linux-sg2042

Go to file

Kees Cook 1ad53d9fa3 slub: improve bit diffusion for freelist ptr obfuscation Under CONFIG_SLAB_FREELIST_HARDENED=y, the obfuscation was relatively weak in that the ptr and ptr address were usually so close that the first XOR would result in an almost entirely 0-byte value[1], leaving most of the "secret" number ultimately being stored after the third XOR. A single blind memory content exposure of the freelist was generally sufficient to learn the secret. Add a swab() call to mix bits a little more. This is a cheap way (1 cycle) to make attacks need more than a single exposure to learn the secret (or to know _where_ the exposure is in memory). kmalloc-32 freelist walk, before: ptr ptr_addr stored value secret ffff90c22e019020@ffff90c22e019000 is 86528eb656b3b5bd (86528eb656b3b59d) ffff90c22e019040@ffff90c22e019020 is 86528eb656b3b5fd (86528eb656b3b59d) ffff90c22e019060@ffff90c22e019040 is 86528eb656b3b5bd (86528eb656b3b59d) ffff90c22e019080@ffff90c22e019060 is 86528eb656b3b57d (86528eb656b3b59d) ffff90c22e0190a0@ffff90c22e019080 is 86528eb656b3b5bd (86528eb656b3b59d) ... after: ptr ptr_addr stored value secret ffff9eed6e019020@ffff9eed6e019000 is 793d1135d52cda42 (86528eb656b3b59d) ffff9eed6e019040@ffff9eed6e019020 is 593d1135d52cda22 (86528eb656b3b59d) ffff9eed6e019060@ffff9eed6e019040 is 393d1135d52cda02 (86528eb656b3b59d) ffff9eed6e019080@ffff9eed6e019060 is 193d1135d52cdae2 (86528eb656b3b59d) ffff9eed6e0190a0@ffff9eed6e019080 is f93d1135d52cdac2 (86528eb656b3b59d) [1] https://blog.infosectcbr.com.au/2020/03/weaknesses-in-linux-kernel-heap.html Fixes: `2482ddec67` ("mm: add SLUB free list pointer obfuscation") Reported-by: Silvio Cesare <silvio.cesare@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: David Rientjes <rientjes@google.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: <stable@vger.kernel.org> Link: http://lkml.kernel.org/r/202003051623.AF4F8CB@keescook Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2020-04-02 09:35:26 -07:00
Documentation	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
LICENSES	LICENSES: Rename other to deprecated	2019-05-03 06:34:32 -06:00
arch	asm-generic: make more kernel-space headers mandatory	2020-04-02 09:35:25 -07:00
block	Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2020-03-30 16:13:08 -07:00
certs	certs: Add wrapper function to check blacklisted binary hash	2019-11-12 12:25:50 +11:00
crypto	Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity	2020-02-20 15:15:16 -08:00
drivers	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
fs	fs_parse: remove pr_notice() about each validation	2020-04-02 09:35:26 -07:00
include	asm-generic: make more kernel-space headers mandatory	2020-04-02 09:35:25 -07:00
init	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
ipc	Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"	2020-02-21 11:22:15 -08:00
kernel	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
lib	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
mm	slub: improve bit diffusion for freelist ptr obfuscation	2020-04-02 09:35:26 -07:00
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
samples	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
scripts	scripts/spelling.txt: add more spellings to spelling.txt	2020-04-02 09:35:25 -07:00
security	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
sound	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
tools	tools/accounting/getdelays.c: fix netlink attribute length	2020-04-02 09:35:25 -07:00
usr	initramfs: restore default compression behavior	2020-03-17 09:50:37 +09:00
virt	irqchip/gic-v4.1: Move doorbell management to the GICv4 abstraction layer	2020-03-24 12:15:51 +00:00
.clang-format	clang-format: Update with the latest for_each macro list	2020-03-06 21:50:05 +01:00
.cocciconfig	scripts: add Linux .cocciconfig for coccinelle	2016-07-22 12:13:39 +02:00
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	selftest/lkdtm: Use local .gitignore	2020-03-02 08:39:39 -07:00
.mailmap	media updates for v5.7-rc1	2020-03-30 13:42:05 -07:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: Hand MIPS over to Thomas	2020-02-24 22:43:18 -08:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	docs: kbuild: convert docs to ReST and rename to *.rst	2019-06-14 14:21:21 -06:00
MAINTAINERS	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next	2020-03-31 17:29:33 -07:00
Makefile	Kbuild updates for v5.7	2020-03-31 16:03:39 -07:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.