From patchwork Fri Aug 20 07:10:01 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 1518934
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256
 header.s=google header.b=jqtorr2n;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4GrXpv0dCzz9sW5;
	Fri, 20 Aug 2021 17:10:47 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1mGyfq-0008De-L0; Fri, 20 Aug 2021 07:10:42 +0000
Received: from mail-pj1-f51.google.com ([209.85.216.51])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <keescook@chromium.org>) id 1mGyfQ-000816-46
 for kernel-team@lists.ubuntu.com; Fri, 20 Aug 2021 07:10:16 +0000
Received: by mail-pj1-f51.google.com with SMTP id
 m24-20020a17090a7f98b0290178b1a81700so6619763pjl.4
 for <kernel-team@lists.ubuntu.com>; Fri, 20 Aug 2021 00:10:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org;
 s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=hYOqZE8WPeol1DUBGCodr1R+k7r9YzUR0yCqkPTZtqU=;
 b=jqtorr2nXImbtzj90yKpoY/eG716ny4pE6S06IHxiTxhq6JHU8gtq1DUx45mhHukNS
 zXIR+sxiUNM2+cayYtQA5eKT8gXkFrDtTadWvQYwF+WQ3do/ZL+eXBo2JryZbAtLtYda
 xMyybiXldy5EPJ42cxxC7oDjYlNd+/Au2o+CQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=hYOqZE8WPeol1DUBGCodr1R+k7r9YzUR0yCqkPTZtqU=;
 b=BiB+tr7VHBlZgUXurofAFTeMoxbJP7ubH3X43Wm/uXA1ixWVBLv0Okc+5NuqTr46s2
 eWbki4mnvMCIZK5ph6PllCKWV3cLUxbFq2zxKf40QV4JJEmS3qtcLa0FAW5LVf7GcUTU
 hPYjnM4Rj41/vXVk3cyWXz8v+XFndBOMelnUetLPi6JSjSVEaMa2IdHPkOBIcv6+d4Df
 gogFu0aXyKm0XQVGW6LMGsKQO0rMZUj40/HN494BYpKl+aY8b0MPov28FV1BuJiQX2Jg
 9KNFYfl8bqPVaBqbRjthuSxQV/zqvaOHOXz5q71EmLXbu5TlIw9Y+OXkTFleMOTox2W/
 MNWQ==
X-Gm-Message-State: AOAM533qZOOWw1YGIGSel7jZ+CxVIYIOaAKIb9qqDyatUFtPbeJdQ8ep
 UUSu2crpSmVFBi25QDldSKJ3+w==
X-Google-Smtp-Source: 
 ABdhPJwdE6mIMcG3Q1rJNAvnVXt3o8XbXHZRwL8h6m1/oUIHRajA6wrILR4Hceby0DSmzvG/+ONW0g==
X-Received: by 2002:a17:90a:4b07:: with SMTP id
 g7mr3190221pjh.48.1629443414097;
 Fri, 20 Aug 2021 00:10:14 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
 by smtp.gmail.com with ESMTPSA id 141sm5754337pfv.15.2021.08.20.00.10.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 20 Aug 2021 00:10:13 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 3/4] UBUNTU: [Config] Disable
 CONFIG_HARDENED_USERCOPY_FALLBACK
Date: Fri, 20 Aug 2021 00:10:01 -0700
Message-Id: <20210820071002.3560053-4-keescook@chromium.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210820071002.3560053-1-keescook@chromium.org>
References: <20210820071002.3560053-1-keescook@chromium.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=2316; h=from:subject;
 bh=nGEHATtEinOmCtDPMDC7w48Ii4ahfPFsIFuoRfbngy0=;
 b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhH1VJ8G/oAmOWpMFg/cmJoEB1GZmZWAip/QWfxjxf
 QXwG3SCJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYR9VSQAKCRCJcvTf3G3AJj+jD/
 9+aH/C6JPJAEXZ5yDYSedoxAMM+T9ZJoGXN9PIFPjiBdGrWGKGu23S70fgcoErQDr2cjCWNxBtJeOK
 EgCWybMVrlyRo8G/3MpdV4AFgux66NktEky8Ltw05WWeb3ZJYKasvgF1IGKh7Jvjbdu+6XrqvnVvf4
 eIUFX9L8hgjm9N7QrIW++8iIhGFd+67H5cQezTCV7PgQjbLbhVQcqSwob/MXAsEHHWr9cE+FGexyNK
 9/39NGLB1HsjYO6Rj9Hyj7ZcL4LlCk3NlAVgB4+64AL4UXfwzWDvanYIbQ/nC1RPRxHPWk61ZRew2l
 cmZRMVQDD/U5cPuRWdKnLyNEjbPBncvmjHyoqVKyTxK4S0prHsHSlf/LBfYtmx9MxkSSTQl54gHbBZ
 1IRtpj78LATqVQFDfBUM1GoaQPNbPYFXF28q9rNSQ4IHuqOHW7Bavb04B3azIKON7Eagu2jhA6foMr
 ovoGux4HY8QLYtL6fX5SwBTtnxvWRS3pa5tBZ03reIKT2DNyVmKFI2EYsSkbMy4r2yd5i7pY6jkMdo
 4HJlAZbIPIclFw56ShIfCYhMI8hESrZF3faCdlLdN5sZc4wD8Rtds00sxXeWoesVlcaS+P08hApG5X
 0XPB7zS0R1tAnwofKyWT4rt/qXmq4Awn49T1Zq84wp72jZ66aXfsNLetAxog==
X-Developer-Key: i=kees@ubuntu.com; a=openpgp;
 fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: ubuntu-hardened@lists.ubuntu.com, Kees Cook <keescook@chromium.org>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Kees Cook <kees@ubuntu.com>

CONFIG_HARDENED_USERCOPY_FALLBACK was designed to catch old out of tree
drivers doing bad things with CONFIG_HARDENED_USERCOPY, and weakens the
protection. It's been several years now; it's time to turn this off.

BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855340

Signed-off-by: Kees Cook <kees@ubuntu.com>
---
 debian.master/config/annotations          | 2 +-
 debian.master/config/config.common.ubuntu | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 0092f241d013..0c2d17076442 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -13578,7 +13578,7 @@ CONFIG_SECURITYFS                               policy<{'amd64': 'y', 'arm64': '
 CONFIG_PAGE_TABLE_ISOLATION                     policy<{'amd64': 'y'}>
 CONFIG_INTEL_TXT                                policy<{'amd64': 'y'}>
 CONFIG_HARDENED_USERCOPY                        policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
-CONFIG_HARDENED_USERCOPY_FALLBACK               policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
+CONFIG_HARDENED_USERCOPY_FALLBACK               policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
 CONFIG_HARDENED_USERCOPY_PAGESPAN               policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
 CONFIG_FORTIFY_SOURCE                           policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_STATIC_USERMODEHELPER                    policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 5af18fe4b2d5..8bbd7d7a8d1d 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -4019,7 +4019,7 @@ CONFIG_HANDLE_DOMAIN_IRQ=y
 CONFIG_HANGCHECK_TIMER=m
 CONFIG_HAPPYMEAL=m
 CONFIG_HARDENED_USERCOPY=y
-CONFIG_HARDENED_USERCOPY_FALLBACK=y
+# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_HARDEN_BRANCH_PREDICTOR=y
 CONFIG_HARDIRQS_SW_RESEND=y