From patchwork Tue Jan 13 14:25:13 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 42998 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wg0-f72.google.com (mail-wg0-f72.google.com [74.125.82.72]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 23C9520DE8 for ; Tue, 13 Jan 2015 14:27:59 +0000 (UTC) Received: by mail-wg0-f72.google.com with SMTP id a1sf1853554wgh.3 for ; Tue, 13 Jan 2015 06:27:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:cc:subject:precedence:list-id:list-unsubscribe:list-post :list-help:list-subscribe:mime-version:content-type :content-transfer-encoding:sender:errors-to:x-original-sender :x-original-authentication-results:mailing-list:list-archive; bh=gl1jX6W2ofdVqBINVUmy73VFYrCVuphKVTumkPJwKv4=; b=QZ0OGUedkIxJwRgNy5iNKqUZ3ynTd8xJxQzKMqO7jOo5jMDRenJylAogHrups74Y3D GEBXIe6H4JPUuxL/BDG4gV7UV6AcJMwy5qh7fA2fNzZPDIKAcTs4eNCbdD4p4kr8LVHg 474al0cOFFg1C0HgiLWM8Hj/fQP/zYJljLk0ufw1VT3loZaetafC6xjygFviulhEaLcU 5o0Xl9zE+s91ovwkyuHEGhkzb/CzNSsjEgEjj0iMtEmJVnfljcmSVxAQh0CkgIgekGaF GJmtXQFZPWLRlRrSDfW72qvmocDe1XX/tywyxf5lJ05HJkq066k7o9oq4nd4jhg+d9/k IUmQ== X-Gm-Message-State: ALoCoQn1VHv7TTKmgD92qWEIfnVrfiac2C+L6288r3wdIDo1gB+AuBTw9MlrIf3JHykhj5u30JLV X-Received: by 10.112.148.198 with SMTP id tu6mr4493429lbb.3.1421159277342; Tue, 13 Jan 2015 06:27:57 -0800 (PST) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.44.166 with SMTP id f6ls1662lam.39.gmail; Tue, 13 Jan 2015 06:27:57 -0800 (PST) X-Received: by 10.152.37.168 with SMTP id z8mr42672075laj.63.1421159276998; Tue, 13 Jan 2015 06:27:56 -0800 (PST) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com. [209.85.217.182]) by mx.google.com with ESMTPS id d3si3046606lah.67.2015.01.13.06.27.56 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 13 Jan 2015 06:27:56 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.182 as permitted sender) client-ip=209.85.217.182; Received: by mail-lb0-f182.google.com with SMTP id u10so2782047lbd.13 for ; Tue, 13 Jan 2015 06:27:56 -0800 (PST) X-Received: by 10.152.87.12 with SMTP id t12mr42524491laz.31.1421159276894; Tue, 13 Jan 2015 06:27:56 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.9.200 with SMTP id c8csp1398778lbb; Tue, 13 Jan 2015 06:27:56 -0800 (PST) X-Received: by 10.140.41.169 with SMTP id z38mr56152407qgz.56.1421159270975; Tue, 13 Jan 2015 06:27:50 -0800 (PST) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id s52si26989696qge.45.2015.01.13.06.27.50 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 13 Jan 2015 06:27:50 -0800 (PST) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YB2QU-000174-1i; Tue, 13 Jan 2015 14:26:34 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YB2QS-00016B-Nj for xen-devel@lists.xenproject.org; Tue, 13 Jan 2015 14:26:33 +0000 Received: from [193.109.254.147] by server-14.bemta-14.messagelabs.com id 81/B5-02743-71B25B45; Tue, 13 Jan 2015 14:26:31 +0000 X-Env-Sender: julien.grall@linaro.org X-Msg-Ref: server-15.tower-27.messagelabs.com!1421159190!20329057!1 X-Originating-IP: [209.85.212.180] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.12.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 11982 invoked from network); 13 Jan 2015 14:26:30 -0000 Received: from mail-wi0-f180.google.com (HELO mail-wi0-f180.google.com) (209.85.212.180) by server-15.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 13 Jan 2015 14:26:30 -0000 Received: by mail-wi0-f180.google.com with SMTP id n3so4274252wiv.1 for ; Tue, 13 Jan 2015 06:26:30 -0800 (PST) X-Received: by 10.180.87.228 with SMTP id bb4mr15565099wib.71.1421159188892; Tue, 13 Jan 2015 06:26:28 -0800 (PST) Received: from chilopoda.uk.xensource.com. ([185.25.64.249]) by mx.google.com with ESMTPSA id ni15sm14513482wic.18.2015.01.13.06.26.27 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Jan 2015 06:26:27 -0800 (PST) From: Julien Grall To: xen-devel@lists.xenproject.org Date: Tue, 13 Jan 2015 14:25:13 +0000 Message-Id: <1421159133-31526-5-git-send-email-julien.grall@linaro.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1421159133-31526-1-git-send-email-julien.grall@linaro.org> References: <1421159133-31526-1-git-send-email-julien.grall@linaro.org> Cc: Keir Fraser , ian.campbell@citrix.com, tim@xen.org, Julien Grall , Ian Jackson , stefano.stabellini@citrix.com, Jan Beulich , Daniel De Graaf Subject: [Xen-devel] [PATCH v3 04/24] xen: guestcopy: Provide an helper to safely copy string from guest X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: julien.grall@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.182 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: Flask code already provides an helper to copy a string from guest. In a later patch, the new DT hypercalls will need a similar function. To avoid code duplication, copy the flask helper (flask_copying_string) to common code: - Rename into safe_copy_string_from_guest - Add comment to explain the extra +1 - Return directly the buffer and use the macros provided by xen/err.h to return an error code if necessary. Signed-off-by: Julien Grall Cc: Daniel De Graaf Cc: Ian Jackson Cc: Jan Beulich Cc: Keir Fraser --- Changes in v3: - Use macros of xen/err.h to return either the buffer or an error code - Reuse size_t instead of unsigned long - Update comment and commit message Changes in v2: - Rename copy_string_from_guest into safe_copy_string_from_guest - Update commit message and comment in the code --- xen/common/Makefile | 1 + xen/common/guestcopy.c | 30 +++++++++++++++++++++++++++++ xen/include/xen/guest_access.h | 5 +++++ xen/xsm/flask/flask_op.c | 43 ++++++++++-------------------------------- 4 files changed, 46 insertions(+), 33 deletions(-) create mode 100644 xen/common/guestcopy.c diff --git a/xen/common/Makefile b/xen/common/Makefile index 9ce75bb..3da774a 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -10,6 +10,7 @@ obj-y += event_2l.o obj-y += event_channel.o obj-y += event_fifo.o obj-y += grant_table.o +obj-y += guestcopy.o obj-y += irq.o obj-y += kernel.o obj-y += keyhandler.o diff --git a/xen/common/guestcopy.c b/xen/common/guestcopy.c new file mode 100644 index 0000000..d974f5c --- /dev/null +++ b/xen/common/guestcopy.c @@ -0,0 +1,30 @@ +#include +#include +#include +#include + +/* The function copies a string from the guest and adds a NUL to + * make sure the string is correctly terminated. + */ +void *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size) +{ + char *tmp; + + if ( size > max_size ) + return ERR_PTR(-ENOENT); + + /* Add an extra +1 to append \0 */ + tmp = xmalloc_array(char, size + 1); + if ( !tmp ) + return ERR_PTR(-ENOMEM); + + if ( copy_from_guest(tmp, u_buf, size) ) + { + xfree(tmp); + return ERR_PTR(-EFAULT); + } + tmp[size] = 0; + + return tmp; +} diff --git a/xen/include/xen/guest_access.h b/xen/include/xen/guest_access.h index 373454e..55645e6 100644 --- a/xen/include/xen/guest_access.h +++ b/xen/include/xen/guest_access.h @@ -8,6 +8,8 @@ #define __XEN_GUEST_ACCESS_H__ #include +#include +#include #define copy_to_guest(hnd, ptr, nr) \ copy_to_guest_offset(hnd, 0, ptr, nr) @@ -27,4 +29,7 @@ #define __clear_guest(hnd, nr) \ __clear_guest_offset(hnd, 0, nr) +void *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size); + #endif /* __XEN_GUEST_ACCESS_H__ */ diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 7743aac..b14d306 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -12,6 +12,7 @@ #include #include #include +#include #include @@ -76,29 +77,6 @@ static int domain_has_security(struct domain *d, u32 perms) perms, NULL); } -static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, - size_t size, size_t max_size) -{ - char *tmp; - - if ( size > max_size ) - return -ENOENT; - - tmp = xmalloc_array(char, size + 1); - if ( !tmp ) - return -ENOMEM; - - if ( copy_from_guest(tmp, u_buf, size) ) - { - xfree(tmp); - return -EFAULT; - } - tmp[size] = 0; - - *buf = tmp; - return 0; -} - #endif /* COMPAT */ static int flask_security_user(struct xen_flask_userlist *arg) @@ -112,9 +90,9 @@ static int flask_security_user(struct xen_flask_userlist *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + user = safe_copy_string_from_guest(arg->u.user, arg->size, PAGE_SIZE); + if ( IS_ERR(user) ) + return PTR_ERR(user); rv = security_get_user_sids(arg->start_sid, user, &sids, &nsids); if ( rv < 0 ) @@ -227,9 +205,9 @@ static int flask_security_context(struct xen_flask_sid_context *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + buf = safe_copy_string_from_guest(arg->context, arg->size, PAGE_SIZE); + if ( IS_ERR(buf) ) + return PTR_ERR(buf); rv = security_context_to_sid(buf, arg->size, &arg->sid); if ( rv < 0 ) @@ -319,14 +297,13 @@ static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *ar static int flask_security_resolve_bool(struct xen_flask_boolean *arg) { char *name; - int rv; if ( arg->bool_id != -1 ) return 0; - rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr); - if ( rv ) - return rv; + name = safe_copy_string_from_guest(arg->name, arg->size, bool_maxstr); + if ( IS_ERR(name) ) + return PTR_ERR(name); arg->bool_id = security_find_bool(name); arg->size = 0;