From patchwork Tue Apr 28 14:32:29 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 47670 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wg0-f69.google.com (mail-wg0-f69.google.com [74.125.82.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 9CA6E21550 for ; Tue, 28 Apr 2015 14:34:42 +0000 (UTC) Received: by wgtl5 with SMTP id l5sf34104001wgt.1 for ; Tue, 28 Apr 2015 07:34:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:mime-version:cc:subject:precedence:list-id :list-unsubscribe:list-post:list-help:list-subscribe:content-type :content-transfer-encoding:sender:errors-to:x-original-sender :x-original-authentication-results:mailing-list:list-archive; bh=m/LE4dxzpcYWhgFtuHuFHXx8lSKC+e4wA/eIKB7vZjg=; b=eooCGmHe1ZXXIaWja61yBNhwuQW2zZ1wwolxI/9BiRBOIUX41NlzmVolZlvNRJ+sTK yK3NbZYe/pcVbJB0/oTb+Z80TKq5bcbh15zeLvAt80+xmixPlzxU0kRMOy23lU8bIh9v KhLacmvian1DUcPR2mDkN1+cp92eSIy6BHmu3orhEnMcR5GCS0b6cxl8HEiYgVPFrhLo ZzUWwT9ulJCT0M4zUlnYjdHnm4x6rDoysU2VR5MuANzigMUkYhAk5fGN7R6GyEpBgngN 6KlTALHM0gOon8irv5YeAjSDQRNnNjeeMlGCroDs2srPStaTLqyPryTsTzB8eM8AD9a8 2JKw== X-Gm-Message-State: ALoCoQno9+qMYFz1aV/LCVpuMGvkckAkk017zbCV02MN5f5R2msotp1MjcIphSNsedBu+e3/1bYz X-Received: by 10.194.121.67 with SMTP id li3mr10435567wjb.3.1430231681947; Tue, 28 Apr 2015 07:34:41 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.45.71 with SMTP id k7ls85307lam.99.gmail; Tue, 28 Apr 2015 07:34:41 -0700 (PDT) X-Received: by 10.112.47.73 with SMTP id b9mr14656467lbn.46.1430231681748; Tue, 28 Apr 2015 07:34:41 -0700 (PDT) Received: from mail-la0-f43.google.com (mail-la0-f43.google.com. [209.85.215.43]) by mx.google.com with ESMTPS id j1si17207506lbc.15.2015.04.28.07.34.41 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Apr 2015 07:34:41 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.43 as permitted sender) client-ip=209.85.215.43; Received: by layy10 with SMTP id y10so106007147lay.0 for ; Tue, 28 Apr 2015 07:34:41 -0700 (PDT) X-Received: by 10.112.29.36 with SMTP id g4mr15190735lbh.56.1430231681630; Tue, 28 Apr 2015 07:34:41 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.67.65 with SMTP id l1csp1924035lbt; Tue, 28 Apr 2015 07:34:40 -0700 (PDT) X-Received: by 10.140.41.104 with SMTP id y95mr11998861qgy.28.1430231679050; Tue, 28 Apr 2015 07:34:39 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id h184si18591411qhc.30.2015.04.28.07.34.38 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 28 Apr 2015 07:34:39 -0700 (PDT) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Yn6Zn-0007lu-Jb; Tue, 28 Apr 2015 14:33:31 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Yn6Zm-0007kq-5F for xen-devel@lists.xenproject.org; Tue, 28 Apr 2015 14:33:30 +0000 Received: from [85.158.139.211] by server-10.bemta-5.messagelabs.com id 23/F7-21049-93A9F355; Tue, 28 Apr 2015 14:33:29 +0000 X-Env-Sender: julien.grall@citrix.com X-Msg-Ref: server-16.tower-206.messagelabs.com!1430231604!8366589!4 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 6.13.14; banners=-,-,- X-VirusChecked: Checked Received: (qmail 21762 invoked from network); 28 Apr 2015 14:33:28 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-16.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 28 Apr 2015 14:33:28 -0000 X-IronPort-AV: E=Sophos;i="5.11,663,1422921600"; d="scan'208";a="257345544" From: Julien Grall To: Date: Tue, 28 Apr 2015 15:32:29 +0100 Message-ID: <1430231563-25648-6-git-send-email-julien.grall@citrix.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1430231563-25648-1-git-send-email-julien.grall@citrix.com> References: <1430231563-25648-1-git-send-email-julien.grall@citrix.com> MIME-Version: 1.0 X-DLP: MIA2 Cc: Keir Fraser , ian.campbell@citrix.com, tim@xen.org, Julien Grall , Ian Jackson , stefano.stabellini@citrix.com, Jan Beulich , Daniel De Graaf Subject: [Xen-devel] [PATCH v6 05/19] xen: guestcopy: Provide an helper to safely copy string from guest X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: patch@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.43 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: From: Julien Grall Flask code already provides a helper to copy a string from guest. In a later patch, the new DT hypercalls will need a similar function. To avoid code duplication, copy the flask helper (flask_copying_string) to common code: - Rename into safe_copy_string_from_guest - Add comment to explain the extra +1 - Return the buffer directly and use the macros provided by xen/err.h to return an error code if necessary. Signed-off-by: Julien Grall Acked-by: Daniel De Graaf Acked-by: Ian Campbell Cc: Ian Jackson Cc: Jan Beulich Cc: Keir Fraser --- Changes in v5: - return a char* rather than a void* - Use '\0' rather than 0 Changes in v4: - Use -ENOBUFS rather than -ENOENT - Fix coding style in comment - Typoes in commit message - Convert the new flask_copying_string (for DT) in safe_copy_string_from_guest - Add Ian and Daniel's ack Changes in v3: - Use macros of xen/err.h to return either the buffer or an error code - Reuse size_t instead of unsigned long - Update comment and commit message Changes in v2: - Rename copy_string_from_guest into safe_copy_string_from_guest - Update commit message and comment in the code --- xen/common/Makefile | 1 + xen/common/guestcopy.c | 31 ++++++++++++++++++++++++++ xen/include/xen/guest_access.h | 5 +++++ xen/xsm/flask/flask_op.c | 49 +++++++++++------------------------------- 4 files changed, 50 insertions(+), 36 deletions(-) create mode 100644 xen/common/guestcopy.c diff --git a/xen/common/Makefile b/xen/common/Makefile index 8d84bc6..1cddebc 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -9,6 +9,7 @@ obj-y += event_2l.o obj-y += event_channel.o obj-y += event_fifo.o obj-y += grant_table.o +obj-y += guestcopy.o obj-y += irq.o obj-y += kernel.o obj-y += keyhandler.o diff --git a/xen/common/guestcopy.c b/xen/common/guestcopy.c new file mode 100644 index 0000000..6ae1815 --- /dev/null +++ b/xen/common/guestcopy.c @@ -0,0 +1,31 @@ +#include +#include +#include +#include + +/* + * The function copies a string from the guest and adds a NUL to + * make sure the string is correctly terminated. + */ +char *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size) +{ + char *tmp; + + if ( size > max_size ) + return ERR_PTR(-ENOBUFS); + + /* Add an extra +1 to append \0 */ + tmp = xmalloc_array(char, size + 1); + if ( !tmp ) + return ERR_PTR(-ENOMEM); + + if ( copy_from_guest(tmp, u_buf, size) ) + { + xfree(tmp); + return ERR_PTR(-EFAULT); + } + tmp[size] = '\0'; + + return tmp; +} diff --git a/xen/include/xen/guest_access.h b/xen/include/xen/guest_access.h index 373454e..09989df 100644 --- a/xen/include/xen/guest_access.h +++ b/xen/include/xen/guest_access.h @@ -8,6 +8,8 @@ #define __XEN_GUEST_ACCESS_H__ #include +#include +#include #define copy_to_guest(hnd, ptr, nr) \ copy_to_guest_offset(hnd, 0, ptr, nr) @@ -27,4 +29,7 @@ #define __clear_guest(hnd, nr) \ __clear_guest_offset(hnd, 0, nr) +char *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size); + #endif /* __XEN_GUEST_ACCESS_H__ */ diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 47aacc1..802ffd4 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -12,6 +12,7 @@ #include #include #include +#include #include @@ -93,29 +94,6 @@ static int domain_has_security(struct domain *d, u32 perms) perms, NULL); } -static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, - size_t size, size_t max_size) -{ - char *tmp; - - if ( size > max_size ) - return -ENOENT; - - tmp = xmalloc_array(char, size + 1); - if ( !tmp ) - return -ENOMEM; - - if ( copy_from_guest(tmp, u_buf, size) ) - { - xfree(tmp); - return -EFAULT; - } - tmp[size] = 0; - - *buf = tmp; - return 0; -} - #endif /* COMPAT */ static int flask_security_user(struct xen_flask_userlist *arg) @@ -129,9 +107,9 @@ static int flask_security_user(struct xen_flask_userlist *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + user = safe_copy_string_from_guest(arg->u.user, arg->size, PAGE_SIZE); + if ( IS_ERR(user) ) + return PTR_ERR(user); rv = security_get_user_sids(arg->start_sid, user, &sids, &nsids); if ( rv < 0 ) @@ -244,9 +222,9 @@ static int flask_security_context(struct xen_flask_sid_context *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + buf = safe_copy_string_from_guest(arg->context, arg->size, PAGE_SIZE); + if ( IS_ERR(buf) ) + return PTR_ERR(buf); rv = security_context_to_sid(buf, arg->size, &arg->sid); if ( rv < 0 ) @@ -336,14 +314,13 @@ static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *ar static int flask_security_resolve_bool(struct xen_flask_boolean *arg) { char *name; - int rv; if ( arg->bool_id != -1 ) return 0; - rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr); - if ( rv ) - return rv; + name = safe_copy_string_from_guest(arg->name, arg->size, bool_maxstr); + if ( IS_ERR(name) ) + return PTR_ERR(name); arg->bool_id = security_find_bool(name); arg->size = 0; @@ -574,9 +551,9 @@ static int flask_devicetree_label(struct xen_flask_devicetree_label *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->path, &buf, arg->length, PAGE_SIZE); - if ( rv ) - return rv; + buf = safe_copy_string_from_guest(arg->path, arg->length, PAGE_SIZE); + if ( IS_ERR(buf) ) + return PTR_ERR(buf); /* buf is consumed or freed by this function */ rv = security_devicetree_setlabel(buf, sid);