [PATCH] net: stmmac: Avoid VLA usage

On Wed, May 2, 2018 at 1:54 AM, Jose Abreu <jose.ab...@synopsys.com> wrote: > Hi Kees, > > On 01-05-2018 22:01, Kees Cook wrote: >> In the quest to remove all stack VLAs from the kernel[1], this switches >> the "status" stack buffer to use the existing small

Re: [PATCH] net: tipc: Convert timers to use timer_setup()

ere the argument needs to be slightly adjusted to fetch the tsk from the sk again. Thanks! -Kees -- Kees Cook Pixel Security

[PATCH] drivers/net: dlink: Convert timers to use timer_setup()

In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Cc: Denis Kirjanov <k...@linux-powerpc.org> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook

[PATCH] drivers/net: 8390: Convert timers to use timer_setup()

In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/etherne

[PATCH] drivers/net: smsc: Convert timers to use timer_setup()

al.sh...@oracle.com> Cc: Eric Dumazet <eduma...@google.com> Cc: Philippe Reynes <trem...@gmail.com> Cc: Allen Pais <allen.l...@gmail.com> Cc: Tobias Klauser <tklau...@distanz.ch> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- driver

[PATCH] netfilter: ipvs: Convert timers to use timer_setup()

ter-de...@vger.kernel.org Cc: coret...@netfilter.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/netfilter/ipvs/ip_vs_conn.c | 10 +- net/netfilter/ipvs/ip_vs_ctl.c | 7 +++ net/netfilter/ipvs/ip_vs_est.c | 6 +++--- net/netfilter/ipvs/ip_vs_lblc.

[PATCH] drivers/net: packetengines: Convert timers to use timer_setup()

c: yuan linyu <linyu.y...@alcatel-sbell.com.cn> Cc: Philippe Reynes <trem...@gmail.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/packetengines/hamachi.c | 14 +++--- drivers/net/ethernet/packetengines/yellowfi

[PATCH] drivers/net: mellanox: Convert timers to use timer_setup()

anovsky <leo...@mellanox.com> Cc: netdev@vger.kernel.org Cc: linux-r...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/mellanox/mlx5/core/health.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/mellan

[PATCH] drivers/net: natsemi: Convert timers to use timer_setup()

c: Eric Dumazet <eduma...@google.com> Cc: Philippe Reynes <trem...@gmail.com> Cc: Wei Yongjun <weiyongj...@huawei.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/natsemi/natsemi.c | 10 +- drivers/net/eth

[PATCH] drivers/net: fealnx: Convert timers to use timer_setup()

l.sh...@oracle.com> Cc: Allen Pais <allen.l...@gmail.com> Cc: Stephen Hemminger <step...@networkplumber.org> Cc: Philippe Reynes <trem...@gmail.com> Cc: Johannes Berg <johannes.b...@intel.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <kee

[PATCH] drivers/net: appletalk/cops: Convert timers to use timer_setup()

: David Howells <dhowe...@redhat.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/appletalk/cops.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/net/appletalk/cops.c b/drivers/net/appletalk/cops.

[PATCH] drivers/net: korina: Convert timers to use timer_setup()

; Cc: Florian Fainelli <f.faine...@gmail.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/korina.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/korina.c b/drivers/net/et

[PATCH] drivers/net: amd: Convert timers to use timer_setup()

net> Cc: Allen Pais <allen.l...@gmail.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/amd/a2065.c | 13 ++--- drivers/net/ethernet/amd/am79c961a.c | 9 + drivers/net/ethernet/amd/am79c961a.h

[PATCH] drivers/net: chelsio/cxgb*: Convert timers to use timer_setup()

Leedom <lee...@chelsio.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/net/ethernet/chelsio/cxgb3/sge.c | 12 ++-- drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c | 7 +++ drivers/net/ethernet/chelsio/cxgb

Re: Timer breakage in net-next

arately in other trees. Obviously this is up to Dave, but it seemed like a merge of tip/timers/core into net-next would be confusing. > You can add my Tested-by line. Thanks for checking it! -Kees -- Kees Cook Pixel Security

Re: drivers/wireless: ath: Convert timers to use timer_setup()

On Fri, Oct 27, 2017 at 11:18 AM, Kalle Valo <kv...@qca.qualcomm.com> wrote: > Kees Cook <keesc...@chromium.org> wrote: > >> In preparation for unconditionally passing the struct timer_list pointer to >> all timer callbacks, switch to using the new timer_setup

[PATCH 21/36] ip: Define usercopy region in IP proto slab cache

shf...@linux-ipv6.org> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/ipv4/raw.c | 2 ++ net/ipv6/raw.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 33b70bfd1122..1b6fa4195ac9 100644 --- a/net/ipv4/raw.c +++

[PATCH 28/36] fork: Provide usercopy whitelisting for task_struct

n.org> Cc: Nicholas Piggin <npig...@gmail.com> Cc: Laura Abbott <labb...@redhat.com> Cc: "Mickaël Salaün" <m...@digikod.net> Cc: Ingo Molnar <mi...@kernel.org> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Andy Lutomirski <l...@kernel.org> Signed-o

[PATCH 06/36] usercopy: Mark kmalloc caches as usercopy caches

om> Cc: Andrew Morton <a...@linux-foundation.org> Cc: linux...@kvack.org Cc: linux-...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- mm/slab.c| 3 ++- mm/slab.h| 3 ++- mm/slab_common.c | 10 ++ 3 files changed, 10 insertions(+), 6

[PATCH 07/36] dcache: Define usercopy region in dentry_cache slab cache

Cc: Alexander Viro <v...@zeniv.linux.org.uk> Cc: linux-fsde...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- fs/dcache.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 5c7df1df81ff..92ad7a2168e1 100644 --- a/fs/dcac

[PATCH 34/36] usercopy: Allow strict enforcement of whitelists

at build time or a system is booted with "slab_common.usercopy_fallback=0", usercopy whitelists will BUG() instead of WARN(). This is useful for admins that want to use usercopy whitelists immediately. Suggested-by: Matthew Garrett <mj...@google.com> Signed-off-by: Kees Cook <ke

[PATCH 35/36] usercopy: Restrict non-usercopy caches to size 0

ter <c...@linux.com> Cc: Pekka Enberg <penb...@kernel.org> Cc: David Rientjes <rient...@google.com> Cc: Joonsoo Kim <iamjoonsoo@lge.com> Cc: Andrew Morton <a...@linux-foundation.org> Cc: linux...@kvack.org Signed-off-by: Kees Cook <keesc...@chromium.org> ---

[PATCH 01/36] usercopy: Remove pointer from overflow report

Using %p was already mostly useless in the usercopy overflow reports, so this removes it entirely to avoid confusion now that %p-hashing is enabled. Fixes: ad67b74d2469d9b8 ("printk: hash addresses printed with %p") Signed-off-by: Kees Cook <keesc...@chromium.org> --- m

[PATCH 12/36] jfs: Define usercopy region in jfs_ip slab cache

[kees: adjust commit log, provide usage trace] Cc: Dave Kleikamp <sha...@kernel.org> Cc: jfs-discuss...@lists.sourceforge.net Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Dave Kleikamp <dave.kleik...@oracle.com> --- fs/jfs/super.c | 8 +--- 1 file changed, 5 inse

[PATCH 08/36] vfs: Define usercopy region in names_cache slab caches

x.org.uk> Cc: linux-fsde...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- fs/dcache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 92ad7a2168e1..9d7ee2de682c 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -3640,8 +3640,8 @@

[PATCH 32/36] kvm: whitelist struct kvm_vcpu_arch

ctures with usercopy hardening enabled. For now, allow writing to the entire struct on all architectures. The KVM tree will not refine this to an architecture-specific subset of struct kvm_vcpu_arch. Cc: kernel-harden...@lists.openwall.com Cc: Kees Cook <keesc...@chromium.org> Cc: Christian Borntraeg

[PATCH 31/36] arm: Implement thread_struct whitelist for hardened usercopy

..@infradead.org> Cc: linux-arm-ker...@lists.infradead.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- arch/arm/Kconfig | 1 + arch/arm/include/asm/processor.h | 7 +++ 2 files changed, 8 insertions(+) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 51c8

[PATCH 33/36] kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl

: Kees Cook <keesc...@chromium.org> Cc: Radim Krčmář <rkrc...@redhat.com> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Kees Cook <keesc...@chromium.org> --- arch/x86/kvm/x86.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arc

[PATCH 30/36] arm64: Implement thread_struct whitelist for hardened usercopy

c: Ingo Molnar <mi...@kernel.org> Cc: James Morse <james.mo...@arm.com> Cc: "Peter Zijlstra (Intel)" <pet...@infradead.org> Cc: Dave Martin <dave.mar...@arm.com> Cc: zijun_hu <zijun...@htc.com> Cc: linux-arm-ker...@lists.infradead.org Signed-off-by:

[PATCH 20/36] net: Define usercopy region in struct proto slab cache

s: add logic for by-default full-whitelist] Cc: "David S. Miller" <da...@davemloft.net> Cc: Eric Dumazet <eduma...@google.com> Cc: Paolo Abeni <pab...@redhat.com> Cc: David Howells <dhowe...@redhat.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chrom

[PATCH 13/36] befs: Define usercopy region in befs_inode_cache slab cache

es: adjust commit log, provide usage trace] Cc: Luis de Bethencourt <lui...@kernel.org> Cc: Salah Triki <salah.tr...@gmail.com> Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Luis de Bethencourt <lui...@kernel.org> --- fs/befs/linuxvfs.c | 14 +- 1 fil

[PATCH 19/36] scsi: Define usercopy region in scsi_sense_cache slab cache

sen" <martin.peter...@oracle.com> Cc: linux-s...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/scsi/scsi_lib.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 1cbc497e00bd..1

[PATCH 36/36] lkdtm: Update usercopy tests for whitelisting

This updates the USERCOPY_HEAP_FLAG_* tests to USERCOPY_HEAP_WHITELIST_*, since the final form of usercopy whitelisting ended up using an offset/size window instead of the earlier proposed allocation flags. Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/misc/lkdtm.h

[PATCH 25/36] net: Restrict unwhitelisted proto caches to size 0

gt; Cc: David Howells <dhowe...@redhat.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/core/sock.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/net/core/sock.c b/net/core/sock.c index 261e6dbf0259..f39206b41b32 100644 --

[PATCH 29/36] x86: Implement thread_struct whitelist for hardened usercopy

l.org Cc: Borislav Petkov <b...@suse.de> Cc: Andy Lutomirski <l...@kernel.org> Cc: Mathias Krause <mini...@googlemail.com> Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Rik van Riel <r...@redhat.com> --- arch/x86/Kconfig | 1 + arch/x86/include/a

[PATCH 26/36] fork: Define usercopy region in mm_struct slab caches

commit log, split patch, provide usage trace] Cc: Ingo Molnar <mi...@kernel.org> Cc: Andrew Morton <a...@linux-foundation.org> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Andy Lutomirski <l...@kernel.org> Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: R

[PATCH 24/36] sctp: Copy struct sctp_sock.autoclose to userspace using put_user()

t commit log] Cc: Vlad Yasevich <vyasev...@gmail.com> Cc: Neil Horman <nhor...@tuxdriver.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-s...@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/sctp/sock

[PATCH 22/36] caif: Define usercopy region in caif proto slab cache

urity/PaX code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: split from network patch, provide usage trace] Cc: "David S. Miller" <da...@davemloft.net> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/caif/caif_socket.c | 2 ++

[PATCH 27/36] fork: Define usercopy region in thread_stack slab caches

rg> Cc: Andrew Morton <a...@linux-foundation.org> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Andy Lutomirski <l...@kernel.org> Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Rik van Riel <r...@redhat.com> --- kernel/fork.c | 5 +++-- 1 file changed, 3 inser

[PATCH 10/36] ext4: Define usercopy region in ext4_inode_cache slab cache

code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: "Theodore Ts'o" <ty...@mit.edu> Cc: Andreas Dilger <adilger.ker...@dilger.ca> Cc: linux-e...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --

[PATCH 11/36] ext2: Define usercopy region in ext2_inode_cache slab cache

gned-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Jan Kara <j...@suse.com> Cc: linux-e...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Jan Kara <j...@suse.cz> --- fs/ext2/super.c | 12 ++

[PATCH 09/36] vfs: Copy struct mount.mnt_id to userspace using put_user()

t commit log] Cc: Alexander Viro <v...@zeniv.linux.org.uk> Cc: linux-fsde...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- fs/fhandle.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/fhandle.c b/fs/fhandle.c index 0ace128f5d23..0ee7

[PATCH 05/36] usercopy: WARN() on slab cache usercopy region violations

g> Cc: Laura Abbott <labb...@redhat.com> Cc: Ingo Molnar <mi...@kernel.org> Cc: Mark Rutland <mark.rutl...@arm.com> Cc: linux...@kvack.org Cc: linux-...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- mm/slab.c | 30 +++

[PATCH 23/36] sctp: Define usercopy region in SCTP proto slab cache

com> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-s...@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- include/net/sctp/structs.h | 9 +++-- net/sctp/socket.c | 8 2 files changed, 15 inser

[PATCH 18/36] cifs: Define usercopy region in cifs_request slab cache

indsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Steve French <sfre...@samba.org> Cc: linux-c...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- fs/cifs/cifsfs.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(

[PATCH 17/36] vxfs: Define usercopy region in vxfs_inode slab cache

ty/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Christoph Hellwig <h...@infradead.org> S

[PATCH 14/36] exofs: Define usercopy region in exofs_inode_cache slab cache

anding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Boaz Harrosh <o...@electrozaur.com> Signed-off-by: Kees Cook &

[PATCH 16/36] ufs: Define usercopy region in ufs_inode_cache slab cache

.@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Evgeniy Dushistov <dushis...@mail.ru> Signed-off-by: Kees Cook <keesc...@chromium.org> --- fs/ufs/super.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/fs/ufs/super.c b/fs/ufs/supe

[PATCH 03/36] lkdtm/usercopy: Adjust test to include an offset to check reporting

Instead of doubling the size, push the start position up by 16 bytes to still trigger an overflow. This allows to verify that offset reporting is working correctly. Signed-off-by: Kees Cook <keesc...@chromium.org> --- drivers/misc/lkdtm_usercopy.c | 13 + 1 file changed, 9 inse

[PATCH v4 00/36] Hardened usercopy whitelisting

v4: - refactor reporting to include offset and remove %p - explicitly WARN by default for the whitelisting - add KVM whitelists and harden ioctl handling v3: - added LKDTM update patch - downgrade BUGs to WARNs and fail closed - add Acks/Reviews from v2 v2: - added tracing of allocation and

[PATCH 04/36] usercopy: Prepare for usercopy whitelisting

oo Kim <iamjoonsoo@lge.com> Cc: Andrew Morton <a...@linux-foundation.org> Cc: linux...@kvack.org Cc: linux-...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- include/linux/slab.h | 27 +-- include/linux/slab_def.h | 3 +++

[PATCH 02/36] usercopy: Include offset in overflow report

This refactors the hardened usercopy reporting code so that the object offset can be included in the report. Having the offset can be much more helpful in understanding usercopy bugs. Signed-off-by: Kees Cook <keesc...@chromium.org> --- include/linux/slab.h| 11 +++-- include

[PATCH 15/36] orangefs: Define usercopy region in orangefs_inode_cache slab cache

..@omnibond.com> Signed-off-by: Kees Cook <keesc...@chromium.org> --- fs/orangefs/super.c | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c index 36f1390b5ed7..62d49e53061c 100644 --- a/fs/orangefs/super.c +++ b/fs

[PATCH 31/38] fork: Provide usercopy whitelisting for task_struct

n.org> Cc: Nicholas Piggin <npig...@gmail.com> Cc: Laura Abbott <labb...@redhat.com> Cc: "Mickaël Salaün" <m...@digikod.net> Cc: Ingo Molnar <mi...@kernel.org> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Andy Lutomirski <l...@kernel.org> Signed-o

[PATCH 32/38] x86: Implement thread_struct whitelist for hardened usercopy

l.org Cc: Borislav Petkov <b...@suse.de> Cc: Andy Lutomirski <l...@kernel.org> Cc: Mathias Krause <mini...@googlemail.com> Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Rik van Riel <r...@redhat.com> --- arch/x86/Kconfig | 1 + arch/x86/include/a

[PATCH 14/38] ext2: Define usercopy region in ext2_inode_cache slab cache

gned-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Jan Kara <j...@suse.com> Cc: linux-e...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Jan Kara <j...@suse.cz> --- fs/ext2/super.c | 12 ++

[PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache

code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: "Theodore Ts'o" <ty...@mit.edu> Cc: Andreas Dilger <adilger.ker...@dilger.ca> Cc: linux-e...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --

[PATCH 07/38] usercopy: WARN() on slab cache usercopy region violations

...@arm.com> Cc: linux...@kvack.org Cc: linux-...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- mm/slab.c | 22 +++--- mm/slab.h | 2 ++ mm/slub.c | 23 +++ mm/usercopy.c | 21 ++--- 4 files changed, 58

[PATCH 15/38] jfs: Define usercopy region in jfs_ip slab cache

[kees: adjust commit log, provide usage trace] Cc: Dave Kleikamp <sha...@kernel.org> Cc: jfs-discuss...@lists.sourceforge.net Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Dave Kleikamp <dave.kleik...@oracle.com> --- fs/jfs/super.c | 8 +--- 1 file changed, 5 inse

[PATCH 34/38] arm: Implement thread_struct whitelist for hardened usercopy

..@infradead.org> Cc: linux-arm-ker...@lists.infradead.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- arch/arm/Kconfig | 1 + arch/arm/include/asm/processor.h | 7 +++ 2 files changed, 8 insertions(+) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 51c8

[PATCH 17/38] exofs: Define usercopy region in exofs_inode_cache slab cache

anding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Boaz Harrosh <o...@electrozaur.com> Signed-off-by: Kees Cook &

[PATCH 01/38] usercopy: Remove pointer from overflow report

Using %p was already mostly useless in the usercopy overflow reports, so this removes it entirely to avoid confusion now that %p-hashing is enabled. Fixes: ad67b74d2469d9b8 ("printk: hash addresses printed with %p") Signed-off-by: Kees Cook <keesc...@chromium.org> --- m

[PATCH 25/38] caif: Define usercopy region in caif proto slab cache

urity/PaX code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: split from network patch, provide usage trace] Cc: "David S. Miller" <da...@davemloft.net> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- net/caif/caif_socket.c | 2 ++

[PATCH 26/38] sctp: Define usercopy region in SCTP proto slab cache

com> Cc: "David S. Miller" <da...@davemloft.net> Cc: linux-s...@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- include/net/sctp/structs.h | 9 +++-- net/sctp/socket.c | 8 2 files changed, 15 inser

[PATCH 20/38] vxfs: Define usercopy region in vxfs_inode slab cache

ty/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: David Windsor <d...@nullcore.net> [kees: adjust commit log, provide usage trace] Cc: Christoph Hellwig <h...@infradead.org> S

[PATCH 23/38] net: Define usercopy region in struct proto slab cache

s: add logic for by-default full-whitelist] Cc: "David S. Miller" <da...@davemloft.net> Cc: Eric Dumazet <eduma...@google.com> Cc: Paolo Abeni <pab...@redhat.com> Cc: David Howells <dhowe...@redhat.com> Cc: netdev@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chrom

[PATCH 33/38] arm64: Implement thread_struct whitelist for hardened usercopy

c: Ingo Molnar <mi...@kernel.org> Cc: James Morse <james.mo...@arm.com> Cc: "Peter Zijlstra (Intel)" <pet...@infradead.org> Cc: Dave Martin <dave.mar...@arm.com> Cc: zijun_hu <zijun...@htc.com> Cc: linux-arm-ker...@lists.infradead.org Signed-off-by:

[PATCH 35/38] kvm: whitelist struct kvm_vcpu_arch

ctures with usercopy hardening enabled. For now, allow writing to the entire struct on all architectures. The KVM tree will not refine this to an architecture-specific subset of struct kvm_vcpu_arch. Cc: kernel-harden...@lists.openwall.com Cc: Kees Cook <keesc...@chromium.org> Cc: Christian Borntraeg

[PATCH 06/38] usercopy: Prepare for usercopy whitelisting

Cc: Andrew Morton <a...@linux-foundation.org> Cc: linux...@kvack.org Cc: linux-...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> Acked-by: Christoph Lameter <c...@linux.com> --- include/linux/slab.h | 27 +-- include/linux/slab_def.h | 3 +

[PATCH 10/38] dcache: Define usercopy region in dentry_cache slab cache

Cc: Alexander Viro <v...@zeniv.linux.org.uk> Cc: linux-fsde...@vger.kernel.org Signed-off-by: Kees Cook <keesc...@chromium.org> --- fs/dcache.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 5c7df1df81ff..92ad7a2168e1 100644 --- a/fs/dcac

[PATCH v5 00/38] Hardened usercopy whitelisting

v5: - add Acks - split stddef changes into separate patch - further refactor reporting code for readability - adjust enforcement code for greater readability v4: - refactor reporting to include offset and remove %p - explicitly WARN by default for the whitelisting - add KVM whitelists and harden

[PATCH 02/38] usercopy: Enhance and rename report_usercopy()

available to the slab allocators, and adds new "detail" and "offset" arguments. Signed-off-by: Kees Cook <keesc...@chromium.org> --- mm/slab.h | 6 ++ mm/usercopy.c | 24 +++- tools/objtool/check.c | 1 + 3 files changed, 26

<    1   2   3   4   5   6   7   >