From patchwork Thu Mar 19 19:29:33 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 46086 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f69.google.com (mail-la0-f69.google.com [209.85.215.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 3815F21515 for ; Thu, 19 Mar 2015 19:31:54 +0000 (UTC) Received: by lams18 with SMTP id s18sf14241001lam.2 for ; Thu, 19 Mar 2015 12:31:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:cc:subject:precedence:list-id:list-unsubscribe:list-post :list-help:list-subscribe:mime-version:content-type :content-transfer-encoding:sender:errors-to:x-original-sender :x-original-authentication-results:mailing-list:list-archive; bh=ROZ9bvycbVRKBFVHZX9sk5VupQr6rjOdD26HUe4oVaY=; b=kx8FUz3dRckHA7KVY5DgN//O7OZLlvaUDSwUDx6+nFXCV+SXGuGE5gr484hckvkBO5 jAManUhNZE5cIcJdmHPQOAsaU4GgFDCv2Zqkn7JlRQ9e0xX3nw2KATNaeP671GHD0+FZ +PB/g1XnBi0xkYx7Fv4pLunB3eCt+x40KWcV6Jh3ykliWkYVL24iElNCQlPCkIsMnziK j9C9CoIQpP6iGdcu1rkeXD8806Nl5dEvhPg6gzWJ6z4ZKvOfXOjDdJYQjG/NdMyX2gJ/ aYaxfli8riklOscVVzxaDQb3cETzzyQQJPaER9wQCZovibnW9965fyk6ihppCu0yZdLU Wg/A== X-Gm-Message-State: ALoCoQkzfmmJwaZ3DQ/TpRBOvjyDOSZo88pPSH81DF4iUYNP8lVwhrIaaORpB8sdyjDHnsuRoakk X-Received: by 10.180.90.175 with SMTP id bx15mr2066842wib.3.1426793513192; Thu, 19 Mar 2015 12:31:53 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.228.169 with SMTP id sj9ls355715lac.35.gmail; Thu, 19 Mar 2015 12:31:52 -0700 (PDT) X-Received: by 10.152.4.136 with SMTP id k8mr70297134lak.103.1426793512900; Thu, 19 Mar 2015 12:31:52 -0700 (PDT) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com. [209.85.215.54]) by mx.google.com with ESMTPS id pl9si1663105lbb.70.2015.03.19.12.31.52 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Mar 2015 12:31:52 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.54 as permitted sender) client-ip=209.85.215.54; Received: by lamx15 with SMTP id x15so70758130lam.3 for ; Thu, 19 Mar 2015 12:31:52 -0700 (PDT) X-Received: by 10.112.162.232 with SMTP id yd8mr3635624lbb.41.1426793512624; Thu, 19 Mar 2015 12:31:52 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.35.133 with SMTP id h5csp597274lbj; Thu, 19 Mar 2015 12:31:51 -0700 (PDT) X-Received: by 10.52.3.74 with SMTP id a10mr32116551vda.95.1426793510972; Thu, 19 Mar 2015 12:31:50 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id du8si2008804vdd.20.2015.03.19.12.31.49 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 19 Mar 2015 12:31:50 -0700 (PDT) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YYg9b-0004G0-Mu; Thu, 19 Mar 2015 19:30:51 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YYg9Z-0004Dx-Vp for xen-devel@lists.xenproject.org; Thu, 19 Mar 2015 19:30:50 +0000 Received: from [85.158.137.68] by server-8.bemta-3.messagelabs.com id 20/F0-24808-9E32B055; Thu, 19 Mar 2015 19:30:49 +0000 X-Env-Sender: julien.grall@linaro.org X-Msg-Ref: server-3.tower-31.messagelabs.com!1426793448!13873993!1 X-Originating-IP: [74.125.82.171] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.13.4; banners=-,-,- X-VirusChecked: Checked Received: (qmail 9223 invoked from network); 19 Mar 2015 19:30:48 -0000 Received: from mail-we0-f171.google.com (HELO mail-we0-f171.google.com) (74.125.82.171) by server-3.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 19 Mar 2015 19:30:48 -0000 Received: by webcq43 with SMTP id cq43so65660037web.2 for ; Thu, 19 Mar 2015 12:30:48 -0700 (PDT) X-Received: by 10.194.61.244 with SMTP id t20mr148892818wjr.83.1426793447945; Thu, 19 Mar 2015 12:30:47 -0700 (PDT) Received: from chilopoda.uk.xensource.com. ([185.25.64.249]) by mx.google.com with ESMTPSA id hl8sm3203005wjb.38.2015.03.19.12.30.46 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 19 Mar 2015 12:30:47 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Thu, 19 Mar 2015 19:29:33 +0000 Message-Id: <1426793399-6283-8-git-send-email-julien.grall@linaro.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1426793399-6283-1-git-send-email-julien.grall@linaro.org> References: <1426793399-6283-1-git-send-email-julien.grall@linaro.org> Cc: Keir Fraser , ian.campbell@citrix.com, tim@xen.org, Julien Grall , Ian Jackson , stefano.stabellini@citrix.com, Jan Beulich , Daniel De Graaf Subject: [Xen-devel] [PATCH v4 07/33] xen: guestcopy: Provide an helper to safely copy string from guest X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: julien.grall@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.54 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: Flask code already provides a helper to copy a string from guest. In a later patch, the new DT hypercalls will need a similar function. To avoid code duplication, copy the flask helper (flask_copying_string) to common code: - Rename into safe_copy_string_from_guest - Add comment to explain the extra +1 - Return the buffer directly and use the macros provided by xen/err.h to return an error code if necessary. Signed-off-by: Julien Grall Acked-by: Daniel De Graaf Acked-by: Ian Campbell Cc: Ian Jackson Cc: Jan Beulich Cc: Keir Fraser --- Changes in v4: - Use -ENOBUFS rather than -ENOENT - Fix coding style in comment - Typoes in commit message - Convert the new flask_copying_string (for DT) in safe_copy_string_from_guest - Add Ian and Daniel's ack Changes in v3: - Use macros of xen/err.h to return either the buffer or an error code - Reuse size_t instead of unsigned long - Update comment and commit message Changes in v2: - Rename copy_string_from_guest into safe_copy_string_from_guest - Update commit message and comment in the code --- xen/common/Makefile | 1 + xen/common/guestcopy.c | 31 ++++++++++++++++++++++++++ xen/include/xen/guest_access.h | 5 +++++ xen/xsm/flask/flask_op.c | 49 +++++++++++------------------------------- 4 files changed, 50 insertions(+), 36 deletions(-) create mode 100644 xen/common/guestcopy.c diff --git a/xen/common/Makefile b/xen/common/Makefile index 1956091..cf15887 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -9,6 +9,7 @@ obj-y += event_2l.o obj-y += event_channel.o obj-y += event_fifo.o obj-y += grant_table.o +obj-y += guestcopy.o obj-y += irq.o obj-y += kernel.o obj-y += keyhandler.o diff --git a/xen/common/guestcopy.c b/xen/common/guestcopy.c new file mode 100644 index 0000000..1645cbd --- /dev/null +++ b/xen/common/guestcopy.c @@ -0,0 +1,31 @@ +#include +#include +#include +#include + +/* + * The function copies a string from the guest and adds a NUL to + * make sure the string is correctly terminated. + */ +void *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size) +{ + char *tmp; + + if ( size > max_size ) + return ERR_PTR(-ENOBUFS); + + /* Add an extra +1 to append \0 */ + tmp = xmalloc_array(char, size + 1); + if ( !tmp ) + return ERR_PTR(-ENOMEM); + + if ( copy_from_guest(tmp, u_buf, size) ) + { + xfree(tmp); + return ERR_PTR(-EFAULT); + } + tmp[size] = 0; + + return tmp; +} diff --git a/xen/include/xen/guest_access.h b/xen/include/xen/guest_access.h index 373454e..55645e6 100644 --- a/xen/include/xen/guest_access.h +++ b/xen/include/xen/guest_access.h @@ -8,6 +8,8 @@ #define __XEN_GUEST_ACCESS_H__ #include +#include +#include #define copy_to_guest(hnd, ptr, nr) \ copy_to_guest_offset(hnd, 0, ptr, nr) @@ -27,4 +29,7 @@ #define __clear_guest(hnd, nr) \ __clear_guest_offset(hnd, 0, nr) +void *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size); + #endif /* __XEN_GUEST_ACCESS_H__ */ diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 47aacc1..802ffd4 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -12,6 +12,7 @@ #include #include #include +#include #include @@ -93,29 +94,6 @@ static int domain_has_security(struct domain *d, u32 perms) perms, NULL); } -static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, - size_t size, size_t max_size) -{ - char *tmp; - - if ( size > max_size ) - return -ENOENT; - - tmp = xmalloc_array(char, size + 1); - if ( !tmp ) - return -ENOMEM; - - if ( copy_from_guest(tmp, u_buf, size) ) - { - xfree(tmp); - return -EFAULT; - } - tmp[size] = 0; - - *buf = tmp; - return 0; -} - #endif /* COMPAT */ static int flask_security_user(struct xen_flask_userlist *arg) @@ -129,9 +107,9 @@ static int flask_security_user(struct xen_flask_userlist *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + user = safe_copy_string_from_guest(arg->u.user, arg->size, PAGE_SIZE); + if ( IS_ERR(user) ) + return PTR_ERR(user); rv = security_get_user_sids(arg->start_sid, user, &sids, &nsids); if ( rv < 0 ) @@ -244,9 +222,9 @@ static int flask_security_context(struct xen_flask_sid_context *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + buf = safe_copy_string_from_guest(arg->context, arg->size, PAGE_SIZE); + if ( IS_ERR(buf) ) + return PTR_ERR(buf); rv = security_context_to_sid(buf, arg->size, &arg->sid); if ( rv < 0 ) @@ -336,14 +314,13 @@ static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *ar static int flask_security_resolve_bool(struct xen_flask_boolean *arg) { char *name; - int rv; if ( arg->bool_id != -1 ) return 0; - rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr); - if ( rv ) - return rv; + name = safe_copy_string_from_guest(arg->name, arg->size, bool_maxstr); + if ( IS_ERR(name) ) + return PTR_ERR(name); arg->bool_id = security_find_bool(name); arg->size = 0; @@ -574,9 +551,9 @@ static int flask_devicetree_label(struct xen_flask_devicetree_label *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->path, &buf, arg->length, PAGE_SIZE); - if ( rv ) - return rv; + buf = safe_copy_string_from_guest(arg->path, arg->length, PAGE_SIZE); + if ( IS_ERR(buf) ) + return PTR_ERR(buf); /* buf is consumed or freed by this function */ rv = security_devicetree_setlabel(buf, sid);