[kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
Ingo Molnar
mingo at kernel.org
Mon May 8 23:45:22 PDT 2017
* Greg KH <greg at kroah.com> wrote:
> What about a simple coccinelle script to test for this type of thing?
> We write it once, add it to the in-kernel body of tests, and then 0-day
> runs it on all trees all the time. That should catch this type of
> issue, like all of the other "bad programming bus" that the tool
> currently catches.
Yeah, that would work - but today most of our coccinelle scripts are still pretty
verbose, and I think it's important to make this a different category of
coccinelle script, which is .config driven where a loud warning yells at us.
I.e. force the 'zero warnings tolerated' model.
I also noticed that Coccinelle builds are pretty slow, so it would still make
sense to have a performance oriented static checking facility that does not have
the performance baggage of high level functional languages.
I.e. either integrate it into Sparse - or start a kernel integrated static
analysis tooling project that would only follow control flow initially - which is
what we need here I believe.
We only have ~115 code blocks in the kernel that set/restore KERNEL_DS, it would
be a pity to add a runtime check to every system call ...
We could also add a runtime check to oops handling to make sure we don't leak
KERNEL_DS through kernel crashes, to ease worries about CVE-2010-4258.
Thanks,
Ingo
More information about the linux-arm-kernel
mailing list