Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode

From: Daniel Micay
Date: Fri May 12 2017 - 17:24:06 EST

Next message: David Carrillo-Cisneros: "Re: [PATCH v2] perf/core: Avoid removing shared pmu_context on unregister"
Previous message: Hans de Goede: "Re: [PATCH 2/5] extcon: Add FUSB302 USB TYPE-C controller support"
In reply to: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Next in thread: Al Viro: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> overflow into adjacent allocations (fixed by VMAP_STACK).

99% fixed, but it's possible to skip over the guard page without
-fstack-check enabled (plus some edge cases need to be fixed in GCC),
unless VLAs were forbidden in addition to the existing large frame size
warning.

I'm not sure about in-tree code, but Qualcomm had some of these
improperly bounded VLA vulnerabilities in their MSM kernel...

Next message: David Carrillo-Cisneros: "Re: [PATCH v2] perf/core: Avoid removing shared pmu_context on unregister"
Previous message: Hans de Goede: "Re: [PATCH 2/5] extcon: Add FUSB302 USB TYPE-C controller support"
In reply to: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Next in thread: Al Viro: "Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]