Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751514AbdH3Szz (ORCPT ); Wed, 30 Aug 2017 14:55:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:51678 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751284AbdH3Szx (ORCPT ); Wed, 30 Aug 2017 14:55:53 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 1BF49C058EA9 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=riel@redhat.com Message-ID: <1504119351.26846.79.camel@redhat.com> Subject: Re: [kernel-hardening] [PATCH v2 25/30] fork: Define usercopy region in thread_stack slab caches From: Rik van Riel To: Kees Cook , linux-kernel@vger.kernel.org Cc: David Windsor , Ingo Molnar , Andrew Morton , Thomas Gleixner , Andy Lutomirski , linux-mm@kvack.org, kernel-hardening@lists.openwall.com Date: Wed, 30 Aug 2017 14:55:51 -0400 In-Reply-To: <1503956111-36652-26-git-send-email-keescook@chromium.org> References: <1503956111-36652-1-git-send-email-keescook@chromium.org> <1503956111-36652-26-git-send-email-keescook@chromium.org> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-5yNfw2/9DwlhFVGK3aNK" Mime-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 30 Aug 2017 18:55:53 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1350 Lines: 39 --=-5yNfw2/9DwlhFVGK3aNK Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2017-08-28 at 14:35 -0700, Kees Cook wrote: > From: David Windsor >=20 > In support of usercopy hardening, this patch defines a region in the > thread_stack slab caches in which userspace copy operations are > allowed. > Since the entire thread_stack needs to be available to userspace, the > entire slab contents are whitelisted. Note that the slab-based thread > stack is only present on systems with THREAD_SIZE < PAGE_SIZE and > !CONFIG_VMAP_STACK. >=20 Acked-by: Rik van Riel --=20 All rights reversed --=-5yNfw2/9DwlhFVGK3aNK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJZpwo3AAoJEM553pKExN6DTIAIAICxbgOqL7sjfwNyLMbbVJnN UrgRUrD2Hx7/6O7LWTaS8sWotYyl5bPxKSBajvhqLEs+H2LRYhpjPXmHH5sA5e8T 2o8NV7Li3EjqUgRm5tYP0lz3ejdk7OJPpI8Tc6lMgGRW7B7f9mI8WlR7f6cV9fVx p2hA2wLF1IxMOtI99O/JyeAaDleKuLjc+TUN5j5HM/UZ97EZkXAag2eLxtrMWyHF jOSuYe7Jf0gXggS2KyWIGo7fxhERhqRuLsLTJexDGb5LZsxGDDr2sJebv59Q8reS oL70reLJLvcoVkgXzeKay1nYChEv/rH4+N1AwJOCXJ4ny79k7O/vp0ESvRgTA+Y= =uqD+ -----END PGP SIGNATURE----- --=-5yNfw2/9DwlhFVGK3aNK--