diff options
author | David Windsor <dave@nullcore.net> | 2017-06-11 04:50:47 +0200 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2018-01-15 21:07:49 +0100 |
commit | 6c0c21adc742a255f0203ef76ef0ed6c8c3b0630 (patch) | |
tree | ed1261caefae3fedeb6c065c056101d7e4787e15 /mm/slab.c | |
parent | usercopy: Allow strict enforcement of whitelists (diff) | |
download | linux-6c0c21adc742a255f0203ef76ef0ed6c8c3b0630.tar.xz linux-6c0c21adc742a255f0203ef76ef0ed6c8c3b0630.zip |
usercopy: Mark kmalloc caches as usercopy caches
Mark the kmalloc slab caches as entirely whitelisted. These caches
are frequently used to fulfill kernel allocations that contain data
to be copied to/from userspace. Internal-only uses are also common,
but are scattered in the kernel. For now, mark all the kmalloc caches
as whitelisted.
This patch is modified from Brad Spengler/PaX Team's PAX_USERCOPY
whitelisting code in the last public patch of grsecurity/PaX based on my
understanding of the code. Changes or omissions from the original code are
mine and don't reflect the original grsecurity/PaX code.
Signed-off-by: David Windsor <dave@nullcore.net>
[kees: merged in moved kmalloc hunks, adjust commit log]
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-mm@kvack.org
Cc: linux-xfs@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Christoph Lameter <cl@linux.com>
Diffstat (limited to 'mm/slab.c')
-rw-r--r-- | mm/slab.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mm/slab.c b/mm/slab.c index b9b0df620bb9..dd367fe17a4e 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -1291,7 +1291,8 @@ void __init kmem_cache_init(void) */ kmalloc_caches[INDEX_NODE] = create_kmalloc_cache( kmalloc_info[INDEX_NODE].name, - kmalloc_size(INDEX_NODE), ARCH_KMALLOC_FLAGS); + kmalloc_size(INDEX_NODE), ARCH_KMALLOC_FLAGS, + 0, kmalloc_size(INDEX_NODE)); slab_state = PARTIAL_NODE; setup_kmalloc_cache_index_table(); |