Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp394673ybl; Thu, 23 Jan 2020 00:15:34 -0800 (PST) X-Google-Smtp-Source: APXvYqz/hdvEzVG/CL2LqvAOqDoUEsEUoB1nP9JBE5rEQ2yubp+HF71y0vfAzeuWHxHstXaehrkC X-Received: by 2002:a05:6830:1442:: with SMTP id w2mr10699438otp.143.1579767334647; Thu, 23 Jan 2020 00:15:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579767334; cv=none; d=google.com; s=arc-20160816; b=eRaJ+/MydtmsNNplz2pFTzyu5cBRfiSPvqHSBrDMTxvq/VsRjKpH+XDYwmBTL58vwC pE3bx0mIdLSjqOX4FYXNUiVfsbKfJApbqxZGWju/FBv14X3EAl4zmaBWNOU/o3mFcQYD naRyMZFgS2kfse94+QYjq6A6mOJZkg0j9Cm0JbbWSXeSGrarPmwnT0d5MC33yVWhQWGZ XCpLI0wTh3hXOBxl06kK4ja9suVj5P4emYxP3y6o5AARDOPY5zD6k27ii6lTcXOs70nS QMB49DC/djrAHTjxAzw81uOYaCcO1oMaBv8xdDGF6jeOsQQRsnuO/MbKGnSSUzHrmjve In/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:from:references:cc:to:subject; bh=hMetq05ahE3/VlZ36EO7t0o08RZOdKUBr1lWl/7z4lM=; b=RJfcZqmCzc5iSjc1b2Evz4JCA6I5wK2aY3grF/lx4NT3yh22pXc0WmoslzHXuvrRK5 3Q4lPJDnFidLl0pVM+6Kkpd+s9IvaMajO+7H4Ax47lFP3DoExe04Nmc0XT1C5xXRBc7s BSWqmmpDQ11zF5ZCrEKhrBZ4QW+ahSaWWIJANOXHqlJdYVMKZsAveCElTZ0+K4thTuzQ vEAtbdmETJoltmbiwDVSbLprogX6zf5sohPpmxA7OGb4d1kv78ecxzosm2xHcRUJDDgl EsJZrAmok/MgcZm+0eKMLZzgW+sahykmftktYpkUQK9jQ2ee4xiO3pafncm6gKlSVgMm ac0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r14si470858oic.12.2020.01.23.00.15.22; Thu, 23 Jan 2020 00:15:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726234AbgAWIO2 (ORCPT + 99 others); Thu, 23 Jan 2020 03:14:28 -0500 Received: from mail-wm1-f67.google.com ([209.85.128.67]:52446 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725785AbgAWIO1 (ORCPT ); Thu, 23 Jan 2020 03:14:27 -0500 Received: by mail-wm1-f67.google.com with SMTP id p9so1533259wmc.2; Thu, 23 Jan 2020 00:14:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=hMetq05ahE3/VlZ36EO7t0o08RZOdKUBr1lWl/7z4lM=; b=IhvxioSt+YtVkF6fJdpl+hl3IN74WXS0iqWWeWJ34CRfa2fbnuk3mCSCNefDvL+kgT CiiRNQO2QeHt46PemPGhY/bNi4Qq0WKeukWtsqfxLpSS06IMDsNVBfGbL6eFqeTKlRrx nB6NzIPiN2wkkT6q2wCRSB874MrUfJ/dMYCHM7LkmJarnHA2Qc6vkCMtDmQZLc2I9v// +/ME2vRtNfPqzMjfWd4aq9LSBgCNV5OiW5v+tKenB3MDsM8IcUsUbEyvXtaf0s4JrCR/ REjyElA+9zTmcEYL9DpuHdr1w8lGNpdEb7mNwwyK0/BOJ0IpwSQd3q3N1athzBFi/Dku FPcA== X-Gm-Message-State: APjAAAV3BZQ7PKLYVmC+IoTBz2PZyGj3RGTdUKdFCLBtMxO7N8ZEcfHa BZ3i8MNT0bnrSFTfEB1y/0yVfh/L8QUgJw== X-Received: by 2002:a7b:cb46:: with SMTP id v6mr2956731wmj.117.1579767264210; Thu, 23 Jan 2020 00:14:24 -0800 (PST) Received: from ?IPv6:2a0b:e7c0:0:107::70f? ([2a0b:e7c0:0:107::70f]) by smtp.gmail.com with ESMTPSA id a5sm1626869wmb.37.2020.01.23.00.14.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 23 Jan 2020 00:14:23 -0800 (PST) Subject: Re: [kernel-hardening] [PATCH 09/38] usercopy: Mark kmalloc caches as usercopy caches To: Kees Cook , Alexander Viro Cc: linux-kernel@vger.kernel.org, David Windsor , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , linux-mm@kvack.org, linux-xfs@vger.kernel.org, Linus Torvalds , Andy Lutomirski , Christoph Hellwig , Christoph Lameter , "David S. Miller" , Laura Abbott , Mark Rutland , "Martin K. Petersen" , Paolo Bonzini , Christian Borntraeger , Christoffer Dall , Dave Kleikamp , Jan Kara , Luis de Bethencourt , Marc Zyngier , Rik van Riel , Matthew Garrett , linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, netdev@vger.kernel.org, kernel-hardening@lists.openwall.com, Vlastimil Babka , Michal Kubecek References: <1515636190-24061-1-git-send-email-keescook@chromium.org> <1515636190-24061-10-git-send-email-keescook@chromium.org> <9519edb7-456a-a2fa-659e-3e5a1ff89466@suse.cz> <201911121313.1097D6EE@keescook> <201911141327.4DE6510@keescook> From: Jiri Slaby Autocrypt: addr=jslaby@suse.cz; prefer-encrypt=mutual; keydata= mQINBE6S54YBEACzzjLwDUbU5elY4GTg/NdotjA0jyyJtYI86wdKraekbNE0bC4zV+ryvH4j rrcDwGs6tFVrAHvdHeIdI07s1iIx5R/ndcHwt4fvI8CL5PzPmn5J+h0WERR5rFprRh6axhOk rSD5CwQl19fm4AJCS6A9GJtOoiLpWn2/IbogPc71jQVrupZYYx51rAaHZ0D2KYK/uhfc6neJ i0WqPlbtIlIrpvWxckucNu6ZwXjFY0f3qIRg3Vqh5QxPkojGsq9tXVFVLEkSVz6FoqCHrUTx wr+aw6qqQVgvT/McQtsI0S66uIkQjzPUrgAEtWUv76rM4ekqL9stHyvTGw0Fjsualwb0Gwdx ReTZzMgheAyoy/umIOKrSEpWouVoBt5FFSZUyjuDdlPPYyPav+hpI6ggmCTld3u2hyiHji2H cDpcLM2LMhlHBipu80s9anNeZhCANDhbC5E+NZmuwgzHBcan8WC7xsPXPaiZSIm7TKaVoOcL 9tE5aN3jQmIlrT7ZUX52Ff/hSdx/JKDP3YMNtt4B0cH6ejIjtqTd+Ge8sSttsnNM0CQUkXps w98jwz+Lxw/bKMr3NSnnFpUZaxwji3BC9vYyxKMAwNelBCHEgS/OAa3EJoTfuYOK6wT6nadm YqYjwYbZE5V/SwzMbpWu7Jwlvuwyfo5mh7w5iMfnZE+vHFwp/wARAQABtBtKaXJpIFNsYWJ5 IDxqc2xhYnlAc3VzZS5jej6JAjgEEwECACIFAk6S6NgCGwMGCwkIBwMCBhUIAgkKCwQWAgMB Ah4BAheAAAoJEL0lsQQGtHBJgDsP/j9wh0vzWXsOPO3rDpHjeC3BT5DKwjVN/KtP7uZttlkB duReCYMTZGzSrmK27QhCflZ7Tw0Naq4FtmQSH8dkqVFugirhlCOGSnDYiZAAubjTrNLTqf7e 5poQxE8mmniH/Asg4KufD9bpxSIi7gYIzaY3hqvYbVF1vYwaMTujojlixvesf0AFlE4x8WKs wpk43fmo0ZLcwObTnC3Hl1JBsPujCVY8t4E7zmLm7kOB+8EHaHiRZ4fFDWweuTzRDIJtVmrH LWvRDAYg+IH3SoxtdJe28xD9KoJw4jOX1URuzIU6dklQAnsKVqxz/rpp1+UVV6Ky6OBEFuoR 613qxHCFuPbkRdpKmHyE0UzmniJgMif3v0zm/+1A/VIxpyN74cgwxjhxhj/XZWN/LnFuER1W zTHcwaQNjq/I62AiPec5KgxtDeV+VllpKmFOtJ194nm9QM9oDSRBMzrG/2AY/6GgOdZ0+qe+ 4BpXyt8TmqkWHIsVpE7I5zVDgKE/YTyhDuqYUaWMoI19bUlBBUQfdgdgSKRMJX4vE72dl8BZ +/ONKWECTQ0hYntShkmdczcUEsWjtIwZvFOqgGDbev46skyakWyod6vSbOJtEHmEq04NegUD al3W7Y/FKSO8NqcfrsRNFWHZ3bZ2Q5X0tR6fc6gnZkNEtOm5fcWLY+NVz4HLaKrJuQINBE6S 54YBEADPnA1iy/lr3PXC4QNjl2f4DJruzW2Co37YdVMjrgXeXpiDvneEXxTNNlxUyLeDMcIQ K8obCkEHAOIkDZXZG8nr4mKzyloy040V0+XA9paVs6/ice5l+yJ1eSTs9UKvj/pyVmCAY1Co SNN7sfPaefAmIpduGacp9heXF+1Pop2PJSSAcCzwZ3PWdAJ/w1Z1Dg/tMCHGFZ2QCg4iFzg5 Bqk4N34WcG24vigIbRzxTNnxsNlU1H+tiB81fngUp2pszzgXNV7CWCkaNxRzXi7kvH+MFHu2 1m/TuujzxSv0ZHqjV+mpJBQX/VX62da0xCgMidrqn9RCNaJWJxDZOPtNCAWvgWrxkPFFvXRl t52z637jleVFL257EkMI+u6UnawUKopa+Tf+R/c+1Qg0NHYbiTbbw0pU39olBQaoJN7JpZ99 T1GIlT6zD9FeI2tIvarTv0wdNa0308l00bas+d6juXRrGIpYiTuWlJofLMFaaLYCuP+e4d8x rGlzvTxoJ5wHanilSE2hUy2NSEoPj7W+CqJYojo6wTJkFEiVbZFFzKwjAnrjwxh6O9/V3O+Z XB5RrjN8hAf/4bSo8qa2y3i39cuMT8k3nhec4P9M7UWTSmYnIBJsclDQRx5wSh0Mc9Y/psx9 B42WbV4xrtiiydfBtO6tH6c9mT5Ng+d1sN/VTSPyfQARAQABiQIfBBgBAgAJBQJOkueGAhsM AAoJEL0lsQQGtHBJN7UQAIDvgxaW8iGuEZZ36XFtewH56WYvVUefs6+Pep9ox/9ZXcETv0vk DUgPKnQAajG/ViOATWqADYHINAEuNvTKtLWmlipAI5JBgE+5g9UOT4i69OmP/is3a/dHlFZ3 qjNk1EEGyvioeycJhla0RjakKw5PoETbypxsBTXk5EyrSdD/I2Hez9YGW/RcI/WC8Y4Z/7FS ITZhASwaCOzy/vX2yC6iTx4AMFt+a6Z6uH/xGE8pG5NbGtd02r+m7SfuEDoG3Hs1iMGecPyV XxCVvSV6dwRQFc0UOZ1a6ywwCWfGOYqFnJvfSbUiCMV8bfRSWhnNQYLIuSv/nckyi8CzCYIg c21cfBvnwiSfWLZTTj1oWyj5a0PPgGOdgGoIvVjYXul3yXYeYOqbYjiC5t99JpEeIFupxIGV ciMk6t3pDrq7n7Vi/faqT+c4vnjazJi0UMfYnnAzYBa9+NkfW0w5W9Uy7kW/v7SffH/2yFiK 9HKkJqkN9xYEYaxtfl5pelF8idoxMZpTvCZY7jhnl2IemZCBMs6s338wS12Qro5WEAxV6cjD VSdmcD5l9plhKGLmgVNCTe8DPv81oDn9s0cIRLg9wNnDtj8aIiH8lBHwfUkpn32iv0uMV6Ae sLxhDWfOR4N+wu1gzXWgLel4drkCJcuYK5IL1qaZDcuGR8RPo3jbFO7Y Message-ID: Date: Thu, 23 Jan 2020 09:14:20 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <201911141327.4DE6510@keescook> Content-Type: text/plain; charset=iso-8859-2 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14. 11. 19, 22:27, Kees Cook wrote: > On Tue, Nov 12, 2019 at 01:21:54PM -0800, Kees Cook wrote: >> How is iucv the only network protocol that has run into this? Do others >> use a bounce buffer? > > Another solution would be to use a dedicated kmem cache (instead of the > shared kmalloc dma one)? Has there been any conclusion to this thread yet? For the time being, we disabled HARDENED_USERCOPY on s390... https://lore.kernel.org/kernel-hardening/9519edb7-456a-a2fa-659e-3e5a1ff89466@suse.cz/ thanks, -- js suse labs