Received: by 10.223.176.46 with SMTP id f43csp39914wra; Thu, 18 Jan 2018 13:37:14 -0800 (PST) X-Google-Smtp-Source: ACJfBosFuGrUdfqHn7L2N/8CeKk601Z0r1GKPeR+DFhLY0/y5WqCg/G/d5+xmaCFEqQdb8Iij33E X-Received: by 2002:a17:902:7897:: with SMTP id q23-v6mr439321pll.274.1516311434139; Thu, 18 Jan 2018 13:37:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516311434; cv=none; d=google.com; s=arc-20160816; b=YfbL7ZX5EGIRSMWILORM1QIqkji5jhA7ttxoVOh1DjUrSLO5UuVFNvatShyMwFKCNj CG5kkN+tvdIsDvBiQcaCPQOUhIwDlTZ5Mlrq7eLcBdJekGvl2hGhL/RGjaYY7KPyLPwt O7bi25ifWx33Rv+20GWqS7txv+f7zxohXpxy7CCarfnbc6oGqwrmriWBaznIPWEr/DtN fgRXqQxIXwZAXTmM7pk/+sb3XkwvAfYRiti1TNUMF/fpjf4Xa4kwMR+z0yJ3v9RIMCHm ywBmrVvuIZh1BRZ1NAuJHyJCCVPpVeDxr3y/fJPVZB0enVaD6xiBtCJiOOIMug1uA+oS NMQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=SLe+RaW+u8ryBpIG+bSrgtDtCqkOpH8m8mFcqv8tGhE=; b=D9PLLtHyIYHgWovFGPbOfJvxT20wJ8tEckvZtMj5YHvkVNGlVqNeQs8EkMB93xyN+d mJMDr4Hko12Z3Rk/2KsAhV9h1E9TrqXyUB28jILySlBeQe4RML6uO8LLbGUIyPHYwWoP f8Mmwi93yS7EtD955ehihrxGSTwK2aWM50JZvl74ctuS1cN9m20XzEFAL4IHK+SIP8za UU0TKdua7rx3qkBT2B0U1Pa2azh1rAj1+6D8sbcEGhPsAlLl+XDNk9hjc/67lqqCZAX2 3lFauKkIdgoYT4uIAc6cNBmY05Ht83dZiXRdiU1NsD9wy3ptd2OTqRxiI6ttmEqV2j82 mSSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=q29tUHhJ; dkim=fail header.i=@chromium.org header.s=google header.b=a+CxTE5w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k132si3889603pgc.18.2018.01.18.13.36.56; Thu, 18 Jan 2018 13:37:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=q29tUHhJ; dkim=fail header.i=@chromium.org header.s=google header.b=a+CxTE5w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932191AbeARVgO (ORCPT + 99 others); Thu, 18 Jan 2018 16:36:14 -0500 Received: from mail-ua0-f196.google.com ([209.85.217.196]:34869 "EHLO mail-ua0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753390AbeARVgF (ORCPT ); Thu, 18 Jan 2018 16:36:05 -0500 Received: by mail-ua0-f196.google.com with SMTP id g16so16583588ual.2 for ; Thu, 18 Jan 2018 13:36:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=SLe+RaW+u8ryBpIG+bSrgtDtCqkOpH8m8mFcqv8tGhE=; b=q29tUHhJbzGo69sGbc8A1X/o/mRv2rOdZ+hXtaW0gj3rLJ/lh+lfGi7UsnzCZQzFgc qcM3xKV/oF7VizLyfjv4/xwEptpoYYEe0U2gTxhZH/MjLmUiqPLOh7DxDjT8a247KBJa 1TYqzMjFEh5jcrfrt4+0k/qYrJQCFWDgdaE5MariIftImn6S7VzeAD3gqa5pYb9cbO2D 9A9nkqq2/4FTuzKgTncd5cRk3FlNYtmTfZdrLsQfu4wt2g8DL/dkvn5mGXYe1ptj/nLf wn1GTy1v5kM8kQvDy0ov+I228DwxjR+s8I2jwhYcsseUzStz5GS6Kvww72Xd1eO/B+3+ ipig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=SLe+RaW+u8ryBpIG+bSrgtDtCqkOpH8m8mFcqv8tGhE=; b=a+CxTE5wfRCIo8un/CoCYh5zfOAzhjeXlpvcNQL0bIpCeOJ0EqxFny/NxuCk7Mmbfh 9R7fGsolsW9rQ+tGVYxRjv70Q38nliV0ZrVQlHoyuqNm4pe3Xw6+StqHjnyWvpql63qg lQ9zbx6zkpUw38pzxO52pDHf0AheDP1lo02gk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=SLe+RaW+u8ryBpIG+bSrgtDtCqkOpH8m8mFcqv8tGhE=; b=pwle5FGohNHgpEDYBuiryA9Mij/LeFelNkr1QARoQbC64iFfFa+nvl7bIfIqVj+sZq SUSErAdAVGVWMseH3HuDscjYwHZ0FelfTGVnmKmEvxX+BXQFNHA68s0zUMVvTGFT2Sqp mlZGrzrkBWYord53hllvJh3B4WPNTiKA2SHvOd8p/hl9UHZ7oEbc4nGHA1yTTFJm9OAC +wZDz4gTMdLterBBMJVhapHuge8YF0Ttec2vqK3R4oFJ8hH0pUF+REpxSFXzxJVn68sH /vVndvK8l60J/A7RuSU6oY60E+dzLQvmAh17uFkSwNWyi96SFKT/b9f5FfSqHKSrHRdu 2H/A== X-Gm-Message-State: AKwxytdLlEQc8ZEq0CD3Z4bKyc0PxzImaI5ieP2lQLgMJRhQDUXFbN41 X4da2B9zKuNdjwP9DBz6bZz74GcMasS8dokb/ITm4g== X-Received: by 10.176.112.164 with SMTP id q4mr5870048ual.105.1516311364127; Thu, 18 Jan 2018 13:36:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.67.196 with HTTP; Thu, 18 Jan 2018 13:36:03 -0800 (PST) In-Reply-To: <19a7add8-adaf-4ad4-6ae3-4a62967656b9@redhat.com> References: <1515636190-24061-1-git-send-email-keescook@chromium.org> <1515636190-24061-28-git-send-email-keescook@chromium.org> <19a7add8-adaf-4ad4-6ae3-4a62967656b9@redhat.com> From: Kees Cook Date: Thu, 18 Jan 2018 13:36:03 -0800 X-Google-Sender-Auth: Hxg5_KrnKK46gKOeSKkY5dAaJyw Message-ID: Subject: Re: [PATCH 27/38] sctp: Copy struct sctp_sock.autoclose to userspace using put_user() To: Laura Abbott Cc: LKML , David Windsor , Vlad Yasevich , Neil Horman , "David S. Miller" , linux-sctp@vger.kernel.org, Network Development , Linus Torvalds , Alexander Viro , Andrew Morton , Andy Lutomirski , Christoph Hellwig , Christoph Lameter , Mark Rutland , "Martin K. Petersen" , Paolo Bonzini , Christian Borntraeger , Christoffer Dall , Dave Kleikamp , Jan Kara , Luis de Bethencourt , Marc Zyngier , Rik van Riel , Matthew Garrett , "linux-fsdevel@vger.kernel.org" , linux-arch , Linux-MM , kernel-hardening@lists.openwall.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 18, 2018 at 1:31 PM, Laura Abbott wrote: > On 01/10/2018 06:02 PM, Kees Cook wrote: >> >> From: David Windsor >> >> The autoclose field can be copied with put_user(), so there is no need to >> use copy_to_user(). In both cases, hardened usercopy is being bypassed >> since the size is constant, and not open to runtime manipulation. >> >> This patch is verbatim from Brad Spengler/PaX Team's PAX_USERCOPY >> whitelisting code in the last public patch of grsecurity/PaX based on my >> understanding of the code. Changes or omissions from the original code are >> mine and don't reflect the original grsecurity/PaX code. >> > > Just tried a quick rebase and it looks like this conflicts with > c76f97c99ae6 ("sctp: make use of pre-calculated len") > I don't think we can use put_user if we're copying via the full > len? It should be fine, since: len = sizeof(int); c76f97c99ae6 just does a swap of sizeof(int) with len, put_user() will work in either case, since autoclose will always be int sized. -Kees > > Thanks, > Laura > > >> Signed-off-by: David Windsor >> [kees: adjust commit log] >> Cc: Vlad Yasevich >> Cc: Neil Horman >> Cc: "David S. Miller" >> Cc: linux-sctp@vger.kernel.org >> Cc: netdev@vger.kernel.org >> Signed-off-by: Kees Cook >> --- >> net/sctp/socket.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/net/sctp/socket.c b/net/sctp/socket.c >> index efbc8f52c531..15491491ec88 100644 >> --- a/net/sctp/socket.c >> +++ b/net/sctp/socket.c >> @@ -5011,7 +5011,7 @@ static int sctp_getsockopt_autoclose(struct sock >> *sk, int len, char __user *optv >> len = sizeof(int); >> if (put_user(len, optlen)) >> return -EFAULT; >> - if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int))) >> + if (put_user(sctp_sk(sk)->autoclose, (int __user *)optval)) >> return -EFAULT; >> return 0; >> } >> > -- Kees Cook Pixel Security