Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/816507/?format=api
{ "id": 816507, "url": "http://patchwork.ozlabs.org/api/patches/816507/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/1505940337-79069-24-git-send-email-keescook@chromium.org/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1505940337-79069-24-git-send-email-keescook@chromium.org>", "list_archive_url": null, "date": "2017-09-20T20:45:29", "name": "[v3,23/31] net: Restrict unwhitelisted proto caches to size 0", "commit_ref": null, "pull_url": null, "state": "not-applicable", "archived": true, "hash": "8d430d52eea8d1f928b8cb1263b60e94ac1759a6", "submitter": { "id": 10641, "url": "http://patchwork.ozlabs.org/api/people/10641/?format=api", "name": "Kees Cook", "email": "keescook@chromium.org" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/1505940337-79069-24-git-send-email-keescook@chromium.org/mbox/", "series": [ { "id": 4231, "url": "http://patchwork.ozlabs.org/api/series/4231/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=4231", "date": "2017-09-20T20:45:22", "name": "Hardened usercopy whitelisting", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/4231/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/816507/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/816507/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming@ozlabs.org", "Delivered-To": "patchwork-incoming@ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=chromium.org header.i=@chromium.org\n\theader.b=\"TjPAkcI9\"; dkim-atps=neutral" ], "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xyBt43Xs7z9sBZ\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu, 21 Sep 2017 06:58:36 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752152AbdITU6e (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tWed, 20 Sep 2017 16:58:34 -0400", "from mail-pf0-f181.google.com ([209.85.192.181]:47106 \"EHLO\n\tmail-pf0-f181.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751899AbdITUwz (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Wed, 20 Sep 2017 16:52:55 -0400", "by mail-pf0-f181.google.com with SMTP id u12so2125795pfl.4\n\tfor <netdev@vger.kernel.org>; Wed, 20 Sep 2017 13:52:55 -0700 (PDT)", "from www.outflux.net\n\t(173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])\n\tby smtp.gmail.com with ESMTPSA id\n\tk73sm10155520pfg.81.2017.09.20.13.52.49\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tWed, 20 Sep 2017 13:52:52 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=chromium.org; s=google;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=0if4rIX91fPAV47WTytS8OAYSiAMbCu59dqyWRrIuW4=;\n\tb=TjPAkcI9cQKl5tPgfo1hQKHpqOgbGmVHBhQaZoi9kSpFr5XbwBmF3Uuf2/qgzwRtyE\n\tG2xJSeU/cDB+R3QL6aLCVSlj7H+RSkH+AvLrKgBU0/uA604n08IV4O50H/DuMnI8Y4Pi\n\tKG46uF3JSGoY6D+jlM3pzWl55N04xLfmrJ2Uk=", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=0if4rIX91fPAV47WTytS8OAYSiAMbCu59dqyWRrIuW4=;\n\tb=RKf+2yZp4a+NADDymPf5it5tM+YRDUFSByGcoT0x2zVvS1ZHGvNuiZhuHrAUEDEHnD\n\tOrtlJo6KmPMDgCISy9SbITOpxMoFiMSE/T5695tQ+B3MvEvd1am0t8F84Ghlzvhe1mRk\n\tp14sv2G9K2NBV9eMLKREPL6O1UkzFR3g0GIzxIILK1/iVAan+zKRnyboiUtAAoP/PP2r\n\tBwms81/UYMONme3EnVPkMA8/qBzlzOOT1c1WU2dmcdwSGnX0RZDsUoOrnl0DDtBcs4QO\n\t0sIFqF+0ijFUgVmgr3ARObhqzi8eJ594HFLKhrOsuI+kMPybA/avUbxyb4lAUsvBu4pz\n\tggSQ==", "X-Gm-Message-State": "AHPjjUid2Jdeboyi4QCBYxkWye/jRt5iLbkpEM0/AALfAQ7YVX9NYYl/\n\tl2p/P5zzMraBSjG8nDphyYeilw==", "X-Google-Smtp-Source": "AOwi7QAy2TPs1t5bsaVFeBGA3zd58nnNtaLFJO4ERRmbQYy8HZxMGz9WmElEMVTMA1L2Vdm4ey55Vg==", "X-Received": "by 10.98.134.194 with SMTP id x185mr3429318pfd.8.1505940774858; \n\tWed, 20 Sep 2017 13:52:54 -0700 (PDT)", "From": "Kees Cook <keescook@chromium.org>", "To": "linux-kernel@vger.kernel.org", "Cc": "Kees Cook <keescook@chromium.org>,\n\t\"David S. Miller\" <davem@davemloft.net>,\n\tEric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>,\n\tDavid Howells <dhowells@redhat.com>, netdev@vger.kernel.org,\n\tlinux-fsdevel@vger.kernel.org, linux-mm@kvack.org,\n\tkernel-hardening@lists.openwall.com, David Windsor <dave@nullcore.net>", "Subject": "[PATCH v3 23/31] net: Restrict unwhitelisted proto caches to size 0", "Date": "Wed, 20 Sep 2017 13:45:29 -0700", "Message-Id": "<1505940337-79069-24-git-send-email-keescook@chromium.org>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1505940337-79069-1-git-send-email-keescook@chromium.org>", "References": "<1505940337-79069-1-git-send-email-keescook@chromium.org>", "Sender": "netdev-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "Now that protocols have been annotated (the copy of icsk_ca_ops->name\nis of an ops field from outside the slab cache):\n\n$ git grep 'copy_.*_user.*sk.*->'\ncaif/caif_socket.c: copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) {\nipv4/raw.c: if (copy_from_user(&raw_sk(sk)->filter, optval, optlen))\nipv4/raw.c: copy_to_user(optval, &raw_sk(sk)->filter, len))\nipv4/tcp.c: if (copy_to_user(optval, icsk->icsk_ca_ops->name, len))\nipv4/tcp.c: if (copy_to_user(optval, icsk->icsk_ulp_ops->name, len))\nipv6/raw.c: if (copy_from_user(&raw6_sk(sk)->filter, optval, optlen))\nipv6/raw.c: if (copy_to_user(optval, &raw6_sk(sk)->filter, len))\nsctp/socket.c: if (copy_from_user(&sctp_sk(sk)->subscribe, optval, optlen))\nsctp/socket.c: if (copy_to_user(optval, &sctp_sk(sk)->subscribe, len))\nsctp/socket.c: if (copy_to_user(optval, &sctp_sk(sk)->initmsg, len))\n\nwe can switch the default proto usercopy region to size 0. Any protocols\nneeding to add whitelisted regions must annotate the fields with the\nuseroffset and usersize fields of struct proto.\n\nThis patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY\nwhitelisting code in the last public patch of grsecurity/PaX based on my\nunderstanding of the code. Changes or omissions from the original code are\nmine and don't reflect the original grsecurity/PaX code.\n\nCc: \"David S. Miller\" <davem@davemloft.net>\nCc: Eric Dumazet <edumazet@google.com>\nCc: Paolo Abeni <pabeni@redhat.com>\nCc: David Howells <dhowells@redhat.com>\nCc: netdev@vger.kernel.org\nSigned-off-by: Kees Cook <keescook@chromium.org>\n---\n net/core/sock.c | 4 +---\n 1 file changed, 1 insertion(+), 3 deletions(-)", "diff": "diff --git a/net/core/sock.c b/net/core/sock.c\nindex 832dfb03102e..84cd0b362a02 100644\n--- a/net/core/sock.c\n+++ b/net/core/sock.c\n@@ -3168,9 +3168,7 @@ int proto_register(struct proto *prot, int alloc_slab)\n \t\tprot->slab = kmem_cache_create_usercopy(prot->name,\n \t\t\t\t\tprot->obj_size, 0,\n \t\t\t\t\tSLAB_HWCACHE_ALIGN | prot->slab_flags,\n-\t\t\t\t\tprot->usersize ? prot->useroffset : 0,\n-\t\t\t\t\tprot->usersize ? prot->usersize\n-\t\t\t\t\t\t : prot->obj_size,\n+\t\t\t\t\tprot->useroffset, prot->usersize,\n \t\t\t\t\tNULL);\n \n \t\tif (prot->slab == NULL) {\n", "prefixes": [ "v3", "23/31" ] }