linux/net/sctp
David Windsor ab9ee8e38b sctp: Define usercopy region in SCTP proto slab cache
The SCTP socket event notification subscription information need to be
copied to/from userspace. In support of usercopy hardening, this patch
defines a region in the struct proto slab cache in which userspace copy
operations are allowed. Additionally moves the usercopy fields to be
adjacent for the region to cover both.

example usage trace:

    net/sctp/socket.c:
        sctp_getsockopt_events(...):
            ...
            copy_to_user(..., &sctp_sk(sk)->subscribe, len)

        sctp_setsockopt_events(...):
            ...
            copy_from_user(&sctp_sk(sk)->subscribe, ..., optlen)

        sctp_getsockopt_initmsg(...):
            ...
            copy_to_user(..., &sctp_sk(sk)->initmsg, len)

This region is known as the slab cache's usercopy region. Slab caches
can now check that each dynamically sized copy operation involving
cache-managed memory falls entirely within the slab's usercopy region.

This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.

Signed-off-by: David Windsor <dave@nullcore.net>
[kees: split from network patch, move struct members adjacent]
[kees: add SCTPv6 struct whitelist, provide usage trace]
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-sctp@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-01-15 12:08:00 -08:00
..
associola.c net: sctp: Convert timers to use timer_setup() 2017-10-25 12:02:09 +09:00
auth.c sctp: remove the typedef sctp_hmac_algo_param_t 2017-07-16 20:52:14 -07:00
bind_addr.c sctp: remove the typedef sctp_scope_t 2017-08-06 21:33:41 -07:00
chunk.c sctp: introduce struct sctp_stream_out_ext 2017-10-03 16:27:28 -07:00
debug.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
endpointola.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
input.c sctp: fix some type cast warnings introduced by transport rhashtable 2017-10-29 18:03:24 +09:00
inqueue.c sctp: remove the typedef sctp_chunkhdr_t 2017-07-01 09:08:41 -07:00
ipv6.c net/sctp: Always set scope_id in sctp_inet6_skb_msgname 2017-11-16 23:00:30 +09:00
Kconfig sctp: add the sctp_diag.c file 2016-04-15 17:29:36 -04:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
objcnt.c sctp: remove the typedef sctp_dbg_objcnt_entry_t 2017-08-11 10:02:43 -07:00
offload.c net: use skb->csum_not_inet to identify packets needing crc32c 2017-05-19 19:21:29 -04:00
output.c sctp: remove the typedef sctp_xmit_t 2017-08-06 21:33:42 -07:00
outqueue.c sctp: introduce stream scheduler foundations 2017-10-03 16:27:29 -07:00
primitive.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
probe.c sctp: remove the typedef sctp_disposition_t 2017-08-11 10:02:44 -07:00
proc.c net: convert sock.sk_wmem_alloc from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
protocol.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
sctp_diag.c sctp: Fix a big endian bug in sctp_diag_dump() 2017-09-26 21:16:29 -07:00
sm_make_chunk.c sctp: check stream reset info len before making reconf chunk 2017-11-16 10:49:00 +09:00
sm_sideeffect.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-30 21:09:24 +09:00
sm_statefuns.c sctp: remove the typedef sctp_disposition_t 2017-08-11 10:02:44 -07:00
sm_statetable.c sctp: remove the typedef sctp_sm_table_entry_t 2017-08-11 10:02:44 -07:00
socket.c sctp: Define usercopy region in SCTP proto slab cache 2018-01-15 12:08:00 -08:00
stream_sched_prio.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
stream_sched_rr.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
stream_sched.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
stream.c sctp: force SCTP_ERROR_INV_STRM with __u32 when calling sctp_chunk_fail 2017-11-28 11:00:13 -05:00
sysctl.c sctp: remove the typedef sctp_scope_policy_t 2017-08-06 21:33:41 -07:00
transport.c net: sctp: Convert timers to use timer_setup() 2017-10-25 12:02:09 +09:00
tsnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.c sctp: fix some type cast warnings introduced by stream reconf 2017-10-29 18:03:24 +09:00
ulpqueue.c sctp: fix missing wake ups in some situations 2017-09-08 10:02:47 -07:00