{"id":816511,"url":"http://patchwork.ozlabs.org/api/patches/816511/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1505940337-79069-29-git-send-email-keescook@chromium.org/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1505940337-79069-29-git-send-email-keescook@chromium.org>","list_archive_url":null,"date":"2017-09-20T20:45:34","name":"[v3,28/31] arm64: Implement thread_struct whitelist for hardened usercopy","commit_ref":null,"pull_url":null,"state":"not-applicable","archived":true,"hash":"4e3d7d2fb992538051fbabcfb1bfe25c4c2129d0","submitter":{"id":10641,"url":"http://patchwork.ozlabs.org/api/people/10641/?format=json","name":"Kees Cook","email":"keescook@chromium.org"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1505940337-79069-29-git-send-email-keescook@chromium.org/mbox/","series":[{"id":4231,"url":"http://patchwork.ozlabs.org/api/series/4231/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=4231","date":"2017-09-20T20:45:22","name":"Hardened usercopy whitelisting","version":3,"mbox":"http://patchwork.ozlabs.org/series/4231/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/816511/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/816511/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=chromium.org header.i=@chromium.org\n\theader.b=\"VKhOr/8e\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xyBvH5kFmz9s8J\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu, 21 Sep 2017 06:59:39 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752059AbdITUwv (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tWed, 20 Sep 2017 16:52:51 -0400","from mail-pf0-f172.google.com ([209.85.192.172]:54166 \"EHLO\n\tmail-pf0-f172.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751867AbdITUws (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Wed, 20 Sep 2017 16:52:48 -0400","by mail-pf0-f172.google.com with SMTP id x78so2110637pff.10\n\tfor <netdev@vger.kernel.org>; Wed, 20 Sep 2017 13:52:47 -0700 (PDT)","from www.outflux.net\n\t(173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])\n\tby smtp.gmail.com with ESMTPSA id\n\td124sm8414572pfc.42.2017.09.20.13.52.45\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tWed, 20 Sep 2017 13:52:46 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=chromium.org; s=google;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=TIO9yEqD/ACy+sSJTkZUlH9+FdVlt7R5A85gz6dLfIE=;\n\tb=VKhOr/8e+4p36fhU/rdNY9+gKLXidy/g4IRdL7VdVbEup7FB6SwDobbWjQ69F2nyqi\n\t1nKFW4G0xZ+UasY+a65B567S6oC5f06DmWhWQPKhytT0ta1oX9Tc/DE66ab1QIbgjlnP\n\teCuD1Qgb3LfoXIy8HRkTGjYZSb7KvyHbZO90E=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=TIO9yEqD/ACy+sSJTkZUlH9+FdVlt7R5A85gz6dLfIE=;\n\tb=jQPu6egeC2AAE+FTAzMnp1EWwsSobZg9MpNZJj2xk6UQujc7fK2mMG020TIOEXb5JY\n\tvy/Bok8DlLtFadMzrfiE6+DqpyyXqP3GKIHCvikg5wikKvxbN4U8+xprnlOesB/SMAdw\n\tpCqaJcZ4t6h6xlIaQTzgua8uS5vEfXCCwvtoWd2v56KfzzwGhkIw6mHGtHvOA4X4k/3d\n\tSdBt0cwP0d4wG719Vt+3dAcbms90vyoTVB696ghTnvJDDxyOwPSz/FFzZIwB5Vqr5G8I\n\t0WkwMyYJx9pIVYddg6wWAfHBESTByGYLmJvRsfBWuWoUkyKBgC9jG5T7UWnB00PxHcui\n\toOOg==","X-Gm-Message-State":"AHPjjUh4ly2jjEk9LkcXDi6ZBHA743SkED83sceyCTJy9bZrH92B/NNi\n\t3SJkjP57A7sndahNDN2+azdqZw==","X-Google-Smtp-Source":"AOwi7QB/HEyBIJSiSs2cFJxXLELjSpOxcBXaP2aEHVK2B2TTBd+YM3iOeKcwz8uMGg8jQLHF7Fp4MA==","X-Received":"by 10.99.105.130 with SMTP id e124mr3440485pgc.420.1505940767514;\n\tWed, 20 Sep 2017 13:52:47 -0700 (PDT)","From":"Kees Cook <keescook@chromium.org>","To":"linux-kernel@vger.kernel.org","Cc":"Kees Cook <keescook@chromium.org>,\n\tCatalin Marinas <catalin.marinas@arm.com>,\n\tWill Deacon <will.deacon@arm.com>,\n\tChristian Borntraeger <borntraeger@de.ibm.com>,\n\tIngo Molnar <mingo@kernel.org>, James Morse <james.morse@arm.com>,\n\t\"Peter Zijlstra (Intel)\" <peterz@infradead.org>,\n\tDave Martin <Dave.Martin@arm.com>, zijun_hu <zijun_hu@htc.com>,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinux-fsdevel@vger.kernel.org, netdev@vger.kernel.org,\n\tlinux-mm@kvack.org, kernel-hardening@lists.openwall.com,\n\tDavid Windsor <dave@nullcore.net>","Subject":"[PATCH v3 28/31] arm64: Implement thread_struct whitelist for\n\thardened usercopy","Date":"Wed, 20 Sep 2017 13:45:34 -0700","Message-Id":"<1505940337-79069-29-git-send-email-keescook@chromium.org>","X-Mailer":"git-send-email 2.7.4","In-Reply-To":"<1505940337-79069-1-git-send-email-keescook@chromium.org>","References":"<1505940337-79069-1-git-send-email-keescook@chromium.org>","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"This whitelists the FPU register state portion of the thread_struct for\ncopying to userspace, instead of the default entire structure.\n\nCc: Catalin Marinas <catalin.marinas@arm.com>\nCc: Will Deacon <will.deacon@arm.com>\nCc: Christian Borntraeger <borntraeger@de.ibm.com>\nCc: Ingo Molnar <mingo@kernel.org>\nCc: James Morse <james.morse@arm.com>\nCc: \"Peter Zijlstra (Intel)\" <peterz@infradead.org>\nCc: Dave Martin <Dave.Martin@arm.com>\nCc: zijun_hu <zijun_hu@htc.com>\nCc: linux-arm-kernel@lists.infradead.org\nSigned-off-by: Kees Cook <keescook@chromium.org>\n---\n arch/arm64/Kconfig                 | 1 +\n arch/arm64/include/asm/processor.h | 8 ++++++++\n 2 files changed, 9 insertions(+)","diff":"diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig\nindex 0df64a6a56d4..e190f9901aef 100644\n--- a/arch/arm64/Kconfig\n+++ b/arch/arm64/Kconfig\n@@ -73,6 +73,7 @@ config ARM64\n \tselect HAVE_ARCH_MMAP_RND_BITS\n \tselect HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT\n \tselect HAVE_ARCH_SECCOMP_FILTER\n+\tselect HAVE_ARCH_THREAD_STRUCT_WHITELIST\n \tselect HAVE_ARCH_TRACEHOOK\n \tselect HAVE_ARCH_TRANSPARENT_HUGEPAGE\n \tselect HAVE_ARCH_VMAP_STACK\ndiff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h\nindex 29adab8138c3..759c4d90ac7f 100644\n--- a/arch/arm64/include/asm/processor.h\n+++ b/arch/arm64/include/asm/processor.h\n@@ -90,6 +90,14 @@ struct thread_struct {\n \tstruct debug_info\tdebug;\t\t/* debugging */\n };\n \n+/* Whitelist the fpsimd_state for copying to userspace. */\n+static inline void arch_thread_struct_whitelist(unsigned long *offset,\n+\t\t\t\t\t\tunsigned long *size)\n+{\n+\t*offset = offsetof(struct thread_struct, fpsimd_state);\n+\t*size = sizeof(struct fpsimd_state);\n+}\n+\n #ifdef CONFIG_COMPAT\n #define task_user_tls(t)\t\t\t\t\t\t\\\n ({\t\t\t\t\t\t\t\t\t\\\n","prefixes":["v3","28/31"]}