From patchwork Wed May 13 16:00:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219332 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF756C433E1 for ; Wed, 13 May 2020 16:02:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EC21920659 for ; Wed, 13 May 2020 16:02:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ikkl1NyD" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389225AbgEMQAr (ORCPT ); Wed, 13 May 2020 12:00:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729561AbgEMQAp (ORCPT ); Wed, 13 May 2020 12:00:45 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07851C061A0C; Wed, 13 May 2020 09:00:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=81hDLaNsDP1XezBBCmTYO/9RleZtnLgOrYL3Jzc5rEw=; b=ikkl1NyDNT4ANKaumsZ6DItD/a f1GnBNaOz5ksoCJIu1tuOaIHNbkxzGPjXff1v7YH4QamfW5RiT/tln3ksBp8a0lkjOumJUshYy1fI kkae1/hbFGDEK2OcsaCUkAanrGFZMrRA36p/8oDHlCaaWNAzCJ7OgbFMHbXQ0usSjrZvIhG8Hihav EH+plxKBn4m1UZGIbJk0myNeMzL1XMP2A16j2rCAxD3uB1UK9h0DTKFDuI61+a36btwWjnRmco6Df qc8IybRg/jfzh7WMiOQo42FjkMYWmH111KFxVcLkUUPN15EXeUOWs6Jb86V/79P8r32OvHU8zos0S Dc9+ylSg==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtoJ-0004g7-7D; Wed, 13 May 2020 16:00:43 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 01/18] maccess: unexport probe_kernel_write and probe_user_write Date: Wed, 13 May 2020 18:00:21 +0200 Message-Id: <20200513160038.2482415-2-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org These two functions are not used by any modular code. Signed-off-by: Christoph Hellwig --- mm/maccess.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/mm/maccess.c b/mm/maccess.c index 3ca8d97e50106..cf21e604f78cb 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -121,7 +121,6 @@ long __probe_kernel_write(void *dst, const void *src, size_t size) return ret; } -EXPORT_SYMBOL_GPL(probe_kernel_write); /** * probe_user_write(): safely attempt to write to a user-space location @@ -148,7 +147,6 @@ long __probe_user_write(void __user *dst, const void *src, size_t size) return ret; } -EXPORT_SYMBOL_GPL(probe_user_write); /** * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address. From patchwork Wed May 13 16:00:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219333 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20612C433DF for ; Wed, 13 May 2020 16:02:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 50A54205ED for ; Wed, 13 May 2020 16:02:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ts6e9NT3" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389336AbgEMQAv (ORCPT ); Wed, 13 May 2020 12:00:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730291AbgEMQAu (ORCPT ); Wed, 13 May 2020 12:00:50 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42B4AC061A0C; Wed, 13 May 2020 09:00:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=LNedO/lL6g8P+QsVFWLVScVEptUSGiGTZWf8H0Q1tZA=; b=ts6e9NT3V8yWz+LtzMv4rkdZ9o XbzoWSyGT3XedYSLPIj2l6bU4/dtfPsyiiWLH7hDxVoGc5UARJtUkqtzIeGq49lKa+AH0Y5npVY+C GVBD8kLvOcKLvEv9Cs4LZ9gdVRDBPbJ2xsSV6iwElSwImuy3J/L600ewA46WTY+x6LUru76Dld5Z4 RdH5Amf2Zyhi+L13cBm+CM2uPPF/6wtVYe3dcqbZJGJZnPKhOsMNYAFD5VOJeLWv72DTVTzbyEc+g o1JJZVtP60V/kezBLynuXYzyh58pSRH1z5B4gCAc0iAV811dyi8ZT2p1mJhHS9+p0s/rjnGeRe5gO 4bAHy9Kw==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtoO-0004hf-FL; Wed, 13 May 2020 16:00:49 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 03/18] maccess: remove duplicate kerneldoc comments Date: Wed, 13 May 2020 18:00:23 +0200 Message-Id: <20200513160038.2482415-4-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Many of the maccess routines have a copy of the kerneldoc comment in the header. Remove it as it is not useful and will get out of sync sooner or later. Signed-off-by: Christoph Hellwig --- include/linux/uaccess.h | 38 -------------------------------------- 1 file changed, 38 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index a2c606a403745..5a36a298a85f8 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -301,50 +301,12 @@ copy_struct_from_user(void *dst, size_t ksize, const void __user *src, return 0; } -/* - * probe_kernel_read(): safely attempt to read from a location - * @dst: pointer to the buffer that shall take the data - * @src: address to read from - * @size: size of the data chunk - * - * Safely read from address @src to the buffer at @dst. If a kernel fault - * happens, handle that and return -EFAULT. - */ extern long probe_kernel_read(void *dst, const void *src, size_t size); extern long probe_kernel_read_strict(void *dst, const void *src, size_t size); extern long __probe_kernel_read(void *dst, const void *src, size_t size); - -/* - * probe_user_read(): safely attempt to read from a location in user space - * @dst: pointer to the buffer that shall take the data - * @src: address to read from - * @size: size of the data chunk - * - * Safely read from address @src to the buffer at @dst. If a kernel fault - * happens, handle that and return -EFAULT. - */ extern long probe_user_read(void *dst, const void __user *src, size_t size); -/* - * probe_kernel_write(): safely attempt to write to a location - * @dst: address to write to - * @src: pointer to the data that shall be written - * @size: size of the data chunk - * - * Safely write to address @dst from the buffer at @src. If a kernel fault - * happens, handle that and return -EFAULT. - */ extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); - -/* - * probe_user_write(): safely attempt to write to a location in user space - * @dst: address to write to - * @src: pointer to the data that shall be written - * @size: size of the data chunk - * - * Safely write to address @dst from the buffer at @src. If a kernel fault - * happens, handle that and return -EFAULT. - */ extern long notrace probe_user_write(void __user *dst, const void *src, size_t size); extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); From patchwork Wed May 13 16:00:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219340 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 523B3C433E2 for ; Wed, 13 May 2020 16:00:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 80D6F2065D for ; Wed, 13 May 2020 16:00:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="K7vXcJeQ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389389AbgEMQAz (ORCPT ); Wed, 13 May 2020 12:00:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389348AbgEMQAx (ORCPT ); Wed, 13 May 2020 12:00:53 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB682C061A0C; Wed, 13 May 2020 09:00:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=mSMXwSYIg6w8Djb8jfs2EjgdqI2tqBJvsH4pyf4a+s4=; b=K7vXcJeQdZ4RxFlFwWFM087V2s ELGL5A58AHOSBzKj7tSKyX1/5d/XvhoN/lFQJNE8Ml8PL7igR4gDP0nge0LibB2gH9sYX5OPVbtRV XsCsiBJYRNog7EKtYR2j8v3RYS7UaXLJPMfeuVRw3DkSpo4rga4+m4uPkRWfT1yDlkmSNOKnpNw7/ DXby0rgCEtH1QjbS7puSqf7dUsnzCY0wQEzDivuEktT3SVj643l7vgfi7h8f+lE226/hsFFsRa8ri LtYKe2R97TArhfTeE8v4HwzdzypRNsAiSvWdvbhYUyq5tW10XFMdVgovAN/qZzCyyLB+F4CeycFLP zl+XNRDg==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtoR-0004j2-24; Wed, 13 May 2020 16:00:51 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 04/18] maccess: clarify kerneldoc comments Date: Wed, 13 May 2020 18:00:24 +0200 Message-Id: <20200513160038.2482415-5-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add proper kerneldoc comments for probe_kernel_read_strict and probe_kernel_read strncpy_from_unsafe_strict and explain the different versus the non-strict version. Signed-off-by: Christoph Hellwig --- mm/maccess.c | 61 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 43 insertions(+), 18 deletions(-) diff --git a/mm/maccess.c b/mm/maccess.c index 4e7f3b6eb05ae..747581ac50dc9 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -31,29 +31,35 @@ probe_write_common(void __user *dst, const void *src, size_t size) } /** - * probe_kernel_read(): safely attempt to read from a kernel-space location + * probe_kernel_read(): safely attempt to read from any location * @dst: pointer to the buffer that shall take the data * @src: address to read from * @size: size of the data chunk * - * Safely read from address @src to the buffer at @dst. If a kernel fault - * happens, handle that and return -EFAULT. + * Same as probe_kernel_read_strict() except that for architectures with + * not fully separated user and kernel address spaces this function also works + * for user address tanges. + * + * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely + * separate kernel and user address spaces, and also a bad idea otherwise. + */ +long __weak probe_kernel_read(void *dst, const void *src, size_t size) + __attribute__((alias("__probe_kernel_read"))); + +/** + * probe_kernel_read_strict(): safely attempt to read from kernel-space + * @dst: pointer to the buffer that shall take the data + * @src: address to read from + * @size: size of the data chunk + * + * Safely read from kernel address @src to the buffer at @dst. If a kernel + * fault happens, handle that and return -EFAULT. * * We ensure that the copy_from_user is executed in atomic context so that * do_page_fault() doesn't attempt to take mmap_sem. This makes * probe_kernel_read() suitable for use within regions where the caller * already holds mmap_sem, or other locks which nest inside mmap_sem. - * - * probe_kernel_read_strict() is the same as probe_kernel_read() except for - * the case where architectures have non-overlapping user and kernel address - * ranges: probe_kernel_read_strict() will additionally return -EFAULT for - * probing memory on a user address range where probe_user_read() is supposed - * to be used instead. */ - -long __weak probe_kernel_read(void *dst, const void *src, size_t size) - __attribute__((alias("__probe_kernel_read"))); - long __weak probe_kernel_read_strict(void *dst, const void *src, size_t size) __attribute__((alias("__probe_kernel_read"))); @@ -153,15 +159,34 @@ long probe_user_write(void __user *dst, const void *src, size_t size) * If @count is smaller than the length of the string, copies @count-1 bytes, * sets the last byte of @dst buffer to NUL and returns @count. * - * strncpy_from_unsafe_strict() is the same as strncpy_from_unsafe() except - * for the case where architectures have non-overlapping user and kernel address - * ranges: strncpy_from_unsafe_strict() will additionally return -EFAULT for - * probing memory on a user address range where strncpy_from_unsafe_user() is - * supposed to be used instead. + * Same as strncpy_from_unsafe_strict() except that for architectures with + * not fully separated user and kernel address spaces this function also works + * for user address tanges. + * + * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely + * separate kernel and user address spaces, and also a bad idea otherwise. */ long __weak strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) __attribute__((alias("__strncpy_from_unsafe"))); +/** + * strncpy_from_unsafe_strict: - Copy a NUL terminated string from unsafe + * address. + * @dst: Destination address, in kernel space. This buffer must be at + * least @count bytes long. + * @unsafe_addr: Unsafe address. + * @count: Maximum number of bytes to copy, including the trailing NUL. + * + * Copies a NUL-terminated string from unsafe address to kernel buffer. + * + * On success, returns the length of the string INCLUDING the trailing NUL. + * + * If access fails, returns -EFAULT (some data may have been copied + * and the trailing NUL added). + * + * If @count is smaller than the length of the string, copies @count-1 bytes, + * sets the last byte of @dst buffer to NUL and returns @count. + */ long __weak strncpy_from_unsafe_strict(char *dst, const void *unsafe_addr, long count) __attribute__((alias("__strncpy_from_unsafe"))); From patchwork Wed May 13 16:00:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219334 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A92FC433E1 for ; Wed, 13 May 2020 16:02:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6C9C2206A5 for ; Wed, 13 May 2020 16:02:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="Sk8/uk3g" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389628AbgEMQCY (ORCPT ); Wed, 13 May 2020 12:02:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389401AbgEMQBD (ORCPT ); Wed, 13 May 2020 12:01:03 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EFE9C061A0C; Wed, 13 May 2020 09:01:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=VuuC8gyhNLA98gHlF+iVYdqtkGo70vYEfnfHJViFpYs=; b=Sk8/uk3gtxAuNKqRATUigLyeTk Pbq3/liZCblWhCjoxPe9sql2pKbpdzKGxu4u73DPIwIPJivEvm4i3k1eh2INeD2fDaUqwAwr4PYzP 4FOqyKE4w6dpAIXoiVDVyshgTuF07gqwrOIT4ICJk/G9YEb7PWi+lyt9Ev2tiScFRcl3Zab1uHMYE ZExP5ptxi3Wpzop6gJ0mgga3n1Z93bTJGRdiyNUuLx4RCODWnd2jzj3VUl6Y58AWZhCrwA4TIRqar g7rBzRAu+QJgK5h5ePCPzAl03vHsxhQdJY8GBbTsJ+hV2d0lBcVJfsXCVEyKYtLC9sq5KYCekhZGK Xng8pmpg==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtob-0004pn-Fc; Wed, 13 May 2020 16:01:02 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 08/18] maccess: rename strnlen_unsafe_user to strnlen_user_nofault Date: Wed, 13 May 2020 18:00:28 +0200 Message-Id: <20200513160038.2482415-9-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This matches the naming of strnlen_user, and also makes it more clear what the function is supposed to do. Signed-off-by: Christoph Hellwig --- include/linux/uaccess.h | 2 +- kernel/trace/trace_kprobe.c | 2 +- mm/maccess.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 134ff9c1c151b..d8366f8468664 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -315,7 +315,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, extern long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, long count); -extern long strnlen_unsafe_user(const void __user *unsafe_addr, long count); +long strnlen_user_nofault(const void __user *unsafe_addr, long count); /** * probe_kernel_address(): safely attempt to read from a location diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index d600f41fda1ca..4325f9e7fadaa 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1221,7 +1221,7 @@ fetch_store_strlen_user(unsigned long addr) { const void __user *uaddr = (__force const void __user *)addr; - return strnlen_unsafe_user(uaddr, MAX_STRING_SIZE); + return strnlen_user_nofault(uaddr, MAX_STRING_SIZE); } /* diff --git a/mm/maccess.c b/mm/maccess.c index c8748c2809096..e783ebfccd542 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -258,7 +258,7 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, } /** - * strnlen_unsafe_user: - Get the size of a user string INCLUDING final NUL. + * strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL. * @unsafe_addr: The string to measure. * @count: Maximum count (including NUL) * @@ -273,7 +273,7 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, * Unlike strnlen_user, this can be used from IRQ handler etc. because * it disables pagefaults. */ -long strnlen_unsafe_user(const void __user *unsafe_addr, long count) +long strnlen_user_nofault(const void __user *unsafe_addr, long count) { mm_segment_t old_fs = get_fs(); int ret; From patchwork Wed May 13 16:00:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219339 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3E04C433E1 for ; Wed, 13 May 2020 16:01:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 303C620659 for ; Wed, 13 May 2020 16:01:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="n83Jlhlq" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389454AbgEMQBH (ORCPT ); Wed, 13 May 2020 12:01:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389421AbgEMQBG (ORCPT ); Wed, 13 May 2020 12:01:06 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FF77C061A0E; Wed, 13 May 2020 09:01:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=yadtTKbWc/15+vOx4rf6FZGFQ9tpi7eEb5UkyN0sySQ=; b=n83Jlhlq7VChaqupUdqt+gBhX7 OcJrYjdbip8e8Zxa1Fi65f3i3XVVl95+rUzNQWgeZYF1FATnOOF2fnUiZmkDma2GCbeAqQXyp6Bls ojHiyEeX38xD6PiXqorsZWC/Wb7Laq9R+8rBqiVPRyRRyFhFigNiJ2T54RdghGYRgyu/qthIVnIRk oKKJSJ+qkc9jz6EOCgSRLl8EELFH31ImfPJ8wPZd11/08sZlpgwuOB7glqi99WI2DZjx2AtgmNh/c Nvos/wtzUV+XExtE6W6/4LVF9/xnCdEueYvxfrk0Ia//G5lgovOmy4EHLym0ahZWBSbfW0mkm9eYW d1+GD+fA==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtoe-0004rO-6Y; Wed, 13 May 2020 16:01:04 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 09/18] maccess: remove probe_read_common and probe_write_common Date: Wed, 13 May 2020 18:00:29 +0200 Message-Id: <20200513160038.2482415-10-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Each of the helpers has just two callers, which also different in dealing with kernel or userspace pointers. Just open code the logic in the callers. Signed-off-by: Christoph Hellwig --- mm/maccess.c | 63 ++++++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/mm/maccess.c b/mm/maccess.c index e783ebfccd542..31cf6604e7fff 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -6,30 +6,6 @@ #include #include -static __always_inline long -probe_read_common(void *dst, const void __user *src, size_t size) -{ - long ret; - - pagefault_disable(); - ret = __copy_from_user_inatomic(dst, src, size); - pagefault_enable(); - - return ret ? -EFAULT : 0; -} - -static __always_inline long -probe_write_common(void __user *dst, const void *src, size_t size) -{ - long ret; - - pagefault_disable(); - ret = __copy_to_user_inatomic(dst, src, size); - pagefault_enable(); - - return ret ? -EFAULT : 0; -} - /** * probe_kernel_read(): safely attempt to read from any location * @dst: pointer to the buffer that shall take the data @@ -69,10 +45,15 @@ long __probe_kernel_read(void *dst, const void *src, size_t size) mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); - ret = probe_read_common(dst, (__force const void __user *)src, size); + pagefault_disable(); + ret = __copy_from_user_inatomic(dst, (__force const void __user *)src, + size); + pagefault_enable(); set_fs(old_fs); - return ret; + if (ret) + return -EFAULT; + return 0; } EXPORT_SYMBOL_GPL(probe_kernel_read); @@ -91,11 +72,16 @@ long probe_user_read(void *dst, const void __user *src, size_t size) mm_segment_t old_fs = get_fs(); set_fs(USER_DS); - if (access_ok(src, size)) - ret = probe_read_common(dst, src, size); + if (access_ok(src, size)) { + pagefault_disable(); + ret = __copy_from_user_inatomic(dst, src, size); + pagefault_enable(); + } set_fs(old_fs); - return ret; + if (ret) + return -EFAULT; + return 0; } EXPORT_SYMBOL_GPL(probe_user_read); @@ -114,10 +100,14 @@ long probe_kernel_write(void *dst, const void *src, size_t size) mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); - ret = probe_write_common((__force void __user *)dst, src, size); + pagefault_disable(); + ret = __copy_to_user_inatomic((__force void __user *)dst, src, size); + pagefault_enable(); set_fs(old_fs); - return ret; + if (ret) + return -EFAULT; + return 0; } /** @@ -135,11 +125,16 @@ long probe_user_write(void __user *dst, const void *src, size_t size) mm_segment_t old_fs = get_fs(); set_fs(USER_DS); - if (access_ok(dst, size)) - ret = probe_write_common(dst, src, size); + if (access_ok(dst, size)) { + pagefault_disable(); + ret = __copy_to_user_inatomic(dst, src, size); + pagefault_enable(); + } set_fs(old_fs); - return ret; + if (ret) + return -EFAULT; + return 0; } /** From patchwork Wed May 13 16:00:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219338 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FE0DC433E0 for ; Wed, 13 May 2020 16:01:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CD0F6205ED for ; Wed, 13 May 2020 16:01:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="n7hdbbE1" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389485AbgEMQBO (ORCPT ); Wed, 13 May 2020 12:01:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389474AbgEMQBL (ORCPT ); Wed, 13 May 2020 12:01:11 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77DC2C061A0C; Wed, 13 May 2020 09:01:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=e1CZctNYK4d9hjU9VWYJ2crWHHVhF7paRXkIsU42MN4=; b=n7hdbbE1EOzvVCtETtvIHh+qrp 28nml4L7/glz0jmjWbZOyrPevQHLpIokCh3WNHq5yVcJV2nG6407+T5WpQ3LPnISlzNVkTmgC2AIB MxmZ6MgLQ4jM5ofoFl4vbpDfYnIb6Iu4DLuMVi/aInRpB8uasWEEVWWpS/RrZrZsRFhjKXFm9dYxb l+nQNEj6dLd58St6tMhnfeaLYjuaFHsufN02Kcd/2CqpZJFH788MnnIjqvpm5TTPZ00diAIc4v4QU Jdg/rZYaNtCDO3Me9+r7gJ5ZP9o4k8BWDqeKHIexpXHDOlcmhmiGN/bA6qNNfcRmHdibBDY5QAB2o 8uR1u9bw==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtoj-0004ug-It; Wed, 13 May 2020 16:01:10 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 11/18] maccess: remove strncpy_from_unsafe Date: Wed, 13 May 2020 18:00:31 +0200 Message-Id: <20200513160038.2482415-12-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org All three callers really should try the explicit kernel and user copies instead. One has already deprecated the somewhat dangerous either kernel or user address concept, the other two still need to follow up eventually. Signed-off-by: Christoph Hellwig Reviewed-by: Masami Hiramatsu --- include/linux/uaccess.h | 1 - kernel/trace/bpf_trace.c | 39 +++++++++++++++++++++++++------------ kernel/trace/trace_kprobe.c | 5 ++++- mm/maccess.c | 39 +------------------------------------ 4 files changed, 32 insertions(+), 52 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 7cfc10eb09c60..28944a14e0534 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -311,7 +311,6 @@ extern long probe_user_read(void *dst, const void __user *src, size_t size); extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); extern long notrace probe_user_write(void __user *dst, const void *src, size_t size); -extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count); diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 3dd4763c195bb..0d849acc9de38 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -226,12 +226,14 @@ static __always_inline int bpf_probe_read_kernel_str_common(void *dst, u32 size, const void *unsafe_ptr, const bool compat) { + const void __user *user_ptr = (__force const void __user *)unsafe_ptr; int ret = security_locked_down(LOCKDOWN_BPF_READ); if (unlikely(ret < 0)) - goto out; + goto fail; + /* - * The strncpy_from_unsafe_*() call will likely not fill the entire + * The strncpy_from_*_nofault() calls will likely not fill the entire * buffer, but that's okay in this circumstance as we're probing * arbitrary memory anyway similar to bpf_probe_read_*() and might * as well probe the stack. Thus, memory is explicitly cleared @@ -239,11 +241,16 @@ bpf_probe_read_kernel_str_common(void *dst, u32 size, const void *unsafe_ptr, * code altogether don't copy garbage; otherwise length of string * is returned that can be used for bpf_perf_event_output() et al. */ - ret = compat ? strncpy_from_unsafe(dst, unsafe_ptr, size) : - strncpy_from_kernel_nofault(dst, unsafe_ptr, size); - if (unlikely(ret < 0)) -out: - memset(dst, 0, size); + ret = strncpy_from_kernel_nofault(dst, unsafe_ptr, size); + if (unlikely(ret < 0)) { + if (compat) + ret = strncpy_from_user_nofault(dst, user_ptr, size); + if (unlikely(ret < 0)) + goto fail; + } + return 0; +fail: + memset(dst, 0, size); return ret; } @@ -321,6 +328,17 @@ static const struct bpf_func_proto *bpf_get_probe_write_proto(void) return &bpf_probe_write_user_proto; } +#define BPF_STRNCPY_LEN 64 + +static void bpf_strncpy(char *buf, long unsafe_addr) +{ + buf[0] = 0; + if (strncpy_from_kernel_nofault(buf, (void *)unsafe_addr, + BPF_STRNCPY_LEN)) + strncpy_from_user_nofault(buf, (void __user *)unsafe_addr, + BPF_STRNCPY_LEN); +} + /* * Only limited trace_printk() conversion specifiers allowed: * %d %i %u %x %ld %li %lu %lx %lld %lli %llu %llx %p %s @@ -332,7 +350,7 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt, u32, fmt_size, u64, arg1, int mod[3] = {}; int fmt_cnt = 0; u64 unsafe_addr; - char buf[64]; + char buf[BPF_STRNCPY_LEN]; int i; /* @@ -387,10 +405,7 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt, u32, fmt_size, u64, arg1, arg3 = (long) buf; break; } - buf[0] = 0; - strncpy_from_unsafe(buf, - (void *) (long) unsafe_addr, - sizeof(buf)); + bpf_strncpy(buf, unsafe_addr); } continue; } diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 4325f9e7fadaa..8c456e30933d3 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1244,7 +1244,10 @@ fetch_store_string(unsigned long addr, void *dest, void *base) * Try to get string again, since the string can be changed while * probing. */ - ret = strncpy_from_unsafe(__dest, (void *)addr, maxlen); + ret = strncpy_from_kernel_nofault(__dest, (void *)addr, maxlen); + if (ret < 0) + ret = strncpy_from_user_nofault(__dest, (void __user *)addr, + maxlen); if (ret >= 0) *(u32 *)dest = make_data_loc(ret, __dest - base); diff --git a/mm/maccess.c b/mm/maccess.c index 483a933b7d241..3d85e48013e6b 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -8,8 +8,6 @@ static long __probe_kernel_read(void *dst, const void *src, size_t size, bool strict); -static long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, - long count, bool strict); bool __weak probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size, bool strict) @@ -156,35 +154,6 @@ long probe_user_write(void __user *dst, const void *src, size_t size) return 0; } -/** - * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address. - * @dst: Destination address, in kernel space. This buffer must be at - * least @count bytes long. - * @unsafe_addr: Unsafe address. - * @count: Maximum number of bytes to copy, including the trailing NUL. - * - * Copies a NUL-terminated string from unsafe address to kernel buffer. - * - * On success, returns the length of the string INCLUDING the trailing NUL. - * - * If access fails, returns -EFAULT (some data may have been copied - * and the trailing NUL added). - * - * If @count is smaller than the length of the string, copies @count-1 bytes, - * sets the last byte of @dst buffer to NUL and returns @count. - * - * Same as strncpy_from_kernel_nofault() except that for architectures with - * not fully separated user and kernel address spaces this function also works - * for user address tanges. - * - * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely - * separate kernel and user address spaces, and also a bad idea otherwise. - */ -long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) -{ - return __strncpy_from_unsafe(dst, unsafe_addr, count, false); -} - /** * strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe * address. @@ -204,12 +173,6 @@ long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) * sets the last byte of @dst buffer to NUL and returns @count. */ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) -{ - return __strncpy_from_unsafe(dst, unsafe_addr, count, true); -} - -static long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, - long count, bool strict) { mm_segment_t old_fs = get_fs(); const void *src = unsafe_addr; @@ -217,7 +180,7 @@ static long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, if (unlikely(count <= 0)) return 0; - if (!probe_kernel_read_allowed(dst, unsafe_addr, count, strict)) + if (!probe_kernel_read_allowed(dst, unsafe_addr, count, true)) return -EFAULT; set_fs(KERNEL_DS); From patchwork Wed May 13 16:00:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219335 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC860C433E3 for ; Wed, 13 May 2020 16:02:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1DDE4206A5 for ; Wed, 13 May 2020 16:02:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="FVfJfA1I" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389496AbgEMQBP (ORCPT ); Wed, 13 May 2020 12:01:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50828 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731894AbgEMQBO (ORCPT ); Wed, 13 May 2020 12:01:14 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 415CCC061A0C; Wed, 13 May 2020 09:01:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=vP/pOG7kUTf44WhDvEFmnpEwW5+r2wsdj7OXFXYA+Ew=; b=FVfJfA1IdHzbtC8oKrBYaKVZWw RK0y2czeUJvDrqtVfMxpWc+hr+wNwMZRUNeTOc8OoQFhTiQN4yTLKgP0Jve6YYJns0tYckJGcszTF U01o9+jzL8rjOB2IaSNoTsccru8tYSL0Jtqkbp9mlV4zycUlrwiNiz/NjQjiPPZIgYmq61okOle7V 6trdXYj+5znBLdykpRTZijlC3U2PL40z1tSwQwbRsO7yBEriCsrQxiAoS9AwPbnL/AjQ+yooenlvF pTOe0XKuan1nxaq0nfat1o+iWhB4bsn1eeNEDC7ZXvGJuMyoXQJg+B3uW0k+O/Ns/CtIcRtR+2MWx D+F7FA4w==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtom-0004wG-9E; Wed, 13 May 2020 16:01:12 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 12/18] maccess: always use strict semantics for probe_kernel_read Date: Wed, 13 May 2020 18:00:32 +0200 Message-Id: <20200513160038.2482415-13-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Except for historical confusion in the kprobes/uprobes and bpf tracers there is no good reason to ever allow user memory accesses from probe_kernel_read. Make the tracers fall back to a probe_user_read if the probe_kernel_read falls to keep the core API clean. Signed-off-by: Christoph Hellwig Reviewed-by: Masami Hiramatsu --- arch/parisc/lib/memcpy.c | 3 +-- arch/um/kernel/maccess.c | 3 +-- arch/x86/mm/maccess.c | 5 +---- include/linux/uaccess.h | 4 +--- kernel/trace/bpf_trace.c | 20 +++++++++++++------ kernel/trace/trace_kprobe.c | 11 ++++++++++- mm/maccess.c | 39 ++++++------------------------------- 7 files changed, 34 insertions(+), 51 deletions(-) diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c index 5ef648bd33119..9fe662b3b5604 100644 --- a/arch/parisc/lib/memcpy.c +++ b/arch/parisc/lib/memcpy.c @@ -57,8 +57,7 @@ void * memcpy(void * dst,const void *src, size_t count) EXPORT_SYMBOL(raw_copy_in_user); EXPORT_SYMBOL(memcpy); -bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size, - bool strict) +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size) { if ((unsigned long)unsafe_src < PAGE_SIZE) return false; diff --git a/arch/um/kernel/maccess.c b/arch/um/kernel/maccess.c index 90a1bec923158..734f3d7e57c0f 100644 --- a/arch/um/kernel/maccess.c +++ b/arch/um/kernel/maccess.c @@ -7,8 +7,7 @@ #include #include -bool probe_kernel_read_allowed(void *dst, const void *src, size_t size, - bool strict) +bool probe_kernel_read_allowed(void *dst, const void *src, size_t size) { void *psrc = (void *)rounddown((unsigned long)src, PAGE_SIZE); diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c index 5c323ab187b27..a1bd81677aa72 100644 --- a/arch/x86/mm/maccess.c +++ b/arch/x86/mm/maccess.c @@ -26,10 +26,7 @@ static __always_inline bool invalid_probe_range(u64 vaddr) } #endif -bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size, - bool strict) +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size) { - if (!strict) - return true; return !invalid_probe_range((unsigned long)unsafe_src); } diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 28944a14e0534..78e0ff8641559 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -301,11 +301,9 @@ copy_struct_from_user(void *dst, size_t ksize, const void __user *src, return 0; } -bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, - size_t size, bool strict); +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size); extern long probe_kernel_read(void *dst, const void *src, size_t size); -extern long probe_kernel_read_strict(void *dst, const void *src, size_t size); extern long probe_user_read(void *dst, const void __user *src, size_t size); extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 0d849acc9de38..5dea4169a8323 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -180,15 +180,23 @@ static __always_inline int bpf_probe_read_kernel_common(void *dst, u32 size, const void *unsafe_ptr, const bool compat) { + const void __user *user_ptr = (__force const void __user *)unsafe_ptr; int ret = security_locked_down(LOCKDOWN_BPF_READ); if (unlikely(ret < 0)) - goto out; - ret = compat ? probe_kernel_read(dst, unsafe_ptr, size) : - probe_kernel_read_strict(dst, unsafe_ptr, size); - if (unlikely(ret < 0)) -out: - memset(dst, 0, size); + goto fail; + + ret = probe_kernel_read(dst, unsafe_ptr, size); + if (unlikely(ret < 0)) { + if (compat) + ret = probe_user_read(dst, user_ptr, size); + if (unlikely(ret < 0)) + goto fail; + } + + return 0; +fail: + memset(dst, 0, size); return ret; } diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 8c456e30933d3..7725146369731 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1209,6 +1209,9 @@ fetch_store_strlen(unsigned long addr) do { ret = probe_kernel_read(&c, (u8 *)addr + len, 1); + if (ret) + ret = probe_user_read(&c, + (__force u8 __user *)addr + len, 1); len++; } while (c && ret == 0 && len < MAX_STRING_SIZE); @@ -1281,7 +1284,13 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) static nokprobe_inline int probe_mem_read(void *dest, void *src, size_t size) { - return probe_kernel_read(dest, src, size); + const void __user *user_ptr = (__force const void __user *)src; + int ret; + + ret = probe_kernel_read(dest, src, size); + if (ret) + ret = probe_user_read(dest, user_ptr, size); + return ret; } static nokprobe_inline int diff --git a/mm/maccess.c b/mm/maccess.c index 3d85e48013e6b..05c44d490b4e3 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -6,36 +6,14 @@ #include #include -static long __probe_kernel_read(void *dst, const void *src, size_t size, - bool strict); - bool __weak probe_kernel_read_allowed(void *dst, const void *unsafe_src, - size_t size, bool strict) + size_t size) { return true; } /** - * probe_kernel_read(): safely attempt to read from any location - * @dst: pointer to the buffer that shall take the data - * @src: address to read from - * @size: size of the data chunk - * - * Same as probe_kernel_read_strict() except that for architectures with - * not fully separated user and kernel address spaces this function also works - * for user address tanges. - * - * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely - * separate kernel and user address spaces, and also a bad idea otherwise. - */ -long probe_kernel_read(void *dst, const void *src, size_t size) -{ - return __probe_kernel_read(dst, src, size, false); -} -EXPORT_SYMBOL_GPL(probe_kernel_read); - -/** - * probe_kernel_read_strict(): safely attempt to read from kernel-space + * probe_kernel_read(): safely attempt to read from kernel-space * @dst: pointer to the buffer that shall take the data * @src: address to read from * @size: size of the data chunk @@ -48,18 +26,12 @@ EXPORT_SYMBOL_GPL(probe_kernel_read); * probe_kernel_read() suitable for use within regions where the caller * already holds mmap_sem, or other locks which nest inside mmap_sem. */ -long probe_kernel_read_strict(void *dst, const void *src, size_t size) -{ - return __probe_kernel_read(dst, src, size, true); -} - -static long __probe_kernel_read(void *dst, const void *src, size_t size, - bool strict) +long probe_kernel_read(void *dst, const void *src, size_t size) { long ret; mm_segment_t old_fs = get_fs(); - if (!probe_kernel_read_allowed(dst, src, size, strict)) + if (!probe_kernel_read_allowed(dst, src, size)) return -EFAULT; set_fs(KERNEL_DS); @@ -73,6 +45,7 @@ static long __probe_kernel_read(void *dst, const void *src, size_t size, return -EFAULT; return 0; } +EXPORT_SYMBOL_GPL(probe_kernel_read); /** * probe_user_read(): safely attempt to read from a user-space location @@ -180,7 +153,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) if (unlikely(count <= 0)) return 0; - if (!probe_kernel_read_allowed(dst, unsafe_addr, count, true)) + if (!probe_kernel_read_allowed(dst, unsafe_addr, count)) return -EFAULT; set_fs(KERNEL_DS); From patchwork Wed May 13 16:00:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219336 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 046E9C433E2 for ; Wed, 13 May 2020 16:01:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2ED07205ED for ; Wed, 13 May 2020 16:01:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="b04Js04+" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389534AbgEMQBX (ORCPT ); Wed, 13 May 2020 12:01:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389520AbgEMQBT (ORCPT ); Wed, 13 May 2020 12:01:19 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A889C061A0C; Wed, 13 May 2020 09:01:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=54itD+wHacd7aNts6Nyjpx2j7kEatgOa0e9ptfyypuU=; b=b04Js04+XUE26u3Sk/JwZ7fRS7 JL+OsYcAyDo2DKbF/qBIVl7IrCleL//CzKNMKYbjunkQ2CUesORTyKfJZP6qpKPQfLcznoEdJRkrB hdFsad+3lCbhE5/y/nFllsplbPRcih1XfAYUOz2Hfa7oX6UZp0cbx7FAMUGuXVUgHW+kmWm4km89c eUH7/DMGLBgz2vEnpoT5mB+Fk5kSvTh8DstX9WwfA7XNDsTZixbFKE/wO5YLB5nD7fw7TGNq/mOS+ tBKhX9cXSYnXhek7gprr/cCpvcVKAHEArovBuwMuRrDuiU9VbPN32SWRyK7w9xvz0QrQhvaWhqQ6Q ZGwZ7PBA==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtor-0004zS-Kn; Wed, 13 May 2020 16:01:18 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 14/18] maccess: allow architectures to provide kernel probing directly Date: Wed, 13 May 2020 18:00:34 +0200 Message-Id: <20200513160038.2482415-15-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Provide alternative versions of probe_kernel_read, probe_kernel_write and strncpy_from_kernel_unsafe that don't need set_fs magic, but instead use arch hooks that are modelled after unsafe_{get,put}_user to access kernel memory in an exception safe way. Signed-off-by: Christoph Hellwig --- mm/maccess.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/mm/maccess.c b/mm/maccess.c index 9773e2253b495..e9efe2f98e34a 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -12,6 +12,81 @@ bool __weak probe_kernel_read_allowed(void *dst, const void *unsafe_src, return true; } +#ifdef HAVE_ARCH_PROBE_KERNEL + +#define probe_kernel_read_loop(dst, src, len, type, err_label) \ + while (len >= sizeof(type)) { \ + arch_kernel_read(dst, src, type, err_label); \ + dst += sizeof(type); \ + src += sizeof(type); \ + len -= sizeof(type); \ + } + +long probe_kernel_read(void *dst, const void *src, size_t size) +{ + if (!probe_kernel_read_allowed(dst, src, size)) + return -EFAULT; + + pagefault_disable(); + probe_kernel_read_loop(dst, src, size, u64, Efault); + probe_kernel_read_loop(dst, src, size, u32, Efault); + probe_kernel_read_loop(dst, src, size, u16, Efault); + probe_kernel_read_loop(dst, src, size, u8, Efault); + pagefault_enable(); + return 0; +Efault: + pagefault_enable(); + return -EFAULT; +} +EXPORT_SYMBOL_GPL(probe_kernel_read); + +#define probe_kernel_write_loop(dst, src, len, type, err_label) \ + while (len >= sizeof(type)) { \ + arch_kernel_write(dst, src, type, err_label); \ + dst += sizeof(type); \ + src += sizeof(type); \ + len -= sizeof(type); \ + } + +long probe_kernel_write(void *dst, const void *src, size_t size) +{ + pagefault_disable(); + probe_kernel_write_loop(dst, src, size, u64, Efault); + probe_kernel_write_loop(dst, src, size, u32, Efault); + probe_kernel_write_loop(dst, src, size, u16, Efault); + probe_kernel_write_loop(dst, src, size, u8, Efault); + pagefault_enable(); + return 0; +Efault: + pagefault_enable(); + return -EFAULT; +} + +long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, long count) +{ + const void *src = unsafe_addr; + + if (unlikely(count <= 0)) + return 0; + if (!probe_kernel_read_allowed(dst, unsafe_addr, count)) + return -EFAULT; + + pagefault_disable(); + do { + arch_kernel_read(dst, src, u8, Efault); + dst++; + src++; + } while (dst[-1] && src - unsafe_addr < count); + pagefault_enable(); + + dst[-1] = '\0'; + return src - unsafe_addr; +Efault: + pagefault_enable(); + dst[-1] = '\0'; + return -EFAULT; +} +#else /* HAVE_ARCH_PROBE_KERNEL */ /** * probe_kernel_read(): safely attempt to read from kernel-space * @dst: pointer to the buffer that shall take the data @@ -114,6 +189,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) return ret ? -EFAULT : src - unsafe_addr; } +#endif /* HAVE_ARCH_PROBE_KERNEL */ /** * probe_user_read(): safely attempt to read from a user-space location From patchwork Wed May 13 16:00:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219337 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E06FCC433E1 for ; Wed, 13 May 2020 16:01:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0F302205ED for ; Wed, 13 May 2020 16:01:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ksTMtTAt" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389565AbgEMQBg (ORCPT ); Wed, 13 May 2020 12:01:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389537AbgEMQBa (ORCPT ); Wed, 13 May 2020 12:01:30 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8AEECC061A0C; Wed, 13 May 2020 09:01:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=b8ZAO2gVhncFUgQb1O4Aljv/fIvyhaOOuTKe86m5E3U=; b=ksTMtTAtSSCSByrwAsEDW7K0+r wHbcTuiyBbTXhwftfiS3JGcukuP7IWaUtU/nbPqw0ClkOv4DtzXTx2IjOGzcC4kRfRa1YVsFnKVkl VGXyCJsAlbtUE2sZ1FRihzWxDG2SMggbJKoPIIgNkxnCr8TCTFZINesTUiPGhjFYcMLxq2YhFCs9L CgYXP4SPAD5KXQIK7AJ/al65JOqGlZV1JkdyYyrz1F9euA7iqM7japyFvQwAsSLntsHo4vXmIH2+z ekbpJtoRwMrwzzYryjm9UU4tKPssPJU1CD6wjbTDegbJlhm9j0MHvh8Y8RJLDnuEwP7thcrKXGpHx tjHbn5wg==; Received: from [2001:4bb8:180:9d3f:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jYtp0-00053U-0n; Wed, 13 May 2020 16:01:26 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 17/18] maccess: rename probe_user_{read, write} to copy_{from, to}_user_nofault Date: Wed, 13 May 2020 18:00:37 +0200 Message-Id: <20200513160038.2482415-18-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200513160038.2482415-1-hch@lst.de> References: <20200513160038.2482415-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Better describe what these functions do. Suggested-by: Linus Torvalds Signed-off-by: Christoph Hellwig --- arch/powerpc/kernel/process.c | 3 ++- arch/powerpc/kvm/book3s_64_mmu_radix.c | 4 ++-- arch/powerpc/mm/fault.c | 2 +- arch/powerpc/oprofile/backtrace.c | 6 ++++-- arch/powerpc/perf/callchain_32.c | 2 +- arch/powerpc/perf/callchain_64.c | 2 +- arch/powerpc/perf/core-book3s.c | 3 ++- arch/powerpc/sysdev/fsl_pci.c | 4 ++-- include/linux/uaccess.h | 4 ++-- kernel/trace/bpf_trace.c | 6 +++--- kernel/trace/trace_kprobe.c | 6 +++--- mm/maccess.c | 10 +++++----- 12 files changed, 28 insertions(+), 24 deletions(-) diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index 9c21288f86455..d5d6136b13480 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -1294,7 +1294,8 @@ void show_user_instructions(struct pt_regs *regs) for (i = 0; i < 8 && n; i++, n--, pc += sizeof(int)) { int instr; - if (probe_user_read(&instr, (void __user *)pc, sizeof(instr))) { + if (copy_from_user_nofault(&instr, (void __user *)pc, + sizeof(instr))) { seq_buf_printf(&s, "XXXXXXXX "); continue; } diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c index aa12cd4078b32..9d25f2eb5a33a 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c @@ -64,9 +64,9 @@ unsigned long __kvmhv_copy_tofrom_guest_radix(int lpid, int pid, isync(); if (is_load) - ret = probe_user_read(to, (const void __user *)from, n); + ret = copy_from_user_nofault(to, (const void __user *)from, n); else - ret = probe_user_write((void __user *)to, from, n); + ret = copy_to_user_nofault((void __user *)to, from, n); /* switch the pid first to avoid running host with unallocated pid */ if (quadrant == 1 && pid != old_pid) diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index 84af6c8eecf71..231664fe9d126 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -280,7 +280,7 @@ static bool bad_stack_expansion(struct pt_regs *regs, unsigned long address, access_ok(nip, sizeof(*nip))) { unsigned int inst; - if (!probe_user_read(&inst, nip, sizeof(inst))) + if (!copy_from_user_nofault(&inst, nip, sizeof(inst))) return !store_updates_sp(inst); *must_retry = true; } diff --git a/arch/powerpc/oprofile/backtrace.c b/arch/powerpc/oprofile/backtrace.c index 6f347fa29f41e..9db7ada79d10d 100644 --- a/arch/powerpc/oprofile/backtrace.c +++ b/arch/powerpc/oprofile/backtrace.c @@ -33,7 +33,8 @@ static unsigned int user_getsp32(unsigned int sp, int is_first) * which means that we've done all that we can do from * interrupt context. */ - if (probe_user_read(stack_frame, (void __user *)p, sizeof(stack_frame))) + if (copy_from_user_nofault(stack_frame, (void __user *)p, + sizeof(stack_frame))) return 0; if (!is_first) @@ -51,7 +52,8 @@ static unsigned long user_getsp64(unsigned long sp, int is_first) { unsigned long stack_frame[3]; - if (probe_user_read(stack_frame, (void __user *)sp, sizeof(stack_frame))) + if (copy_from_user_nofault(stack_frame, (void __user *)sp, + sizeof(stack_frame))) return 0; if (!is_first) diff --git a/arch/powerpc/perf/callchain_32.c b/arch/powerpc/perf/callchain_32.c index 8aa9510031415..2e21849f82b18 100644 --- a/arch/powerpc/perf/callchain_32.c +++ b/arch/powerpc/perf/callchain_32.c @@ -45,7 +45,7 @@ static int read_user_stack_32(unsigned int __user *ptr, unsigned int *ret) ((unsigned long)ptr & 3)) return -EFAULT; - rc = probe_user_read(ret, ptr, sizeof(*ret)); + rc = copy_from_user_nofault(ret, ptr, sizeof(*ret)); if (IS_ENABLED(CONFIG_PPC64) && rc) return read_user_stack_slow(ptr, ret, 4); diff --git a/arch/powerpc/perf/callchain_64.c b/arch/powerpc/perf/callchain_64.c index df1ffd8b20f21..7b0121694ebb7 100644 --- a/arch/powerpc/perf/callchain_64.c +++ b/arch/powerpc/perf/callchain_64.c @@ -71,7 +71,7 @@ static int read_user_stack_64(unsigned long __user *ptr, unsigned long *ret) ((unsigned long)ptr & 7)) return -EFAULT; - if (!probe_user_read(ret, ptr, sizeof(*ret))) + if (!copy_from_user_nofault(ret, ptr, sizeof(*ret))) return 0; return read_user_stack_slow(ptr, ret, 8); diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c index 50bc9f0eb6be3..f8072d1e5d172 100644 --- a/arch/powerpc/perf/core-book3s.c +++ b/arch/powerpc/perf/core-book3s.c @@ -426,7 +426,8 @@ static __u64 power_pmu_bhrb_to(u64 addr) } /* Userspace: need copy instruction here then translate it */ - if (probe_user_read(&instr, (unsigned int __user *)addr, sizeof(instr))) + if (copy_from_user_nofault(&instr, (unsigned int __user *)addr, + sizeof(instr))) return 0; target = branch_target(&instr); diff --git a/arch/powerpc/sysdev/fsl_pci.c b/arch/powerpc/sysdev/fsl_pci.c index 4a8874bc10574..73fa37ca40ef9 100644 --- a/arch/powerpc/sysdev/fsl_pci.c +++ b/arch/powerpc/sysdev/fsl_pci.c @@ -1066,8 +1066,8 @@ int fsl_pci_mcheck_exception(struct pt_regs *regs) if (is_in_pci_mem_space(addr)) { if (user_mode(regs)) - ret = probe_user_read(&inst, (void __user *)regs->nip, - sizeof(inst)); + ret = copy_from_user_nofault(&inst, + (void __user *)regs->nip, sizeof(inst)); else ret = probe_kernel_address((void *)regs->nip, inst); diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 849bc3dca54d6..baef2e09b5ae9 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -307,8 +307,8 @@ bool copy_from_kernel_nofault_allowed(void *dst, const void *unsafe_src, long copy_from_kernel_nofault(void *dst, const void *src, size_t size); long notrace copy_to_kernel_nofault(void *dst, const void *src, size_t size); -extern long probe_user_read(void *dst, const void __user *src, size_t size); -extern long notrace probe_user_write(void __user *dst, const void *src, +long copy_from_user_nofault(void *dst, const void __user *src, size_t size); +long notrace copy_to_user_nofault(void __user *dst, const void *src, size_t size); long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 1b0b817eb3248..759ce714c66e8 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -139,7 +139,7 @@ static const struct bpf_func_proto bpf_override_return_proto = { BPF_CALL_3(bpf_probe_read_user, void *, dst, u32, size, const void __user *, unsafe_ptr) { - int ret = probe_user_read(dst, unsafe_ptr, size); + int ret = copy_from_user_nofault(dst, unsafe_ptr, size); if (unlikely(ret < 0)) memset(dst, 0, size); @@ -189,7 +189,7 @@ bpf_probe_read_kernel_common(void *dst, u32 size, const void *unsafe_ptr, ret = copy_from_kernel_nofault(dst, unsafe_ptr, size); if (unlikely(ret < 0)) { if (compat) - ret = probe_user_read(dst, user_ptr, size); + ret = copy_from_user_nofault(dst, user_ptr, size); if (unlikely(ret < 0)) goto fail; } @@ -316,7 +316,7 @@ BPF_CALL_3(bpf_probe_write_user, void __user *, unsafe_ptr, const void *, src, if (unlikely(!nmi_uaccess_okay())) return -EPERM; - return probe_user_write(unsafe_ptr, src, size); + return copy_to_user_nofault(unsafe_ptr, src, size); } static const struct bpf_func_proto bpf_probe_write_user_proto = { diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 0e306983cd658..c03241f6fd682 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1210,7 +1210,7 @@ fetch_store_strlen(unsigned long addr) do { ret = copy_from_kernel_nofault(&c, (u8 *)addr + len, 1); if (ret) - ret = probe_user_read(&c, + ret = copy_from_user_nofault(&c, (__force u8 __user *)addr + len, 1); len++; } while (c && ret == 0 && len < MAX_STRING_SIZE); @@ -1289,7 +1289,7 @@ probe_mem_read(void *dest, void *src, size_t size) ret = copy_from_kernel_nofault(dest, src, size); if (ret) - ret = probe_user_read(dest, user_ptr, size); + ret = copy_from_user_nofault(dest, user_ptr, size); return ret; } @@ -1298,7 +1298,7 @@ probe_mem_read_user(void *dest, void *src, size_t size) { const void __user *uaddr = (__force const void __user *)src; - return probe_user_read(dest, uaddr, size); + return copy_from_user_nofault(dest, uaddr, size); } /* Note that we don't verify it, since the code does not come from user space */ diff --git a/mm/maccess.c b/mm/maccess.c index 4c342a69ae71d..23996dc381f71 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -192,7 +192,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) #endif /* HAVE_ARCH_PROBE_KERNEL */ /** - * probe_user_read(): safely attempt to read from a user-space location + * copy_from_user_nofault(): safely attempt to read from a user-space location * @dst: pointer to the buffer that shall take the data * @src: address to read from. This must be a user address. * @size: size of the data chunk @@ -200,7 +200,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) * Safely read from user address @src to the buffer at @dst. If a kernel fault * happens, handle that and return -EFAULT. */ -long probe_user_read(void *dst, const void __user *src, size_t size) +long copy_from_user_nofault(void *dst, const void __user *src, size_t size) { long ret = -EFAULT; mm_segment_t old_fs = get_fs(); @@ -217,10 +217,10 @@ long probe_user_read(void *dst, const void __user *src, size_t size) return -EFAULT; return 0; } -EXPORT_SYMBOL_GPL(probe_user_read); +EXPORT_SYMBOL_GPL(copy_from_user_nofault); /** - * probe_user_write(): safely attempt to write to a user-space location + * copy_to_user_nofault(): safely attempt to write to a user-space location * @dst: address to write to * @src: pointer to the data that shall be written * @size: size of the data chunk @@ -228,7 +228,7 @@ EXPORT_SYMBOL_GPL(probe_user_read); * Safely write to address @dst from the buffer at @src. If a kernel fault * happens, handle that and return -EFAULT. */ -long probe_user_write(void __user *dst, const void *src, size_t size) +long copy_to_user_nofault(void __user *dst, const void *src, size_t size) { long ret = -EFAULT; mm_segment_t old_fs = get_fs();