[{"id":1772615,"web_url":"http://patchwork.ozlabs.org/comment/1772615/","msgid":"<89dd1d4e-9486-51a2-3500-ac85f947b145@kernel.org>","list_archive_url":null,"date":"2017-09-21T09:34:55","subject":"Re: [PATCH v3 10/31] befs: Define usercopy region in\n\tbefs_inode_cache slab cache","submitter":{"id":72407,"url":"http://patchwork.ozlabs.org/api/people/72407/","name":"Luis de Bethencourt","email":"luisbg@kernel.org"},"content":"On 09/20/2017 09:45 PM, Kees Cook wrote:\n> From: David Windsor <dave@nullcore.net>\n> \n> befs symlink pathnames, stored in struct befs_inode_info.i_data.symlink\n> and therefore contained in the befs_inode_cache slab cache, need to be\n> copied to/from userspace.\n> \n> cache object allocation:\n>      fs/befs/linuxvfs.c:\n>          befs_alloc_inode(...):\n>              ...\n>              bi = kmem_cache_alloc(befs_inode_cachep, GFP_KERNEL);\n>              ...\n>              return &bi->vfs_inode;\n> \n>          befs_iget(...):\n>              ...\n>              strlcpy(befs_ino->i_data.symlink, raw_inode->data.symlink,\n>                      BEFS_SYMLINK_LEN);\n>              ...\n>              inode->i_link = befs_ino->i_data.symlink;\n> \n> example usage trace:\n>      readlink_copy+0x43/0x70\n>      vfs_readlink+0x62/0x110\n>      SyS_readlinkat+0x100/0x130\n> \n>      fs/namei.c:\n>          readlink_copy(..., link):\n>              ...\n>              copy_to_user(..., link, len);\n> \n>          (inlined in vfs_readlink)\n>          generic_readlink(dentry, ...):\n>              struct inode *inode = d_inode(dentry);\n>              const char *link = inode->i_link;\n>              ...\n>              readlink_copy(..., link);\n> \n> In support of usercopy hardening, this patch defines a region in the\n> befs_inode_cache slab cache in which userspace copy operations are\n> allowed.\n> \n> This region is known as the slab cache's usercopy region. Slab caches can\n> now check that each copy operation involving cache-managed memory falls\n> entirely within the slab's usercopy region.\n> \n> This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY\n> whitelisting code in the last public patch of grsecurity/PaX based on my\n> understanding of the code. Changes or omissions from the original code are\n> mine and don't reflect the original grsecurity/PaX code.\n> \n> Signed-off-by: David Windsor <dave@nullcore.net>\n> [kees: adjust commit log, provide usage trace]\n> Cc: Luis de Bethencourt <luisbg@kernel.org>\n> Cc: Salah Triki <salah.triki@gmail.com>\n> Signed-off-by: Kees Cook <keescook@chromium.org>\n> Acked-by: Luis de Bethencourt <luisbg@kernel.org>\n> ---\n>   fs/befs/linuxvfs.c | 14 +++++++++-----\n>   1 file changed, 9 insertions(+), 5 deletions(-)\n> \n> diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c\n> index a92355cc453b..e5dcd26003dc 100644\n> --- a/fs/befs/linuxvfs.c\n> +++ b/fs/befs/linuxvfs.c\n> @@ -444,11 +444,15 @@ static struct inode *befs_iget(struct super_block *sb, unsigned long ino)\n>   static int __init\n>   befs_init_inodecache(void)\n>   {\n> -\tbefs_inode_cachep = kmem_cache_create(\"befs_inode_cache\",\n> -\t\t\t\t\t      sizeof (struct befs_inode_info),\n> -\t\t\t\t\t      0, (SLAB_RECLAIM_ACCOUNT|\n> -\t\t\t\t\t\tSLAB_MEM_SPREAD|SLAB_ACCOUNT),\n> -\t\t\t\t\t      init_once);\n> +\tbefs_inode_cachep = kmem_cache_create_usercopy(\"befs_inode_cache\",\n> +\t\t\t\tsizeof(struct befs_inode_info), 0,\n> +\t\t\t\t(SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD|\n> +\t\t\t\t\tSLAB_ACCOUNT),\n> +\t\t\t\toffsetof(struct befs_inode_info,\n> +\t\t\t\t\ti_data.symlink),\n> +\t\t\t\tsizeof_field(struct befs_inode_info,\n> +\t\t\t\t\ti_data.symlink),\n> +\t\t\t\tinit_once);\n>   \tif (befs_inode_cachep == NULL)\n>   \t\treturn -ENOMEM;\n>   \n> \n\nNo changes in the befs patch in v3. It goes without saying I continue to \nAck this.\n\nThanks Kees and David,\nLuis","headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=messagingengine.com\n\theader.i=@messagingengine.com header.b=\"Lj0ByVgI\"; \n\tdkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xyWg256YYz9t43\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu, 21 Sep 2017 19:35:10 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751593AbdIUJe7 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tThu, 21 Sep 2017 05:34:59 -0400","from out1-smtp.messagingengine.com ([66.111.4.25]:59753 \"EHLO\n\tout1-smtp.messagingengine.com\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1750912AbdIUJe6 (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Thu, 21 Sep 2017 05:34:58 -0400","from compute4.internal (compute4.nyi.internal [10.202.2.44])\n\tby mailout.nyi.internal (Postfix) with ESMTP id 4113920C80;\n\tThu, 21 Sep 2017 05:34:57 -0400 (EDT)","from frontend1 ([10.202.2.160])\n\tby compute4.internal (MEProxy); Thu, 21 Sep 2017 05:34:57 -0400","from [10.68.155.25] (54-240-197-224.amazon.com [54.240.197.224])\n\tby mail.messagingengine.com (Postfix) with ESMTPA id 244937E6D9;\n\tThu, 21 Sep 2017 05:34:56 -0400 (EDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=\n\tmessagingengine.com; h=cc:content-transfer-encoding:content-type\n\t:date:from:in-reply-to:message-id:mime-version:references\n\t:subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=\n\tfm1; bh=Mwcu+oo9ceGXWdSI2SLjasr49Tc/v+L++j19vuahZEQ=; b=Lj0ByVgI\n\tfw7JCez0JA5IqiyDWSDRLJhzlDJUT5jpk9LynbNtXYYQO2y5PEhBjhOHDBe6x8cd\n\tjv+OeqRSpsE4s0ZHtJUetvXsWz9EYLn19t1h1iRVGONAsxwk+d+mqOdVIXSbiORZ\n\tnZ5PVDxHxtlA4/Mc7QvEaLiwZutyfniHDrOayF2VjamPLu7ZvCmrUj7hzXlSDR/w\n\tNAELdXPUo/p7ffVJRaV2b7SCb/UhZvxLUvteBxbQ5zC+bXzKFiiEaFBxxb0dr/7/\n\tCu1zKKz+vTap4/xNtBlmzknb2XhxetSKXXQzOtqk5pWnQ2d4A2yNZBTa/U0uavzh\n\tSvoTpgO/QC8CCw==","X-ME-Sender":"<xms:wYfDWZl25ibWSMx6GJs0JROgGiyBPCKW8cVgXXgfBOKRIU8mxRJK-A>","X-Sasl-enc":"SC7qrTVXUxywOuZmaR37a4OBXwycyIg2temmhkDKqtPA 1505986496","Subject":"Re: [PATCH v3 10/31] befs: Define usercopy region in\n\tbefs_inode_cache slab cache","To":"Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org","Cc":"David Windsor <dave@nullcore.net>, Salah Triki <salah.triki@gmail.com>,\n\tlinux-fsdevel@vger.kernel.org, netdev@vger.kernel.org,\n\tlinux-mm@kvack.org, kernel-hardening@lists.openwall.com","References":"<1505940337-79069-1-git-send-email-keescook@chromium.org>\n\t<1505940337-79069-11-git-send-email-keescook@chromium.org>","From":"Luis de Bethencourt <luisbg@kernel.org>","Message-ID":"<89dd1d4e-9486-51a2-3500-ac85f947b145@kernel.org>","Date":"Thu, 21 Sep 2017 10:34:55 +0100","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<1505940337-79069-11-git-send-email-keescook@chromium.org>","Content-Type":"text/plain; charset=utf-8; format=flowed","Content-Language":"en-US","Content-Transfer-Encoding":"7bit","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"}}]