Date: Thu, 11 Jan 2018 15:21:09 -0800 From: Kees Cook <keescook@...omium.org> To: Russell King - ARM Linux <linux@...linux.org.uk> Cc: LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...nel.org>, Christian Borntraeger <borntraeger@...ibm.com>, "Peter Zijlstra (Intel)" <peterz@...radead.org>, linux-arm-kernel@...ts.infradead.org, Linus Torvalds <torvalds@...ux-foundation.org>, David Windsor <dave@...lcore.net>, Alexander Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, Andy Lutomirski <luto@...nel.org>, Christoph Hellwig <hch@...radead.org>, Christoph Lameter <cl@...ux.com>, "David S. Miller" <davem@...emloft.net>, Laura Abbott <labbott@...hat.com>, Mark Rutland <mark.rutland@....com>, "Martin K. Petersen" <martin.petersen@...cle.com>, Paolo Bonzini <pbonzini@...hat.com>, Christoffer Dall <christoffer.dall@...aro.org>, Dave Kleikamp <dave.kleikamp@...cle.com>, Jan Kara <jack@...e.cz>, Luis de Bethencourt <luisbg@...nel.org>, Marc Zyngier <marc.zyngier@....com>, Rik van Riel <riel@...hat.com>, Matthew Garrett <mjg59@...gle.com>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org>, Network Development <netdev@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH 34/38] arm: Implement thread_struct whitelist for hardened usercopy On Thu, Jan 11, 2018 at 2:24 AM, Russell King - ARM Linux <linux@...linux.org.uk> wrote: > On Wed, Jan 10, 2018 at 06:03:06PM -0800, Kees Cook wrote: >> ARM does not carry FPU state in the thread structure, so it can declare >> no usercopy whitelist at all. > > This comment seems to be misleading. We have stored FP state in the > thread structure for a long time - for example, VFP state is stored > in thread->vfpstate.hard, so we _do_ have floating point state in > the thread structure. > > What I think this commit message needs to describe is why we don't > need a whitelist _despite_ having FP state in the thread structure. > > At the moment, the commit message is making me think that this patch > is wrong and will introduce a regression. Yeah, I will improve this comment; it's not clear enough. The places where I see state copied to/from userspace are all either static sizes or already use bounce buffers (or both). e.g.: err |= __copy_from_user(&hwstate->fpregs, &ufp->fpregs, sizeof(hwstate->fpregs)); I will adjust the commit log and comment to more clearly describe the lack of whitelisting due to all-static sized copies. Thanks! -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.