** Description changed: Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel: config CPU_SW_DOMAIN_PAN - bool "Enable use of CPU domains to implement privileged no-access" - depends on MMU && !ARM_LPAE - default y - help - Increase kernel security by ensuring that normal kernel accesses - are unable to access userspace addresses. This can help prevent - use-after-free bugs becoming an exploitable privilege escalation - by ensuring that magic values (such as LIST_POISON) will always - fault when dereferenced. + bool "Enable use of CPU domains to implement privileged no-access" + depends on MMU && !ARM_LPAE + default y + help + Increase kernel security by ensuring that normal kernel accesses + are unable to access userspace addresses. This can help prevent + use-after-free bugs becoming an exploitable privilege escalation + by ensuring that magic values (such as LIST_POISON) will always + fault when dereferenced. - CPUs with low-vector mappings use a best-efforts implementation. - Their lower 1MB needs to remain accessible for the vectors, but - the remainder of userspace will become appropriately inaccessible. + CPUs with low-vector mappings use a best-efforts implementation. + Their lower 1MB needs to remain accessible for the vectors, but + the remainder of userspace will become appropriately inaccessible. + + Similarly, Kees noted that all the configs from ubuntu's 4.8 new + defaults seem to be missing for raspi2/3. e.g.: + + CONFIG_HARDENED_USERCOPY=y + CONFIG_SLAB_FREELIST_RANDOM=y + CONFIG_DEBUG_LIST=y + CONFIG_DEBUG_CREDENTIALS=y + + I suspect what actually needs to happen is a full config review + comparison for our linux-raspi2 kernel.
** Description changed: Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel: config CPU_SW_DOMAIN_PAN bool "Enable use of CPU domains to implement privileged no-access" depends on MMU && !ARM_LPAE default y help Increase kernel security by ensuring that normal kernel accesses are unable to access userspace addresses. This can help prevent use-after-free bugs becoming an exploitable privilege escalation by ensuring that magic values (such as LIST_POISON) will always fault when dereferenced. CPUs with low-vector mappings use a best-efforts implementation. Their lower 1MB needs to remain accessible for the vectors, but the remainder of userspace will become appropriately inaccessible. Similarly, Kees noted that all the configs from ubuntu's 4.8 new defaults seem to be missing for raspi2/3. e.g.: CONFIG_HARDENED_USERCOPY=y CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_DEBUG_LIST=y CONFIG_DEBUG_CREDENTIALS=y + Kees also noted that it may ust be armhf/arm64 issue with the + config.common.ubuntu being out of sync because fixing that solved his + missing configs. + I suspect what actually needs to happen is a full config review comparison for our linux-raspi2 kernel. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1683505 Title: enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-raspi2/+bug/1683505/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
