Date: Tue, 9 May 2017 15:52:35 -0700 From: Andy Lutomirski <luto@...capital.net> To: Kees Cook <keescook@...omium.org> Cc: Christoph Hellwig <hch@...radead.org>, Andy Lutomirski <luto@...nel.org>, Mark Rutland <mark.rutland@....com>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, Greg KH <greg@...ah.com>, Heiko Carstens <heiko.carstens@...ibm.com>, LKML <linux-kernel@...r.kernel.org>, David Howells <dhowells@...hat.com>, Dave Hansen <dave.hansen@...el.com>, "H . Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...nel.org>, Pavel Tikhomirov <ptikhomirov@...tuozzo.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, linux-s390 <linux-s390@...r.kernel.org>, "the arch/x86 maintainers" <x86@...nel.org>, Russell King <linux@...linux.org.uk>, Will Deacon <will.deacon@....com>, Christian Borntraeger <borntraeger@...ibm.com>, René Nyffenegger <mail@...enyffenegger.ch>, Catalin Marinas <catalin.marinas@....com>, "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>, Rik van Riel <riel@...hat.com>, Arnd Bergmann <arnd@...db.de>, Brian Gerst <brgerst@...il.com>, Borislav Petkov <bp@...en8.de>, Josh Poimboeuf <jpoimboe@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, Linux API <linux-api@...r.kernel.org>, Oleg Nesterov <oleg@...hat.com>, James Morse <james.morse@....com>, "Eric W . Biederman" <ebiederm@...ssion.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, Paolo Bonzini <pbonzini@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Thomas Garnier <thgarnie@...gle.com>, "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com> Subject: Re: Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode On Tue, May 9, 2017 at 9:50 AM, Kees Cook <keescook@...omium.org> wrote: > On Tue, May 9, 2017 at 9:03 AM, Christoph Hellwig <hch@...radead.org> wrote: >> On Tue, May 09, 2017 at 06:02:50AM -0700, Christoph Hellwig wrote: >>> On Tue, May 09, 2017 at 06:00:01AM -0700, Andy Lutomirski wrote: >>> > fs/splice.c has some, ahem, interesting uses that have been the source >>> > of nasty exploits in the past. Converting them to use iov_iter >>> > properly would be really, really nice. Christoph, I don't suppose >>> > you'd like to do that? >>> >>> I can take care of all the fs code including this one. >> >> I spent the afternoon hacking up where I'd like this to head. It's >> completely untested as of now: >> >> http://git.infradead.org/users/hch/vfs.git/shortlog/refs/heads/setfs-elimination > > Ooooh yes! Nice work. > > I love this: > http://git.infradead.org/users/hch/vfs.git/commitdiff/51e83f50f824ca23f5584c172138e6b7c2ff786d > but I wonder what it'll cause out-of-tree code to do. I mean, I'd > rather nothing out-of-tree be calling these, but I'd hate 3rd party > hacks even more. > > http://git.infradead.org/users/hch/vfs.git/commitdiff/018e0e9030777121fe87e89d43066691e7366587 > This accidentally(?) removes the kernel-doc comments. > > http://git.infradead.org/users/hch/vfs.git/commitdiff/78b62c730254fc39fa888cdbdca08fde6e09a798 > Could this be made defensive? (Return 0 if ret wraps, for example?) I > see what the comment says, but not everyone will read that. :( > > http://git.infradead.org/users/hch/vfs.git/commitdiff/a106276ca0294be054bc89ce97219933fe543df1 > Perhaps unconditionally set USER_DS on exit instead of retaining > whatever was there? I don't like silent fixups. If we want to do this, we should BUG or at least WARN, not just change the addr limit. But I'm also not convinced it's indicative of an actual bug here. --Andy
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.