Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935202AbdDFOZt (ORCPT ); Thu, 6 Apr 2017 10:25:49 -0400 Received: from mail-db5eur01on0134.outbound.protection.outlook.com ([104.47.2.134]:7100 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S935158AbdDFOZm (ORCPT ); Thu, 6 Apr 2017 10:25:42 -0400 Authentication-Results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=nokia.com; Subject: Re: [RFC][PATCH] mm: Tighten x86 /dev/mem with zeroing To: Kees Cook References: <20170406000059.GA136863@beast> CC: Linus Torvalds , Dave Jones , Linux-MM , LKML , Laura Abbott , Ingo Molnar , Josh Poimboeuf , Mark Rutland , Eric Biggers From: Tommi Rantala Message-ID: <2c43b55e-db82-d67f-10d5-aed84cda58e0@nokia.com> Date: Thu, 6 Apr 2017 17:25:34 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170406000059.GA136863@beast> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [2001:14ba:1eff:6900::2] X-ClientProxiedBy: VI1P194CA0005.EURP194.PROD.OUTLOOK.COM (10.175.178.15) To DB6PR0701MB2357.eurprd07.prod.outlook.com (10.168.75.11) X-MS-Office365-Filtering-Correlation-Id: eac0b9d9-fd17-49c7-6ecb-08d47cf8cd3b X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(201703131423075)(201703031133081);SRVR:DB6PR0701MB2357; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2357;3:HPpTlkIqfQqDr+SxDu+lQbW7ECx50OwKPPglzRv1FIhENDbQvU2RlEJGp6pSSV0iPa0bZ8qWjotFT2mlps7oohjJWx4YcSlxUVhcun4fKRsPCxsd9wh3oSttNrQoee1D0fBOOFPtQj7oJDxxS2veAyVcdWv+i3dMO1D8jMnMl8uLeDM+UciwX/UFkalhDdHVwy4jJq432lgl9Tza6RPzj3mhOkCwZV4kqqiVVEfQiMt1rxsmrntG4reh2HQQdpglPk6/M+2UoOoDJ476fu4Ox26pW5ADSANwEh+QG2ceyuMmrKstyxIUD4a72JWwaD35QX1DP9Jj2ilg1DaTEKQi0hI2NumTx6va2+nq5j/2zAU=;25:oOo282emAjgjDdW0kk2EdQBfEbm5nEDB3zblEGO0mAWbGamHfFzweKGiIJ0DeCiaIj4kAH23dIwwZ3n9U/aNZuWwKbvs7qvMJfR2JgApjIvNtKjU6DsB4uOQRuSVMdMzLBChoIasvaVSItHvgTlJbMUSZ67SSCYBQ3ulhBk9up3bq3TqbL8HOhV+1VtBBOIMuFkVShcNWTFVgq3hAV+Oz35x5QJA5NjhQBDHkEIivaqayCbSzIG9s2jjr1t4ecxwJ9BF0fPmCWaz2TPaNX0lzSwEJoHo8ucfVO+zdnBHprDnIyK8MDbwwr1fRnHk6HoP2HEIpbPwk2xxjjEwin0htz4F52ngjNDpqHIwM/C/CvqIgknab+rg/QzSBRXYlhTn47jOH7XMFmNyfbAjlLVwMR7EJUJZTK/IF/UFZIapDPjE1XYP6K+ba7le1arOEkR7 X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2357;31:ARbOD/qoZMEvNTEGieDUtBQPKk74aR5S6lfVzyC7UV2APmi6VPYIqkrShjWlvfGi19jH1L94nc7se7mxA74ac1ulVCYvDlnC6RqzuQTyZ8JBs47+Vc0OZEHu/uXE4gk106hu2l1m9epG7bR1tjka2YdmmPjRd29qQzJQDZGbFdWA13HsMNhCAU+pFtqbBxTwFwoBwB2qaWQE93vYbfMJIYmwCW9MjMdIswtNA0+RzMRF0MLEW8nptoeXO7OwpzSssh2wJGmu6BINQtB1jeosrg==;20:a+CeSCCzESO/+6jU2bT1MQZG+qBotAFdxepTPGtBT5CgWUage9+Ld6FeGOBwysONjrpYGpugndhe8uz4qDAY/I++gv2vlspf4+KyGHAib52WBsCQkQtZ9ltCMFn8D/6wemcH9X4Cr8CdffOxYE7VK8zJRMaTc7/kF+7/kNfjZkPf4/wafrnn2Kj3/w2qFXixjSFNpn3uezGezFBZXC1zhMGlgXmK/mpqr4N58Ko/+3y3rR24WtjNxyyfMgu8hf9KFKY0QJd3LkL4x/0/bIOgo6mzzyv/ZFB4elJdHS9l8T4ecdBtiQveN9GXRLUbfGxcoerjdF1OeDUYNP0xOeicsnBGIHBNQZU2m3Wn4FsqW3UPLrq3dQllJgKQgtdDDXlDk1xQ3+2uRL2jSueydJrQrG7Ew6ntQp2nq5TMTz9XpfI6GhJuEepyaqioN7/tURSZ6zETYBTMI1BbgIZlVtOLgphqEBzvPuTcQReV6L2LR+mllqLM2xThXJskhL+cldLA X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(82608151540597); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(6072148);SRVR:DB6PR0701MB2357;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0701MB2357; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2357;4:6Tcd2yLy8gRnXTRvUbZZRP0di7OrYCB8af3tK+rGtgHKNwEMOfpx9wUUy/+7PHbSLUyEpSaSG3TZcaTOdMlxlflQv/XrYQt2GC69CoqCiMWmwOn9oIYXzK2E+BU/7JBiB7WuW0+l8+Y/HUp/NpPwPU63IAYdxaGnDmPhv+CGRbBG/HhNVO9rA2EQr7EoJR7ZrXw6G3FdWqSDBIMdO64m6SnhmJhG00NARzY7KyDyRpVWkHNvBp/Pm+HapAFCKzB7YuR8BF2J2sAJg2RRVNsRmppD+Vw0bMRqLEK0LOx1PzA6f5wH13c3dbkw3gdmO1tHlPDruyj7ltc8iGS8QW8LKmn+DTJKDY/6We5mAOX74Fi2sYTkdqXR05pyzXLRqHAA+7IdWAOgha+TmtDwPhVpiGe1nZadnSI78aJUEMd4rsTnzXBwEeCYsab6vJs9IUoa/on+BWVQwFpsVcKiBvDfPhIwaR32ilync2OgUpXdV+hP1ifPN1D1JMcVn0dM/TeXtaF2N46EYntjoh8hGYBgd8jjZSyhJQYzCJWH4u0HqaaTgP3Z9IfSanyp/vxdI4So6A+Q23bT+agMQ+9HJQPsmt7YLhVc3trsRTvk8vj4bHUHQ7qSySJkGps5UGMNCWAWis6cv4OQ0V1vILF8/jIBbULPVuWAkTN4X1B2TuyBG2zH6HNdfIB4lBV5/JiOGMQswd/9KWRQwVreN7MwTyM0Nr23ov+uRLPauqapQ7omOLZ8LC9swL9bK5X0ehNPl0p9/K0qxvAC2V7yc2hUqtF+vg== X-Forefront-PRVS: 02698DF457 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(39410400002)(39400400002)(39850400002)(39450400003)(39860400002)(39840400002)(24454002)(5660300001)(2906002)(50986999)(76176999)(54356999)(33646002)(31686004)(42186005)(81166006)(8676002)(53936002)(23746002)(47776003)(4001350100001)(6916009)(6246003)(54906002)(110136004)(38730400002)(65956001)(36756003)(65806001)(6486002)(6116002)(53546009)(25786009)(64126003)(230700001)(305945005)(7736002)(83506001)(229853002)(189998001)(6666003)(4326008)(2950100002)(86362001)(31696002)(7416002);DIR:OUT;SFP:1102;SCL:1;SRVR:DB6PR0701MB2357;H:[IPv6:2001:14ba:1eff:6900::2];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;DB6PR0701MB2357;23:L7Kr92BV5uO7Xl2ztniusRm6vvtIMZtU6C9?= =?Windows-1252?Q?cw0PXNFdQas3OoSAfUbXE1GW15jDeoU9uCcCUjT3/6lBz8YEVOLUOoX6?= =?Windows-1252?Q?8NktJ4hweCARBJb3TfFy2h/t7eOZ/otRVmfJbdQ+NHD2ag2BALCC/xY7?= =?Windows-1252?Q?iaXIA0EzU+eo7AIiS3Bz7KwJW+RZVwYVJj76QNOI1cPmd0A0si2kQ5l3?= =?Windows-1252?Q?pTXBkWhiOusP1BQX+lCqDesJJD6fss6ZzFM1cdiuQHJmu7KRzLUzFFYN?= =?Windows-1252?Q?hAeB8K98JDWGjW0Cu5cBQwwbEEJdcj3BLitftCj1R5CYFY7omBaJNO1d?= =?Windows-1252?Q?7A/Cyo3ngcMvGX5alv3koklPnt/s9QDee10Ef+YGCK3DuJDszk1zDZnE?= =?Windows-1252?Q?zDPXcBKwkDcoRZeRAfJHsQdgq27wOVaxQ1CignTZRJNXOWaLZKJFm506?= =?Windows-1252?Q?bJWA0mL54W2HiIeSZ7Jz1LyAgiPe/AQ52L+lNiGnUWRpI3I5ADA/pFmD?= =?Windows-1252?Q?XIuuQ95t94AYRRtUS94sj1+LFq0hMcN45xsfuwtAkQCPhyv9zrkLvuQ1?= =?Windows-1252?Q?D3HkTJG3voFQOp1xR3PfaqpGUty+IWJonZs+2EHRJbtr5QlWBpzBeT3b?= =?Windows-1252?Q?xSts6J3mWUV7/hE02hk0dbIlfgrMbHFRb0sSu4VhdriOJ3dltnDwEq7H?= =?Windows-1252?Q?NpB/o0gwFGKk12K1j7ZHxvBMZeVeHQRzx3mgzgPj9shXdeV6uwkzrcVF?= =?Windows-1252?Q?oVG3uYCB53Rqx3Q2OLYc6yaZopzkplZFTCwbj1ouFPPVQk5hecfbaMf/?= =?Windows-1252?Q?qMx4hyEw70+F1wRCYXKloOJ70mO0V6Fm3ZLCnzLPGFG9Y7kAom+K5Iwt?= =?Windows-1252?Q?7CILxkzKX3M4lG4G9Otos6pXT8c4/HOTyZH25blH5nD6Y0vlzrdmApPr?= =?Windows-1252?Q?vZ5e+lWSY31w93k1xfW5Il4raFpChyaZ0slWmNYPeZznLdftkLpWZwlS?= =?Windows-1252?Q?XehgR/3soRTP0z/dRyDdBcOBCl9PMtT2eRBhQp6lZUSf3UEDWkNuJKn1?= =?Windows-1252?Q?voWZE6zBmovhN6SY+t+fDwaXfqWDMDJ5sSAgCi3/Uh3MRyJGxkiovncn?= =?Windows-1252?Q?NAKG5iZ57GLHmM+8cdedvaWqmHP4y2mulWeR0ZNUhisr4sGpE8kVD/ZP?= =?Windows-1252?Q?cJXOBTolzhtMjiVWnBaZ5xHKbqAYLrxOsp+Jl1JaA3TllbcfCTegS+Qw?= =?Windows-1252?Q?ACDnNFmmT9jO4vNv0FSJdVTvKL4a4ZmUXGADcsrIvyZM/RZssQlESmDC?= =?Windows-1252?Q?7y985?= X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2357;6:FLeb7yas700uk1ZXvgh50orPlI4QNYS0+u0vRzI+qNKzkTOnz87UqlA7pGvHqr1Dhj2YMCCoU7sdicuLeV44AJEPK5loAGpkujurAtIXQnuK9/0y4XVzF0AQdJuX/7ff+RsZQs1rpDTINLmne1zoyO3X/5u0WfkW2M2qSkREZ91Dtuj5q3eXWvVnXI+6AP5e4eu1JETRtBocHoFm2FFbJsQA0R70Yd2lly16K0uMiRcncimNExdijt8s0yJ1GAptsfcrwtd1pcBlcXhuUpOCFD0gA5z1R/XuOfHB9IRIxYWaaSI8tE0iwikJl27pQNAG7ZjAAdR9ilOzCqP/rvzgayhVnKvp86/uoAVEk2zsQsWbeHtmx0E5Zcrg8ukJNRo67PaWywQqD24LcQXN4qdP7HlQlI6JG6s+s3ncgELo1JOXU6UBdB3dRsQF6Mt8jvwDobHZMsO5DMDA7SMwd9Lh4Mlf0pR7Uy9BdfPnBlBMgkc=;5:48A/uPIupLZxodXTpH7n31TI34VrbVv2+UHuxeIj3nfkZdX4mdpa3d0rbKVfemnVBTxVNAJuCvivfnv8cTGVggLbti6KPqdCaDAqyZcOUtDZAvz3IFsPPWaYOvL8Q58NmNn9+rMT2a684IpdBepNO9/rSAsD8wcve9AcPt1Ud+w=;24:Dy69dEkth8i0OoW63kRAH1T7yG6L/WjtyDRYKHe6Cs9IXvVD9zHfqo7VQUYJHcHoKo/1sT2H9DRNpKxmEE4VR6HDGlKML1YOw1HsGTrY2gA= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2357;7:gR7SAaq069tawl3oN9NMRlcBWHVv4bR8PP8H0W8LZojPVaTFEMZ78oH46LhTgshtQfYtLSiTxXqjU8ISFFNoUkIQtuqznuI6+mI6rGadv0gksMDIBUV2g5Nbcqow2Z5cqZZ67fRHlR8UuWLxq/9G494dV+2O0r76+F93lWi1H/xm4HiMtA5XPm0soZ73w6S+rRngqYije4L22gjiPK08VeTm0OuAsLE+ma8yJjwk0LOsbxCQ8FRARUvVdkCRXp/Rk0m/K0SSLWv/cbQ1+MLMz4Wa5/UXyFvH8G4+S59bQ5NlrWJmEo8C2Bs4cs9jHo8I22W7oRzub3A0kD6ItbIPnQ== X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Apr 2017 14:25:38.0581 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2357 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2402 Lines: 66 On 06.04.2017 03:00, Kees Cook wrote: > This changes the x86 exception for the low 1MB by reading back zeros for > RAM areas instead of blindly allowing them. (It may be possible for heap > to end up getting allocated in low 1MB RAM, and then read out, possibly > tripping hardened usercopy.) > > Unfinished: this still needs mmap support. > > Reported-by: Tommi Rantala > Signed-off-by: Kees Cook > --- > Tommi, can you check and see if this fixes what you're seeing? I want to > make sure this actually works first. (x86info uses seek/read not mmap.) Hi, I can confirm that it works (after adding CONFIG_STRICT_DEVMEM), no more kernel bugs when running x86info. open("/dev/mem", O_RDONLY) = 3 lseek(3, 1038, SEEK_SET) = 1038 read(3, "\300\235", 2) = 2 lseek(3, 646144, SEEK_SET) = 646144 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1024) = 1024 lseek(3, 1043, SEEK_SET) = 1043 read(3, "w\2", 2) = 2 lseek(3, 645120, SEEK_SET) = 645120 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1024) = 1024 lseek(3, 654336, SEEK_SET) = 654336 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1024) = 1024 lseek(3, 983040, SEEK_SET) = 983040 read(3, "IFE$\245S\0\0\1\0\0\0\0\360y\0\0\360\220\260\30\237{=\23\10\17\0000\276\17\0"..., 65536) = 65536 lseek(3, 917504, SEEK_SET) = 917504 read(3, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"..., 65536) = 65536 lseek(3, 524288, SEEK_SET) = 524288 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 65536) = 65536 lseek(3, 589824, SEEK_SET) = 589824 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 65536) = 65536 dd works too: # LANG=C dd if=/dev/mem of=/dev/null bs=4096 count=256 256+0 records in 256+0 records out 1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.0874073 s, 12.0 MB/s > --- > > arch/x86/mm/init.c | 41 +++++++++++++++++++-------- > drivers/char/mem.c | 82 ++++++++++++++++++++++++++++++++++-------------------- > 2 files changed, 82 insertions(+), 41 deletions(-)