From patchwork Thu Apr 9 15:09:31 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 46958 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wg0-f69.google.com (mail-wg0-f69.google.com [74.125.82.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 5A9FE21416 for ; Thu, 9 Apr 2015 15:15:36 +0000 (UTC) Received: by wghm4 with SMTP id m4sf27290259wgh.2 for ; Thu, 09 Apr 2015 08:15:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to :references:mime-version:cc:subject:precedence:list-id :list-unsubscribe:list-post:list-help:list-subscribe:content-type :content-transfer-encoding:sender:errors-to:x-original-sender :x-original-authentication-results:mailing-list:list-archive; bh=lAmfeJwJYj8zrR0jcIQLSgIlAwlcVLAYU1rtgHm3ReE=; b=D9uAx8upsCO+zHmuAjYolIr5oR75hzCkI2dLhhNiSFOLmohQCQEKf9VvfbrhlURvXD 53dcxv5j5ZMAAHnOh3y7+Clp6GjNIrrLEnjLZsUymhWlXipVtgr/dHLt5bWlNveFzzT4 Jr0hr80wLVhvqF9B+64mVbIM+iXx/wyINTdM5rfuv+ka3EL2qFzNOCJzTVVa/zueTLIz mvbcX52MrvGDVGfyvhKEqRP2FrLJMh7c6UuRbv8brDjextSeFeeGVgVbEUa7+YAnIxau ealKYMu8rmucVDuH5tRIVYhnYCNW0aHYCTnUcoIKhXb0sQg4SI3UMiV7deQ0HwFfPM9B ekFw== X-Gm-Message-State: ALoCoQm5b9UmOyRGGCQzhCe4BlvfTKuznbOpTau9yRBtMT/+cO4c1rF1g1avzUV34p61RdlujiIV X-Received: by 10.112.160.197 with SMTP id xm5mr5909517lbb.15.1428592535615; Thu, 09 Apr 2015 08:15:35 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.8.232 with SMTP id u8ls336353laa.24.gmail; Thu, 09 Apr 2015 08:15:35 -0700 (PDT) X-Received: by 10.112.57.197 with SMTP id k5mr12586515lbq.102.1428592535509; Thu, 09 Apr 2015 08:15:35 -0700 (PDT) Received: from mail-lb0-f175.google.com (mail-lb0-f175.google.com. [209.85.217.175]) by mx.google.com with ESMTPS id ln2si11671475lac.106.2015.04.09.08.15.35 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Apr 2015 08:15:35 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.175 as permitted sender) client-ip=209.85.217.175; Received: by lbbzk7 with SMTP id zk7so93634419lbb.0 for ; Thu, 09 Apr 2015 08:15:35 -0700 (PDT) X-Received: by 10.152.19.199 with SMTP id h7mr4995941lae.32.1428592535075; Thu, 09 Apr 2015 08:15:35 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.67.65 with SMTP id l1csp533545lbt; Thu, 9 Apr 2015 08:15:34 -0700 (PDT) X-Received: by 10.55.20.65 with SMTP id e62mr10661716qkh.90.1428592533045; Thu, 09 Apr 2015 08:15:33 -0700 (PDT) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id w7si3013137qcg.19.2015.04.09.08.15.32 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 09 Apr 2015 08:15:33 -0700 (PDT) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YgE9k-0000LI-NY; Thu, 09 Apr 2015 15:14:12 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YgE9j-0000J1-4j for xen-devel@lists.xenproject.org; Thu, 09 Apr 2015 15:14:11 +0000 Received: from [85.158.137.68] by server-5.bemta-3.messagelabs.com id 6F/14-23555-24796255; Thu, 09 Apr 2015 15:14:10 +0000 X-Env-Sender: julien.grall@citrix.com X-Msg-Ref: server-11.tower-31.messagelabs.com!1428592446!15086826!2 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 6.13.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 28563 invoked from network); 9 Apr 2015 15:14:09 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-11.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 9 Apr 2015 15:14:09 -0000 X-IronPort-AV: E=Sophos;i="5.11,550,1422921600"; d="scan'208";a="253565306" From: Julien Grall To: Date: Thu, 9 Apr 2015 16:09:31 +0100 Message-ID: <1428592185-18581-6-git-send-email-julien.grall@citrix.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1428592185-18581-1-git-send-email-julien.grall@citrix.com> References: <1428592185-18581-1-git-send-email-julien.grall@citrix.com> MIME-Version: 1.0 X-DLP: MIA2 Cc: Keir Fraser , ian.campbell@citrix.com, tim@xen.org, Julien Grall , Ian Jackson , stefano.stabellini@citrix.com, Jan Beulich , Daniel De Graaf Subject: [Xen-devel] [PATCH v5 p2 05/19] xen: guestcopy: Provide an helper to safely copy string from guest X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: patch@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.175 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: From: Julien Grall Flask code already provides a helper to copy a string from guest. In a later patch, the new DT hypercalls will need a similar function. To avoid code duplication, copy the flask helper (flask_copying_string) to common code: - Rename into safe_copy_string_from_guest - Add comment to explain the extra +1 - Return the buffer directly and use the macros provided by xen/err.h to return an error code if necessary. Signed-off-by: Julien Grall Acked-by: Daniel De Graaf Acked-by: Ian Campbell Cc: Ian Jackson Cc: Jan Beulich Cc: Keir Fraser --- Changes in v5: - return a char* rather than a void* - Use '\0' rather than 0 Changes in v4: - Use -ENOBUFS rather than -ENOENT - Fix coding style in comment - Typoes in commit message - Convert the new flask_copying_string (for DT) in safe_copy_string_from_guest - Add Ian and Daniel's ack Changes in v3: - Use macros of xen/err.h to return either the buffer or an error code - Reuse size_t instead of unsigned long - Update comment and commit message Changes in v2: - Rename copy_string_from_guest into safe_copy_string_from_guest - Update commit message and comment in the code --- xen/common/Makefile | 1 + xen/common/guestcopy.c | 31 ++++++++++++++++++++++++++ xen/include/xen/guest_access.h | 5 +++++ xen/xsm/flask/flask_op.c | 49 +++++++++++------------------------------- 4 files changed, 50 insertions(+), 36 deletions(-) create mode 100644 xen/common/guestcopy.c diff --git a/xen/common/Makefile b/xen/common/Makefile index e5bd75b..74deac0 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -9,6 +9,7 @@ obj-y += event_2l.o obj-y += event_channel.o obj-y += event_fifo.o obj-y += grant_table.o +obj-y += guestcopy.o obj-y += irq.o obj-y += kernel.o obj-y += keyhandler.o diff --git a/xen/common/guestcopy.c b/xen/common/guestcopy.c new file mode 100644 index 0000000..6ae1815 --- /dev/null +++ b/xen/common/guestcopy.c @@ -0,0 +1,31 @@ +#include +#include +#include +#include + +/* + * The function copies a string from the guest and adds a NUL to + * make sure the string is correctly terminated. + */ +char *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size) +{ + char *tmp; + + if ( size > max_size ) + return ERR_PTR(-ENOBUFS); + + /* Add an extra +1 to append \0 */ + tmp = xmalloc_array(char, size + 1); + if ( !tmp ) + return ERR_PTR(-ENOMEM); + + if ( copy_from_guest(tmp, u_buf, size) ) + { + xfree(tmp); + return ERR_PTR(-EFAULT); + } + tmp[size] = '\0'; + + return tmp; +} diff --git a/xen/include/xen/guest_access.h b/xen/include/xen/guest_access.h index 373454e..09989df 100644 --- a/xen/include/xen/guest_access.h +++ b/xen/include/xen/guest_access.h @@ -8,6 +8,8 @@ #define __XEN_GUEST_ACCESS_H__ #include +#include +#include #define copy_to_guest(hnd, ptr, nr) \ copy_to_guest_offset(hnd, 0, ptr, nr) @@ -27,4 +29,7 @@ #define __clear_guest(hnd, nr) \ __clear_guest_offset(hnd, 0, nr) +char *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, + size_t size, size_t max_size); + #endif /* __XEN_GUEST_ACCESS_H__ */ diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 47aacc1..802ffd4 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -12,6 +12,7 @@ #include #include #include +#include #include @@ -93,29 +94,6 @@ static int domain_has_security(struct domain *d, u32 perms) perms, NULL); } -static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, - size_t size, size_t max_size) -{ - char *tmp; - - if ( size > max_size ) - return -ENOENT; - - tmp = xmalloc_array(char, size + 1); - if ( !tmp ) - return -ENOMEM; - - if ( copy_from_guest(tmp, u_buf, size) ) - { - xfree(tmp); - return -EFAULT; - } - tmp[size] = 0; - - *buf = tmp; - return 0; -} - #endif /* COMPAT */ static int flask_security_user(struct xen_flask_userlist *arg) @@ -129,9 +107,9 @@ static int flask_security_user(struct xen_flask_userlist *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + user = safe_copy_string_from_guest(arg->u.user, arg->size, PAGE_SIZE); + if ( IS_ERR(user) ) + return PTR_ERR(user); rv = security_get_user_sids(arg->start_sid, user, &sids, &nsids); if ( rv < 0 ) @@ -244,9 +222,9 @@ static int flask_security_context(struct xen_flask_sid_context *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE); - if ( rv ) - return rv; + buf = safe_copy_string_from_guest(arg->context, arg->size, PAGE_SIZE); + if ( IS_ERR(buf) ) + return PTR_ERR(buf); rv = security_context_to_sid(buf, arg->size, &arg->sid); if ( rv < 0 ) @@ -336,14 +314,13 @@ static int flask_security_setavc_threshold(struct xen_flask_setavc_threshold *ar static int flask_security_resolve_bool(struct xen_flask_boolean *arg) { char *name; - int rv; if ( arg->bool_id != -1 ) return 0; - rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr); - if ( rv ) - return rv; + name = safe_copy_string_from_guest(arg->name, arg->size, bool_maxstr); + if ( IS_ERR(name) ) + return PTR_ERR(name); arg->bool_id = security_find_bool(name); arg->size = 0; @@ -574,9 +551,9 @@ static int flask_devicetree_label(struct xen_flask_devicetree_label *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->path, &buf, arg->length, PAGE_SIZE); - if ( rv ) - return rv; + buf = safe_copy_string_from_guest(arg->path, arg->length, PAGE_SIZE); + if ( IS_ERR(buf) ) + return PTR_ERR(buf); /* buf is consumed or freed by this function */ rv = security_devicetree_setlabel(buf, sid);