Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5295144yba; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqwhj1+836e2cZ0/cLKo3u0LOdOZBVbeWq9knZFsfqGIsB2MIdG9cqqxO3A7wBOxgEioblP2 X-Received: by 2002:a17:902:b617:: with SMTP id b23mr45088931pls.73.1554937982644; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554937982; cv=none; d=google.com; s=arc-20160816; b=vxmR4fbO+LXGlNu0AwAZxnMXW+1/EhWeH4M8b+wx8hNm7KysgYeY+lrMzyOpKGQZa9 vBm5RlCdmyowU/d1KbOUMS8UWFEpOttDOV3wRsDI3WXKIjvFZk+n1XU8EGnaUe7QCVK/ zX57V3dyTOvzeQSeDIRF2rIthmME2BJHQA+GqEJhsvbPIUggJz5ZS+8f35yf+oE6fh87 xhUvEOFQ/M4FqHIbzUtoT7jgWxzB6dV1dhc1X8j9EOamaLi1gx+QO1GHref5PawoC18h dVTnVJCxFsSu8JQvuKWbgyyTKaI0s5EzokoJDcNA2BGDPkpF926JLo+8zSMzjnCCtWbw CJ/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=2/j3x/+JzYylPJEZMiyweu4LJpyB1p9biE0uu/3og5o=; b=syz/blu+lhzsbGfiPOG3L+zPjx70HB4enEPOySkpLkMXOEauhByymh4WIVzyGQ26hr FVbOASWfjg7g9xuTYnF6Ef6FmYMqNvI/RgmbkoU22St2yBPPTVOCILgo/oPlXRiT04Kj Okv9w4uIgwFHa0XOf4QDum4k8xrgzZ+63jxGqKVzPIe+yohMmagH1gLwD7yMefDpGi3w /FvmnSeeBI+o8BijYPvytWYuRio4lr33KgzLk8FBiZZpuHwKKBVu8QPc64/zVNRye3jw cHgBFU3m4ED9nQDfPctg7A2+j5mkxiSCEhrv8rXhwt439xb9DdHrhTgW6iHg8e4+KTLA Bfxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=f81Qq4io; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r140si32802536pgr.585.2019.04.10.16.12.45; Wed, 10 Apr 2019 16:13:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=f81Qq4io; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726656AbfDJXMA (ORCPT + 99 others); Wed, 10 Apr 2019 19:12:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:50884 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726026AbfDJXMA (ORCPT ); Wed, 10 Apr 2019 19:12:00 -0400 Received: from gmail.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6CE1D20850; Wed, 10 Apr 2019 23:11:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1554937919; bh=q6C6asliB+R3GiA6MRBIkiZPDalhAROlS4ZO33DglG0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=f81Qq4iocQpcOMtiR/t0Rc4UGVCF32ESP7I2KWwf81yZwHCWE9mGd9sRVmo1c0Xlv /y9pJUesNDA1OihDE32NMDVFKUK+ByAhVfv/WJT/nXo25R1ENmGuBxDC5/h8G4E99R e406h9JxbuxcxrU7vgv31/fKl9m+ewipryJAmJtQ= Date: Wed, 10 Apr 2019 16:11:58 -0700 From: Eric Biggers To: Kees Cook Cc: Geert Uytterhoeven , Herbert Xu , linux-security-module , Linux ARM , Linux Crypto Mailing List , Linux Kernel Mailing List , Laura Abbott , Rik van Riel Subject: Re: crypto: Kernel memory overwrite attempt detected to spans multiple pages Message-ID: <20190410231156.GB120258@gmail.com> References: <20190319170911.GB202956@gmail.com> <20190320185719.GB180195@gmail.com> <20190321175122.GA1587@sol.localdomain> <20190410031734.GB7140@sol.localdomain> <20190410190729.GA120258@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 10, 2019 at 02:57:46PM -0700, Kees Cook wrote: > On Wed, Apr 10, 2019 at 12:07 PM Eric Biggers wrote: > > That didn't answer my question. My question is what is the purpose of this? If > > there was actual buffer overflow when __GFP_COMP isn't specified that would make > > perfect sense, but AFAICS there isn't. So why does hardened usercopy consider > > it broken when __GFP_COMP isn't specified? > > The goal of CONFIG_HARDENED_USERCOPY_PAGESPAN was to detect copies > across page boundaries in memory allocated by the page allocator. > There appear to be enough cases of allocations that span pages but do > not mark them with __GFP_COMP, so this logic hasn't proven useful in > the real world (which is why no one should use the ..._PAGESPAN config > in production). I'd like to get the kernel to the point where hardened > usercopy can correctly do these checks (right now it's mainly only > useful at checking for overflows in slub and slab), but it'll take > time/focus for a while. No one has had time yet to track all of these > down and fix them. (I defer to Laura and Rik on the design of the > pagespan checks; they did the bulk of the work there.) > > Does that help explain it, or am I still missing your question? > > -- > Kees Cook You've explained *what* it does again, but not *why*. *Why* do you want hardened usercopy to detect copies across page boundaries, when there is no actual buffer overflow? - Eric