Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp4452031imm; Mon, 25 Jun 2018 16:18:47 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJaf5yoUsPB6sigYqT3HUMtKEoK+xQ7eo2AfAKamfbGziNy1PBohT5Dkmyvlm7/JQc+/0Xg X-Received: by 2002:a17:902:2702:: with SMTP id c2-v6mr14169119plb.297.1529968726956; Mon, 25 Jun 2018 16:18:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529968726; cv=none; d=google.com; s=arc-20160816; b=HKZyxm3eNFJmvsF8Z4mQYOFtr789A2PaoqskovbJSD1p3ii7PQ1hyyISIufE6EwiCu KX/8b8sDPjozIZdL5e3NXGbHeSQiet5AW/MIePHLrMBD6+LpmjmjxFcJMHYupiTwEW9Y DZWLG2gVV7341MIuuGez5XIVp8/Svnrp52Pp72BOhR/H4IuwDBTsqESiSOpHdJIbVWTG +r5krmRvylRn3aaHPtQ3P6yVTiQDy7kgPxswrkdbNk9aG6+TZVv6zUNonApNR4Uusf7/ XArz3UYjjQnDfrs0JY9aJQ0lELpXXL/x5S9pEdmls2iNRyeWC03L5NYAaLPuQYCkWlOf qgbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject:reply-to :arc-authentication-results; bh=Fd1q29uy+ezXLSMt0tpD3i5OtL7yUI4xPCpVUJs0+Kw=; b=lBHsp4GCoP+KCMW/B6kvID14P3s5F1En7NKwzmZMWaBmm/ZA5oWTHOudgeCUsTM8RL xTD+aX6PIaon4PpLATqTKPjjVU7u9nnbbKmfsXawsVqgxoRPBz1hlJ9Z/uOKvK6eCxrL Db1dOz3y4WTXbyn2jv7N6i559InMsO8M6XvQ/pRTdyHpS5yuhCkawsyLIzQN3Cuz6kte KMNWwSLI8WV2YAVlozhIl1qj/popYZ/TuKtvatRCSjWGiSMoQhk5cgsvSLHhljIm3ddZ bqvvMnXX0kyjt1kcv0WI8U7Y7dHFAU5tRKXDpvd/Evh+7+VUMfH2dp4kbd+n4nl1ddYs kQ8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s10-v6si128750pgf.225.2018.06.25.16.18.32; Mon, 25 Jun 2018 16:18:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755717AbeFYXRS (ORCPT + 99 others); Mon, 25 Jun 2018 19:17:18 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:37916 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755543AbeFYXRS (ORCPT ); Mon, 25 Jun 2018 19:17:18 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7329383207; Mon, 25 Jun 2018 23:17:17 +0000 (UTC) Received: from crecklin.bos.csb (ovpn-121-147.rdu2.redhat.com [10.10.121.147]) by smtp.corp.redhat.com (Postfix) with ESMTP id 727322166B5D; Mon, 25 Jun 2018 23:17:16 +0000 (UTC) Reply-To: crecklin@redhat.com Subject: Re: [PATCH] add param that allows bootline control of hardened usercopy To: Kees Cook Cc: Laura Abbott , LKML , Linux-MM References: <1529939300-27461-1-git-send-email-crecklin@redhat.com> <2e4d9686-835c-f4be-2647-2344899e3cd4@redhat.com> From: Christoph von Recklinghausen Organization: Red Hat Message-ID: <53edba5a-1652-d1c2-12c9-7f3cda746f5f@redhat.com> Date: Mon, 25 Jun 2018 19:17:16 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 25 Jun 2018 23:17:17 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 25 Jun 2018 23:17:17 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'crecklin@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/25/2018 06:35 PM, Kees Cook wrote: > On Mon, Jun 25, 2018 at 3:29 PM, Christoph von Recklinghausen > wrote: >> I have a small set of customers that want CONFIG_HARDENED_USERCOPY >> enabled, and a large number of customers who would be impacted by its >> default behavior (before my change). The desire was to have the smaller >> number of users need to change their boot lines to get the behavior they >> wanted. Adding CONFIG_HUC_DEFAULT_OFF was an attempt to preserve the >> default behavior of existing users of CONFIG_HARDENED_USERCOPY (default >> enabled) and allowing that to coexist with the desires of the greater >> number of my customers (default disabled). >> >> If folks think that it's better to have it enabled by default and the >> command line option to turn it off I can do that (it is simpler). Does >> anyone else have opinions one way or the other? > I would prefer to isolate the actual problem case, and fix it if > possible. (i.e. try to make the copy fixed-length, etc) Barring that, > yes, a kernel command line to disable the protection would be okay. > > Note that the test needs to be inside __check_object_size() otherwise > the inline optimization with __builtin_constant_p() gets broken and > makes everyone slower. :) > > -Kees > Thanks Kees, I'll make that change and retest. Chris