Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751219AbdH3SzH (ORCPT <rfc822;w@1wt.eu>);
        Wed, 30 Aug 2017 14:55:07 -0400
Received: from mx1.redhat.com ([209.132.183.28]:37280 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750756AbdH3SzG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 30 Aug 2017 14:55:06 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 06A3981DFE
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=riel@redhat.com
Message-ID: <1504119302.26846.77.camel@redhat.com>
Subject: Re: [kernel-hardening] [PATCH v2 26/30] fork: Provide usercopy
 whitelisting for task_struct
From: Rik van Riel <riel@redhat.com>
To: Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
        Nicholas Piggin <npiggin@gmail.com>, Laura Abbott <labbott@redhat.com>,
        =?ISO-8859-1?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>,
        Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>,
        Andy Lutomirski <luto@kernel.org>, linux-mm@kvack.org,
        kernel-hardening@lists.openwall.com, David Windsor <dave@nullcore.net>
Date: Wed, 30 Aug 2017 14:55:02 -0400
In-Reply-To: <1503956111-36652-27-git-send-email-keescook@chromium.org>
References: <1503956111-36652-1-git-send-email-keescook@chromium.org>
         <1503956111-36652-27-git-send-email-keescook@chromium.org>
Content-Type: multipart/signed; micalg="pgp-sha256";
        protocol="application/pgp-signature"; boundary="=-gDrkBpl1tnRDV5mbeNIO"
Mime-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 30 Aug 2017 18:55:06 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1311
Lines: 39


--=-gDrkBpl1tnRDV5mbeNIO
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, 2017-08-28 at 14:35 -0700, Kees Cook wrote:
> While the blocked and saved_sigmask fields of task_struct are copied
> to
> userspace (via sigmask_to_save() and setup_rt_frame()), it is always
> copied with a static length (i.e. sizeof(sigset_t)).
>=20
> The only portion of task_struct that is potentially dynamically sized
> and
> may be copied to userspace is in the architecture-specific
> thread_struct
> at the end of task_struct.
>=20
Acked-by: Rik van Riel <riel@redhat.com>

--=20
All rights reversed
--=-gDrkBpl1tnRDV5mbeNIO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJZpwoGAAoJEM553pKExN6DkMUH/jqMAHuDXRsICKlav1+hX4Na
v5WTBKlFUC6rzz+SSInr4t67RfGP6c8EhcaZdwpi4A/xyqL9ZAMzaEMK9uVGNZoN
93qbNj3QtYdmu9xJF5JmfLr3+TRuK7HEkAcpCF0Um4yCpH79XsWtc2sbfFbK0+HC
V5rRv2sCM4OWiR9czzDNYiE82c+F5gdAgTnF4lEnrkKvmqKMVT+T36XvK6F1qoa+
ExAhSVC8iyXnIowea+zBa5Rw5JxGFy/TclpSxsBEj4V4/Mv1X58V0eLgjP/kVSVg
Tcp4JnLHholSfSklqWMkgyq3Do+lPIlorAQqos8OFvwyuYNdg6JYEiTgUED/pUY=
=9/Pr
-----END PGP SIGNATURE-----

--=-gDrkBpl1tnRDV5mbeNIO--