Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/806793/?format=api
{ "id": 806793, "url": "http://patchwork.ozlabs.org/api/patches/806793/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/1503956111-36652-24-git-send-email-keescook@chromium.org/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1503956111-36652-24-git-send-email-keescook@chromium.org>", "list_archive_url": null, "date": "2017-08-28T21:35:04", "name": "[v2,23/30] net: Restrict unwhitelisted proto caches to size 0", "commit_ref": null, "pull_url": null, "state": "not-applicable", "archived": true, "hash": "8d430d52eea8d1f928b8cb1263b60e94ac1759a6", "submitter": { "id": 10641, "url": "http://patchwork.ozlabs.org/api/people/10641/?format=api", "name": "Kees Cook", "email": "keescook@chromium.org" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/1503956111-36652-24-git-send-email-keescook@chromium.org/mbox/", "series": [ { "id": 266, "url": "http://patchwork.ozlabs.org/api/series/266/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=266", "date": "2017-08-28T21:35:01", "name": null, "version": 2, "mbox": "http://patchwork.ozlabs.org/series/266/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/806793/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/806793/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming@ozlabs.org", "Delivered-To": "patchwork-incoming@ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=chromium.org header.i=@chromium.org\n\theader.b=\"QoCSHok2\"; dkim-atps=neutral" ], "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xh56923kfz9t5l\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 29 Aug 2017 07:50:09 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751656AbdH1VqG (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tMon, 28 Aug 2017 17:46:06 -0400", "from mail-pf0-f174.google.com ([209.85.192.174]:33818 \"EHLO\n\tmail-pf0-f174.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751346AbdH1Vnx (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Mon, 28 Aug 2017 17:43:53 -0400", "by mail-pf0-f174.google.com with SMTP id h75so4745832pfh.1\n\tfor <netdev@vger.kernel.org>; Mon, 28 Aug 2017 14:43:53 -0700 (PDT)", "from www.outflux.net\n\t(173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])\n\tby smtp.gmail.com with ESMTPSA id\n\t13sm1870938pfr.166.2017.08.28.14.43.50\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tMon, 28 Aug 2017 14:43:50 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=chromium.org; s=google;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=scumg3JNVPHGJjDUd4NSnoqqNmW0vz4ZMGIz5rytggc=;\n\tb=QoCSHok2j4GckM0NXIoA9bnT/MxXZPewyJrLUjrNbRWKyRaBTjPFPJEgyuMBCRGqE9\n\tX1zgEJDuKe6pQCEyB2F0n7CNwj4YshOjgbJTwKTgEtWwrsPlIqhp+6q5lMaTIM6sxhzG\n\tIyYGbr1GZ0UoP6CA1G+lS3JGQV3NDgO6dwOTI=", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=scumg3JNVPHGJjDUd4NSnoqqNmW0vz4ZMGIz5rytggc=;\n\tb=SToWHt/639QLG0lTAZwcVJotKEtAlxPb0/cl7zUk9NZSs3hMHkV+5fkJr/8LIRh9hj\n\tjLHxBfukwetFJfvOZRxZTCiQHm21gLcU03zDJyZK1FgI88L8MV4iCuxXPVwZj+88tlk4\n\tJhbsszleATHeA6HfuPwgZ9oDD8wvWu6CPPRDONEaNOdjGS67eonVp0/02uZ5NrhnhhUn\n\toU+pv+yA1Ctqv/XVcmsGFcS0FQvtmJUIXKoPQ2fFzGIXUwQvaL1dx1lLGbg4skyGPSlz\n\tQFZA0XDvjbuuw+XwiWfyZIMrCmZntr9hdlWhELf0ru+HdkN3+xoHvt0Ghsgyv6iQonmQ\n\t8FuQ==", "X-Gm-Message-State": "AHYfb5iJGyOQG6mSYQwXqC3JXXtyYxij+unXTDtQc7x+rxMcBKv1tLU0\n\tSgHpSkSBHK+o21zI", "X-Received": "by 10.99.113.84 with SMTP id b20mr1949069pgn.222.1503956633108; \n\tMon, 28 Aug 2017 14:43:53 -0700 (PDT)", "From": "Kees Cook <keescook@chromium.org>", "To": "linux-kernel@vger.kernel.org", "Cc": "Kees Cook <keescook@chromium.org>,\n\t\"David S. Miller\" <davem@davemloft.net>,\n\tEric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>,\n\tDavid Howells <dhowells@redhat.com>, netdev@vger.kernel.org,\n\tlinux-mm@kvack.org, kernel-hardening@lists.openwall.com,\n\tDavid Windsor <dave@nullcore.net>", "Subject": "[PATCH v2 23/30] net: Restrict unwhitelisted proto caches to size 0", "Date": "Mon, 28 Aug 2017 14:35:04 -0700", "Message-Id": "<1503956111-36652-24-git-send-email-keescook@chromium.org>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1503956111-36652-1-git-send-email-keescook@chromium.org>", "References": "<1503956111-36652-1-git-send-email-keescook@chromium.org>", "Sender": "netdev-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "Now that protocols have been annotated (the copy of icsk_ca_ops->name\nis of an ops field from outside the slab cache):\n\n$ git grep 'copy_.*_user.*sk.*->'\ncaif/caif_socket.c: copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) {\nipv4/raw.c: if (copy_from_user(&raw_sk(sk)->filter, optval, optlen))\nipv4/raw.c: copy_to_user(optval, &raw_sk(sk)->filter, len))\nipv4/tcp.c: if (copy_to_user(optval, icsk->icsk_ca_ops->name, len))\nipv4/tcp.c: if (copy_to_user(optval, icsk->icsk_ulp_ops->name, len))\nipv6/raw.c: if (copy_from_user(&raw6_sk(sk)->filter, optval, optlen))\nipv6/raw.c: if (copy_to_user(optval, &raw6_sk(sk)->filter, len))\nsctp/socket.c: if (copy_from_user(&sctp_sk(sk)->subscribe, optval, optlen))\nsctp/socket.c: if (copy_to_user(optval, &sctp_sk(sk)->subscribe, len))\nsctp/socket.c: if (copy_to_user(optval, &sctp_sk(sk)->initmsg, len))\n\nwe can switch the default proto usercopy region to size 0. Any protocols\nneeding to add whitelisted regions must annotate the fields with the\nuseroffset and usersize fields of struct proto.\n\nThis patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY\nwhitelisting code in the last public patch of grsecurity/PaX based on my\nunderstanding of the code. Changes or omissions from the original code are\nmine and don't reflect the original grsecurity/PaX code.\n\nCc: \"David S. Miller\" <davem@davemloft.net>\nCc: Eric Dumazet <edumazet@google.com>\nCc: Paolo Abeni <pabeni@redhat.com>\nCc: David Howells <dhowells@redhat.com>\nCc: netdev@vger.kernel.org\nSigned-off-by: Kees Cook <keescook@chromium.org>\n---\n net/core/sock.c | 4 +---\n 1 file changed, 1 insertion(+), 3 deletions(-)", "diff": "diff --git a/net/core/sock.c b/net/core/sock.c\nindex 02dab98ca3e3..c7d0afa1d0b1 100644\n--- a/net/core/sock.c\n+++ b/net/core/sock.c\n@@ -3112,9 +3112,7 @@ int proto_register(struct proto *prot, int alloc_slab)\n \t\tprot->slab = kmem_cache_create_usercopy(prot->name,\n \t\t\t\t\tprot->obj_size, 0,\n \t\t\t\t\tSLAB_HWCACHE_ALIGN | prot->slab_flags,\n-\t\t\t\t\tprot->usersize ? prot->useroffset : 0,\n-\t\t\t\t\tprot->usersize ? prot->usersize\n-\t\t\t\t\t\t : prot->obj_size,\n+\t\t\t\t\tprot->useroffset, prot->usersize,\n \t\t\t\t\tNULL);\n \n \t\tif (prot->slab == NULL) {\n", "prefixes": [ "v2", "23/30" ] }