Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp407924imm; Mon, 2 Jul 2018 13:56:17 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLhjN2m7XC84/TYO2YNHOhyWK5pT47PPyK0jvr2HZu1Z7SccgQpctmCLT94V7XkcjHMQMol X-Received: by 2002:a65:5581:: with SMTP id j1-v6mr23744987pgs.203.1530564977245; Mon, 02 Jul 2018 13:56:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530564977; cv=none; d=google.com; s=arc-20160816; b=u80DmTu7fn9T5Licu/GYOPXMnw4U6FL8OsQ1dlrmIrBi2ZZs6Jkzi/FnZImY+vdSUM h91CL7xc5D8bIwHPZ2WERSP7/rCiHbDBwXUetRj4Cr9nAsnHotkT02adbL9brjAKtrGc WnzU9KFllCqQqwolj4lrSXJaXSGMhdykthxEY20tR3PfZ4YkLw9/Un1h/WahuBoluEWy ZvGwurcpEXdT3DfXbkPSTa+hEjx4C5cjfZ6HVCjrJ3LBSU+0fleYyOGbDf3Nbj93qIpm Re38uoqcflA63CTIjnLTH7EQeFsnEONfIhNtkhf+jq9CjLFqQjobTk/AVjjAOVmkUNBi hBqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=ZX0kxtKXqxWLYEoVFOKpwuR0lKdAjWDtszc83xa48Ao=; b=SCnzxO+mJLaSn47RjW1RYKuo6rnb+BXqY3/Ti2nhhwKvWY/xCfV5YYTUnwk137GnVz yrIEgZ5NexGwSzQhGMxckte7VrYJlXGVasHp60iwI6WO5iSfmFTc2vA4GMVrcr1L7Gcr P3A1ukqbqwxQxHr50bU1ZUTH/DE/z5tmwLryF6nrd5FNWSv4IK2CO9P9hfyhc+X7US7G suCnjpn0piA3g+sHb5zWB//0cgMlU96aO7Iq9nGO+PVhUWER7u+lx+bB7dwoaOYZcLSI PKa5aSd4oq/S8pyk85de6VlNAiEEWc4XCWG2ROnfeBTSPKMw4TFE3IIVgNndp2877pnR GEPA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=MrRXngiY; dkim=fail header.i=@chromium.org header.s=google header.b=YQPKMQNY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n5-v6si8636728pgd.157.2018.07.02.13.56.02; Mon, 02 Jul 2018 13:56:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=MrRXngiY; dkim=fail header.i=@chromium.org header.s=google header.b=YQPKMQNY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752910AbeGBUyj (ORCPT + 99 others); Mon, 2 Jul 2018 16:54:39 -0400 Received: from mail-yw0-f196.google.com ([209.85.161.196]:45959 "EHLO mail-yw0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752391AbeGBUyh (ORCPT ); Mon, 2 Jul 2018 16:54:37 -0400 Received: by mail-yw0-f196.google.com with SMTP id 139-v6so1806821ywg.12 for ; Mon, 02 Jul 2018 13:54:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZX0kxtKXqxWLYEoVFOKpwuR0lKdAjWDtszc83xa48Ao=; b=MrRXngiYOfw//SXySzh6dMsahHbJ1oh/0Ap8mOU0naARtPNhXv5ugkp10i3mHh8Jap htqgELVnn0HDhsxwiQjwAGcvHJBkelhY1tlsknS76MWRmoa/NckSpcPWbcKBOwsO5s0+ rYBCFuFpga1kGu00y1UzGdgQbR7DMXei5XXGTqg7TscoLGsKEdi7KRDCvJC9YxBF3APO JOabR4/NiCFhmhdJnSwdIUJbnR1O6Q7zbGL/A+S9lCASyrrwCtEEF62XEJWPPn7lppQB cFQftGIfIcq8E0+IvlrvGrFN8K7N6ML1jWwvsc45JnEyo1POiZRVlv27UvOT7A5cyi8N XZ/g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZX0kxtKXqxWLYEoVFOKpwuR0lKdAjWDtszc83xa48Ao=; b=YQPKMQNYK0U+8ZwZLP/yQ2BHnwY1nvElvNpSt4FuWKz7w+UyZLUIahAl9DF7E+Y+Po D3zlfLWvx/epajvds3YzLhB4zpHbOnmR/ZPZewrIosOMn0iI5ASMSUzza9IOIhin8KMf du//qTFp3fpdEjMvpCIyLb8MlyHY8fvgzuYds= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=ZX0kxtKXqxWLYEoVFOKpwuR0lKdAjWDtszc83xa48Ao=; b=eDSATUamgrCpaXwHgP9P05GSr7ncyUQ7C5Zi+W9r/3712GK+nkAZJG7oeOuGZm+NDN FbaRFnCjPp4EkaUPojcojnOnoAIS/eeFNo8v5Nsf4E5fMDKxm08i9wD89qCY4btpAY26 jrnzdFx+Wdg2MxzPE/RVjuIvuC5Y0pCVEFq5PW+fr3rxVBYG81LF98Krcy0ya7u8eCgo ViiB5Nt7q+0Wh1uvC8+3eIefwjiyaHNfg5hH6Brq2I0ulCuOk3AX6KCTadPtF/la5JQI 2QV9JDK5ipxRpMxRg/W5Wzq3fF2+bbXv69RRt2OSttbzWdaHLtkmgUDOCCpfg7kjInhz 8uRA== X-Gm-Message-State: APt69E1EO1ju3A2JwHSzTmSRqIngx1U1S2YusDaeJu4BiG7C5O0IWPM2 dKV061gu/vviwL7FkZ1/CVMzB31X0t6/sJIzfVrYWw== X-Received: by 2002:a81:39d7:: with SMTP id g206-v6mr6774791ywa.416.1530564876953; Mon, 02 Jul 2018 13:54:36 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Mon, 2 Jul 2018 13:54:36 -0700 (PDT) In-Reply-To: <0076b929-4785-0665-0e08-789c504f6b78@redhat.com> References: <1530101255-13988-1-git-send-email-crecklin@redhat.com> <5506a72f-99ac-b47c-4ace-86c43b17b5c5@redhat.com> <0076b929-4785-0665-0e08-789c504f6b78@redhat.com> From: Kees Cook Date: Mon, 2 Jul 2018 13:54:36 -0700 X-Google-Sender-Auth: ms4Ng3WgA0XXjN0pDtEiHxJLYJo Message-ID: Subject: Re: [PATCH v3] add param that allows bootline control of hardened usercopy To: Chris von Recklinghausen Cc: Laura Abbott , Paolo Abeni , LKML , Linux-MM , Kernel Hardening , Josh Poimboeuf , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 2, 2018 at 11:55 AM, Christoph von Recklinghausen wrote: > On 07/02/2018 02:43 PM, Kees Cook wrote: >> On Sat, Jun 30, 2018 at 1:43 PM, Christoph von Recklinghausen >> wrote: >>> The last issue I'm chasing is build failures on ARCH=m68k. The error is >>> atomic_read and friends needed by the jump label code not being found. >>> The config has CONFIG_BROKEN_ON_SMP=y, so the jump label calls I added >>> will only be made #ifndef CONFIG_BROKEN_ON_SMP. Do you think that's >>> worth a mention in the blurb that's added to >>> Documentation/admin-guide/kernel-parameters.txt? >> Uhm, that's weird -- I think the configs on m68k need fixing then? I >> don't want to have to sprinkle that ifdef in generic code. >> >> How are other users of static keys and jump labels dealing with m68k weirdness? >> > There's also CONFIG_JUMP_LABEL which is defined in x86_64 but not > defined in the m68k configs. I'll use that instead. In hindsight I > should have spotted that but didn't. I think what I mean is that jump labels should always work. There shouldn't be a need to #ifdef the common usercopy code. i.e. include/linux/jump_label.h should work on all architectures already. I see HAVE_JUMP_LABEL tests there, for example: #if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL) # define HAVE_JUMP_LABEL #endif Other core code uses static keys without this; what is the failing combination? -Kees -- Kees Cook Pixel Security