Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751691AbcCHUsv (ORCPT ); Tue, 8 Mar 2016 15:48:51 -0500 Received: from mailhub.eng.utah.edu ([155.98.110.27]:28670 "EHLO mailhub.eng.utah.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751533AbcCHUsi (ORCPT ); Tue, 8 Mar 2016 15:48:38 -0500 From: Scott Bauer To: sbauer@eng.utah.edu, linux-kernel@vger.kernel.org Cc: kernel-hardening@lists.openwall.com, x86@kernel.org, wmealing@redhat.com, ak@linux.intel.com, luto@amacapital.net, Abhiram Balasubramanian Subject: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection. Date: Tue, 8 Mar 2016 13:47:55 -0700 Message-Id: <1457470075-4586-3-git-send-email-sbauer@eng.utah.edu> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1457470075-4586-1-git-send-email-sbauer@eng.utah.edu> References: <1457470075-4586-1-git-send-email-sbauer@eng.utah.edu> X-UCE-Score: -1.9 (-) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2327 Lines: 86 This patch adds a sysctl argument to disable SROP protection. Cc: Abhiram Balasubramanian Signed-off-by: Scott Bauer --- include/linux/signal.h | 2 ++ kernel/signal.c | 12 ++++++++++-- kernel/sysctl.c | 8 ++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/include/linux/signal.h b/include/linux/signal.h index fae0618..7e580d9 100644 --- a/include/linux/signal.h +++ b/include/linux/signal.h @@ -9,6 +9,8 @@ struct task_struct; /* for sysctl */ extern int print_fatal_signals; +extern int srop_disabled; + /* * Real Time signals may be queued. */ diff --git a/kernel/signal.c b/kernel/signal.c index 00e4a16..dec4e20 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -52,6 +52,7 @@ static struct kmem_cache *sigqueue_cachep; int print_fatal_signals __read_mostly; +int srop_disabled __read_mostly; static void __user *sig_handler(struct task_struct *t, int sig) { @@ -2452,6 +2453,9 @@ int verify_clear_sigcookie(unsigned long __user *sig_cookie_ptr) unsigned long user_cookie; unsigned long calculated_cookie; + if (srop_disabled) + goto out; + if (get_user(user_cookie, sig_cookie_ptr)) return 1; @@ -2459,13 +2463,17 @@ int verify_clear_sigcookie(unsigned long __user *sig_cookie_ptr) if (user_cookie != calculated_cookie) { pr_warn("Signal protector does not match what kernel set it to"\ - ". Possible exploit attempt or buggy program!\n"); + ". Possible exploit attempt or buggy program!\n If you"\ + " believe this is an error you can disable SROP "\ + " Protection by #echo 1 > /proc/sys/kernel/"\ + "disable-srop-protection\n"); return 1; } +out: user_cookie = 0; - return put_user(user_cookie, sig_cookie_ptr) + return put_user(user_cookie, sig_cookie_ptr); } EXPORT_SYMBOL(verify_clear_sigcookie); diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 97715fd..6c95172 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -524,6 +524,14 @@ static struct ctl_table kern_table[] = { .mode = 0644, .proc_handler = proc_dointvec, }, + { + .procname = "disable-srop-protection", + .data = &srop_disabled, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + + }, #ifdef CONFIG_SPARC { .procname = "reboot-cmd", -- 1.9.1