From patchwork Wed May 6 06:22:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219823 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2537CC28CBC for ; Wed, 6 May 2020 06:22:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 064F32073A for ; Wed, 6 May 2020 06:22:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="AnF0/P5T" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728156AbgEFGWf (ORCPT ); Wed, 6 May 2020 02:22:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728135AbgEFGWd (ORCPT ); Wed, 6 May 2020 02:22:33 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9FC1EC061A0F; Tue, 5 May 2020 23:22:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=FhwjB9eDi0xwZgnRZDImeNjcc9cNIZkOcwQVq4y1nSU=; b=AnF0/P5TZEydKVjeOns7QO94Ue orcDWvTLvKyPcbOPYUhH2LvdJ3J06jkTlJkjDMCbGLBgmIZDx1HWExFEW9948O4Sew/Hfp5+rIR6g 0UrQCf4UPCzdQEjDavtNWl5ssnjBntXnshr8IXkXCGMLVJ+jGwV7BcbWIBCZnGOQUwvS8cT34l2OP Ofm4bUGBPTy//AFzotLCvwvWC0fmbezmQUQnMrOEVauvvOQvuhy61W2hBgkahmuNiK4ZWXzxlqOsc JFdmMjGXww6cBMKhBGJ7OSEeIed8kRVgSHZEqdkyvzFvd5jkqWmcg4ODg7qYngBd1FA+YR3o2vrvz AslZVoSA==; Received: from [2001:4bb8:191:66b6:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWDRv-0006LL-HJ; Wed, 06 May 2020 06:22:32 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 02/15] maccess: remove various unused weak aliases Date: Wed, 6 May 2020 08:22:10 +0200 Message-Id: <20200506062223.30032-3-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200506062223.30032-1-hch@lst.de> References: <20200506062223.30032-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org maccess tends to define lots of underscore prefixed symbols that then have other weak aliases. But except for two cases they are never actually used, so remove them. Signed-off-by: Christoph Hellwig --- include/linux/uaccess.h | 3 --- mm/maccess.c | 19 +++---------------- 2 files changed, 3 insertions(+), 19 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 67f016010aad5..a2c606a403745 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -324,7 +324,6 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size); * happens, handle that and return -EFAULT. */ extern long probe_user_read(void *dst, const void __user *src, size_t size); -extern long __probe_user_read(void *dst, const void __user *src, size_t size); /* * probe_kernel_write(): safely attempt to write to a location @@ -336,7 +335,6 @@ extern long __probe_user_read(void *dst, const void __user *src, size_t size); * happens, handle that and return -EFAULT. */ extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); -extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size); /* * probe_user_write(): safely attempt to write to a location in user space @@ -348,7 +346,6 @@ extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size * happens, handle that and return -EFAULT. */ extern long notrace probe_user_write(void __user *dst, const void *src, size_t size); -extern long notrace __probe_user_write(void __user *dst, const void *src, size_t size); extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); extern long strncpy_from_unsafe_strict(char *dst, const void *unsafe_addr, diff --git a/mm/maccess.c b/mm/maccess.c index cf21e604f78cb..4e7f3b6eb05ae 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -79,11 +79,7 @@ EXPORT_SYMBOL_GPL(probe_kernel_read); * Safely read from user address @src to the buffer at @dst. If a kernel fault * happens, handle that and return -EFAULT. */ - -long __weak probe_user_read(void *dst, const void __user *src, size_t size) - __attribute__((alias("__probe_user_read"))); - -long __probe_user_read(void *dst, const void __user *src, size_t size) +long probe_user_read(void *dst, const void __user *src, size_t size) { long ret = -EFAULT; mm_segment_t old_fs = get_fs(); @@ -106,11 +102,7 @@ EXPORT_SYMBOL_GPL(probe_user_read); * Safely write to address @dst from the buffer at @src. If a kernel fault * happens, handle that and return -EFAULT. */ - -long __weak probe_kernel_write(void *dst, const void *src, size_t size) - __attribute__((alias("__probe_kernel_write"))); - -long __probe_kernel_write(void *dst, const void *src, size_t size) +long probe_kernel_write(void *dst, const void *src, size_t size) { long ret; mm_segment_t old_fs = get_fs(); @@ -131,11 +123,7 @@ long __probe_kernel_write(void *dst, const void *src, size_t size) * Safely write to address @dst from the buffer at @src. If a kernel fault * happens, handle that and return -EFAULT. */ - -long __weak probe_user_write(void __user *dst, const void *src, size_t size) - __attribute__((alias("__probe_user_write"))); - -long __probe_user_write(void __user *dst, const void *src, size_t size) +long probe_user_write(void __user *dst, const void *src, size_t size) { long ret = -EFAULT; mm_segment_t old_fs = get_fs(); @@ -171,7 +159,6 @@ long __probe_user_write(void __user *dst, const void *src, size_t size) * probing memory on a user address range where strncpy_from_unsafe_user() is * supposed to be used instead. */ - long __weak strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) __attribute__((alias("__strncpy_from_unsafe"))); From patchwork Wed May 6 06:22:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219817 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6BEBC4724C for ; Wed, 6 May 2020 06:23:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B006E20659 for ; Wed, 6 May 2020 06:23:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="sxvKi8/W" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728237AbgEFGWo (ORCPT ); Wed, 6 May 2020 02:22:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728213AbgEFGWm (ORCPT ); Wed, 6 May 2020 02:22:42 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C323C061A0F; Tue, 5 May 2020 23:22:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=8xYqhlaf56AodBMEMHzZf5wu40Wrvnh8K80Ep72Z4QE=; b=sxvKi8/WbsjGhIbs0fT7Aatdkp kznIs8jVBvLERKVfIQq4WcPUrGY+BmfDpo+QgEj04EpjodvYUlxBjOjshsZVqnJ86Q8Jx/bvcwD54 ceKqgKmaI5tmHmHuAC+BfPLt6urHvBNsRpf5S5hXTIU8eQU+xGGjemoHPzAXXUdmmj9J8YQNqcFEf waQHX5H057Cw5UhNIotpXGOd3GpwcwtF11CNspe8bWzWMHeXKxueOp6ht7xvJqBk7TA07rlctTvdr 5UQW/g2enjOu/xQfD/uSk5OqgP8ZoTJj0WgChhpbQ73oTrvgMmt5uqrgFDaR559CveBDXiPPkvQIP 35MGjDzg==; Received: from [2001:4bb8:191:66b6:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWDS4-0006aB-IZ; Wed, 06 May 2020 06:22:41 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 05/15] maccess: update the top of file comment Date: Wed, 6 May 2020 08:22:13 +0200 Message-Id: <20200506062223.30032-6-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200506062223.30032-1-hch@lst.de> References: <20200506062223.30032-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This file now also contains several helpers for accessing user memory. Signed-off-by: Christoph Hellwig --- mm/maccess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/maccess.c b/mm/maccess.c index 747581ac50dc9..65880ba2ca376 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Access kernel memory without faulting. + * Access kernel or user memory without faulting. */ #include #include From patchwork Wed May 6 06:22:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219822 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6656EC4725A for ; Wed, 6 May 2020 06:22:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4323A2145D for ; Wed, 6 May 2020 06:22:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ed8D62ET" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728271AbgEFGWr (ORCPT ); Wed, 6 May 2020 02:22:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728213AbgEFGWp (ORCPT ); Wed, 6 May 2020 02:22:45 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 813AEC061A0F; Tue, 5 May 2020 23:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=uu5+p1IElYcCoqcRQhr2s0X0BQJM+h23Zjg2TeFbD1w=; b=ed8D62ETyvVJqvLsHu+XTquwMX HFhMQtrqDJdWSGppVm1JzYBycT/2TLeZthstJw69AnfAfYWYivqGe24slo74isHoG1IHkyG7IoAgs 1ENpgp0Y9Jxsdth5mPAo4cCaINFQZ+LaMbpWiinYlYRky2nCe1OOfb5BRjIvVJVe2zZN5B6nRipEM CwFym/arEUqvXljIhq6UkacBJkrNekH6NzsZ7oerThvVXPO32z4bIMOh+jr7Wn2giGd6a7wasqsJ0 EfqoI9NYlKQrLeddEXpCXpR6pc0BrNuBGcC1ejXhZurvAsNdgfZEf6pSWgfnz5rh+n1sbcNJbd+NF YBm3IXsw==; Received: from [2001:4bb8:191:66b6:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWDS7-0006c4-L4; Wed, 06 May 2020 06:22:44 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 06/15] maccess: rename strncpy_from_unsafe_user to strncpy_from_user_unsafe Date: Wed, 6 May 2020 08:22:14 +0200 Message-Id: <20200506062223.30032-7-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200506062223.30032-1-hch@lst.de> References: <20200506062223.30032-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This matches the convention of always having _unsafe as a suffix, as well as match the naming of strncpy_from_user. Signed-off-by: Christoph Hellwig --- include/linux/uaccess.h | 2 +- kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace_kprobe.c | 2 +- mm/maccess.c | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 5a36a298a85f8..74db16fac2a04 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -313,7 +313,7 @@ extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); extern long strncpy_from_unsafe_strict(char *dst, const void *unsafe_addr, long count); extern long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); -extern long strncpy_from_unsafe_user(char *dst, const void __user *unsafe_addr, +extern long strncpy_from_user_unsafe(char *dst, const void __user *unsafe_addr, long count); extern long strnlen_unsafe_user(const void __user *unsafe_addr, long count); diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index ca1796747a773..d3989384e515d 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -159,7 +159,7 @@ static const struct bpf_func_proto bpf_probe_read_user_proto = { BPF_CALL_3(bpf_probe_read_user_str, void *, dst, u32, size, const void __user *, unsafe_ptr) { - int ret = strncpy_from_unsafe_user(dst, unsafe_ptr, size); + int ret = strncpy_from_user_unsafe(dst, unsafe_ptr, size); if (unlikely(ret < 0)) memset(dst, 0, size); diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index d0568af4a0ef6..67ed9655afc51 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1262,7 +1262,7 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) __dest = get_loc_data(dest, base); - ret = strncpy_from_unsafe_user(__dest, uaddr, maxlen); + ret = strncpy_from_user_unsafe(__dest, uaddr, maxlen); if (ret >= 0) *(u32 *)dest = make_data_loc(ret, __dest - base); diff --git a/mm/maccess.c b/mm/maccess.c index 65880ba2ca376..76f9d4dd51300 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -215,7 +215,7 @@ long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) } /** - * strncpy_from_unsafe_user: - Copy a NUL terminated string from unsafe user + * strncpy_from_user_unsafe: - Copy a NUL terminated string from unsafe user * address. * @dst: Destination address, in kernel space. This buffer must be at * least @count bytes long. @@ -232,7 +232,7 @@ long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) * If @count is smaller than the length of the string, copies @count-1 bytes, * sets the last byte of @dst buffer to NUL and returns @count. */ -long strncpy_from_unsafe_user(char *dst, const void __user *unsafe_addr, +long strncpy_from_user_unsafe(char *dst, const void __user *unsafe_addr, long count) { mm_segment_t old_fs = get_fs(); From patchwork Wed May 6 06:22:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219821 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5939CC47259 for ; Wed, 6 May 2020 06:22:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3972E20714 for ; Wed, 6 May 2020 06:22:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="oWvEfbUn" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728309AbgEFGWy (ORCPT ); Wed, 6 May 2020 02:22:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728278AbgEFGWv (ORCPT ); Wed, 6 May 2020 02:22:51 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7EDF4C061A0F; Tue, 5 May 2020 23:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=Ism2pGSU5WX+kUcuOyuDphkif76JmaDpJJbD5Qn0Unw=; b=oWvEfbUnPltf7xRcMQ+nlweVoI KSmHiWsNNboxH9dPYh3gGa2Egw9v08GsiPpXlrGB8RymBTSvySy8WxrHhxnSz5t31KbJllBL93Zb+ ROXyRz3m8oLC7Dv3OfUu4D6B56P+PkLP8ZwySHDeJ4GqJMyiRCo4gMO+8RDp4gn7zZjyhXga02ORb 6gg3Be7cUNmoulvxSPoQQ42CdKj3fL0qxit+XPp3pbkNx0g1nu2lJIm9S55MEo5eJ5yR0Tjl6oLM7 vycTG08U42Vrl9XGU9mQQT/hUUps4khRpDi8MjK0NzwsAkyqXBFVwGXxsmPBUGHZHolZlNUAAxFyu Q/afGyyQ==; Received: from [2001:4bb8:191:66b6:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWDSD-0006g6-MF; Wed, 06 May 2020 06:22:50 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 08/15] maccess: rename strnlen_unsafe_user to strnlen_user_unsafe Date: Wed, 6 May 2020 08:22:16 +0200 Message-Id: <20200506062223.30032-9-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200506062223.30032-1-hch@lst.de> References: <20200506062223.30032-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This matches the convention of always having _unsafe as a suffix, as well as match the naming of strncpy_from_user_unsafe. Signed-off-by: Christoph Hellwig --- include/linux/uaccess.h | 2 +- kernel/trace/trace_kprobe.c | 2 +- mm/maccess.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 221d703480b6e..77909cafde5a8 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -315,7 +315,7 @@ extern long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, extern long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); extern long strncpy_from_user_unsafe(char *dst, const void __user *unsafe_addr, long count); -extern long strnlen_unsafe_user(const void __user *unsafe_addr, long count); +extern long strnlen_user_unsafe(const void __user *unsafe_addr, long count); /** * probe_kernel_address(): safely attempt to read from a location diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 67ed9655afc51..a7f43c7ec9880 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1215,7 +1215,7 @@ fetch_store_strlen_user(unsigned long addr) { const void __user *uaddr = (__force const void __user *)addr; - return strnlen_unsafe_user(uaddr, MAX_STRING_SIZE); + return strnlen_user_unsafe(uaddr, MAX_STRING_SIZE); } /* diff --git a/mm/maccess.c b/mm/maccess.c index 683b70518a896..95f2bf97e5ad7 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -258,7 +258,7 @@ long strncpy_from_user_unsafe(char *dst, const void __user *unsafe_addr, } /** - * strnlen_unsafe_user: - Get the size of a user string INCLUDING final NUL. + * strnlen_user_unsafe: - Get the size of a user string INCLUDING final NUL. * @unsafe_addr: The string to measure. * @count: Maximum count (including NUL) * @@ -273,7 +273,7 @@ long strncpy_from_user_unsafe(char *dst, const void __user *unsafe_addr, * Unlike strnlen_user, this can be used from IRQ handler etc. because * it disables pagefaults. */ -long strnlen_unsafe_user(const void __user *unsafe_addr, long count) +long strnlen_user_unsafe(const void __user *unsafe_addr, long count) { mm_segment_t old_fs = get_fs(); int ret; From patchwork Wed May 6 06:22:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219820 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 733DFC47256 for ; Wed, 6 May 2020 06:23:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 45E2820747 for ; Wed, 6 May 2020 06:23:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="R/INjrhA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728353AbgEFGXC (ORCPT ); Wed, 6 May 2020 02:23:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728330AbgEFGW5 (ORCPT ); Wed, 6 May 2020 02:22:57 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA96CC061A0F; Tue, 5 May 2020 23:22:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=oZwAqX6qv5ccIiIE5YKqKbwN1bXypOB0gq+qr3W5xJ4=; b=R/INjrhAFYyZD0f9X8hDc2m8t+ ajzKVjqYbb9OkFKPiJSa1VtJ8QKpEPkCH+UdK4umvL0+b+Y0OGjZg6FbDUamHCKiRcxUJcjEZb2M7 VCgopHPAuUPejFP9NdPAb/uyUHAjQbKk/sLYLV8c2nWBEi6NRij0tW8Z5D4ZZJinhgd0f/iduNSWR h6RZ3vhUVgv9V2FrumB5dPzF8YoaXZYK4/aB+65HTq6UZcq/n83iSKjt/QWxcvuMZ+XXvSjhQnYWZ Xu5Wutlc/46yQ8OjPcJlgiHyvBwK2mEDRcaN4u9/PN663OL0R/x5OfsuDN9aaLBMgGUaBEimPgnkl hOsha3vA==; Received: from [2001:4bb8:191:66b6:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWDSJ-0006jU-RK; Wed, 06 May 2020 06:22:56 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 10/15] maccess: unify the probe kernel arch hooks Date: Wed, 6 May 2020 08:22:18 +0200 Message-Id: <20200506062223.30032-11-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200506062223.30032-1-hch@lst.de> References: <20200506062223.30032-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently architectures have to override every routine that probes kernel memory, which includes a pure read and strcpy, both in strict and not strict variants. Just provide a single arch hooks instead to make sure all architectures cover all the cases. Signed-off-by: Christoph Hellwig --- arch/parisc/lib/memcpy.c | 13 ++++------- arch/um/kernel/maccess.c | 11 ++++----- arch/x86/mm/maccess.c | 18 ++++----------- include/linux/uaccess.h | 5 ++-- mm/maccess.c | 49 ++++++++++++++++++++++++++++++---------- 5 files changed, 55 insertions(+), 41 deletions(-) diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c index beceaab34ecb7..5ef648bd33119 100644 --- a/arch/parisc/lib/memcpy.c +++ b/arch/parisc/lib/memcpy.c @@ -57,14 +57,11 @@ void * memcpy(void * dst,const void *src, size_t count) EXPORT_SYMBOL(raw_copy_in_user); EXPORT_SYMBOL(memcpy); -long probe_kernel_read(void *dst, const void *src, size_t size) +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size, + bool strict) { - unsigned long addr = (unsigned long)src; - - if (addr < PAGE_SIZE) - return -EFAULT; - + if ((unsigned long)unsafe_src < PAGE_SIZE) + return false; /* check for I/O space F_EXTEND(0xfff00000) access as well? */ - - return __probe_kernel_read(dst, src, size); + return true; } diff --git a/arch/um/kernel/maccess.c b/arch/um/kernel/maccess.c index 67b2e0fa92bba..90a1bec923158 100644 --- a/arch/um/kernel/maccess.c +++ b/arch/um/kernel/maccess.c @@ -7,15 +7,14 @@ #include #include -long probe_kernel_read(void *dst, const void *src, size_t size) +bool probe_kernel_read_allowed(void *dst, const void *src, size_t size, + bool strict) { void *psrc = (void *)rounddown((unsigned long)src, PAGE_SIZE); if ((unsigned long)src < PAGE_SIZE || size <= 0) - return -EFAULT; - + return false; if (os_mincore(psrc, size + src - psrc) <= 0) - return -EFAULT; - - return __probe_kernel_read(dst, src, size); + return false; + return true; } diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c index 6290e9894fb55..5c323ab187b27 100644 --- a/arch/x86/mm/maccess.c +++ b/arch/x86/mm/maccess.c @@ -26,18 +26,10 @@ static __always_inline bool invalid_probe_range(u64 vaddr) } #endif -long probe_kernel_read_strict(void *dst, const void *src, size_t size) +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size, + bool strict) { - if (unlikely(invalid_probe_range((unsigned long)src))) - return -EFAULT; - - return __probe_kernel_read(dst, src, size); -} - -long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, long count) -{ - if (unlikely(invalid_probe_range((unsigned long)unsafe_addr))) - return -EFAULT; - - return __strncpy_from_unsafe(dst, unsafe_addr, count); + if (!strict) + return true; + return !invalid_probe_range((unsigned long)unsafe_src); } diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 77909cafde5a8..f8c47395a92df 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -301,9 +301,11 @@ copy_struct_from_user(void *dst, size_t ksize, const void __user *src, return 0; } +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, + size_t size, bool strict); + extern long probe_kernel_read(void *dst, const void *src, size_t size); extern long probe_kernel_read_strict(void *dst, const void *src, size_t size); -extern long __probe_kernel_read(void *dst, const void *src, size_t size); extern long probe_user_read(void *dst, const void __user *src, size_t size); extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); @@ -312,7 +314,6 @@ extern long notrace probe_user_write(void __user *dst, const void *src, size_t s extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); extern long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, long count); -extern long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); extern long strncpy_from_user_unsafe(char *dst, const void __user *unsafe_addr, long count); extern long strnlen_user_unsafe(const void __user *unsafe_addr, long count); diff --git a/mm/maccess.c b/mm/maccess.c index c18f2dcdb1b88..11563129cd490 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -6,6 +6,17 @@ #include #include +static long __probe_kernel_read(void *dst, const void *src, size_t size, + bool strict); +static long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, + long count, bool strict); + +bool __weak probe_kernel_read_allowed(void *dst, const void *unsafe_src, + size_t size, bool strict) +{ + return true; +} + /** * probe_kernel_read(): safely attempt to read from any location * @dst: pointer to the buffer that shall take the data @@ -19,8 +30,11 @@ * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely * separate kernel and user address spaces, and also a bad idea otherwise. */ -long __weak probe_kernel_read(void *dst, const void *src, size_t size) - __attribute__((alias("__probe_kernel_read"))); +long probe_kernel_read(void *dst, const void *src, size_t size) +{ + return __probe_kernel_read(dst, src, size, false); +} +EXPORT_SYMBOL_GPL(probe_kernel_read); /** * probe_kernel_read_strict(): safely attempt to read from kernel-space @@ -36,14 +50,20 @@ long __weak probe_kernel_read(void *dst, const void *src, size_t size) * probe_kernel_read() suitable for use within regions where the caller * already holds mmap_sem, or other locks which nest inside mmap_sem. */ -long __weak probe_kernel_read_strict(void *dst, const void *src, size_t size) - __attribute__((alias("__probe_kernel_read"))); +long probe_kernel_read_strict(void *dst, const void *src, size_t size) +{ + return __probe_kernel_read(dst, src, size, true); +} -long __probe_kernel_read(void *dst, const void *src, size_t size) +static long __probe_kernel_read(void *dst, const void *src, size_t size, + bool strict) { long ret; mm_segment_t old_fs = get_fs(); + if (!probe_kernel_read_allowed(dst, src, size, strict)) + return -EFAULT; + set_fs(KERNEL_DS); pagefault_disable(); ret = __copy_from_user_inatomic(dst, (__force const void __user *)src, @@ -55,7 +75,6 @@ long __probe_kernel_read(void *dst, const void *src, size_t size) return -EFAULT; return 0; } -EXPORT_SYMBOL_GPL(probe_kernel_read); /** * probe_user_read(): safely attempt to read from a user-space location @@ -161,8 +180,10 @@ long probe_user_write(void __user *dst, const void *src, size_t size) * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely * separate kernel and user address spaces, and also a bad idea otherwise. */ -long __weak strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) - __attribute__((alias("__strncpy_from_unsafe"))); +long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) +{ + return __strncpy_from_unsafe(dst, unsafe_addr, count, false); +} /** * strncpy_from_kernel_unsafe: - Copy a NUL terminated string from unsafe @@ -182,11 +203,13 @@ long __weak strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) * If @count is smaller than the length of the string, copies @count-1 bytes, * sets the last byte of @dst buffer to NUL and returns @count. */ -long __weak strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, - long count) - __attribute__((alias("__strncpy_from_unsafe"))); +long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, long count) +{ + return __strncpy_from_unsafe(dst, unsafe_addr, count, true); +} -long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) +static long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, + long count, bool strict) { mm_segment_t old_fs = get_fs(); const void *src = unsafe_addr; @@ -194,6 +217,8 @@ long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) if (unlikely(count <= 0)) return 0; + if (!probe_kernel_read_allowed(dst, unsafe_addr, count, strict)) + return -EFAULT; set_fs(KERNEL_DS); pagefault_disable(); From patchwork Wed May 6 06:22:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219818 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E70FC47259 for ; Wed, 6 May 2020 06:23:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1658D2073A for ; Wed, 6 May 2020 06:23:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ZxEYLUlt" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728373AbgEFGXF (ORCPT ); Wed, 6 May 2020 02:23:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728361AbgEFGXD (ORCPT ); Wed, 6 May 2020 02:23:03 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9311CC061A0F; Tue, 5 May 2020 23:23:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=YnqX7e3iRi8ZqyWswsRov2ifnOnli5oxUPAyZD7RiOM=; b=ZxEYLUltG837WhX+M/tX7SRXnu XS4J8moBK/3WJoZQ9jHvR1LC4B+8LFrluqTS34YHh1pNIZhG9NpgATarDepP5bZdooaH17iAwzC2p 5olJSsxatR9oxLTiTlgHfY6ihPw4iRPJVIP554HpcO2y3K1V5dIAKVJHha+QQYMTbxR8NR5cy/KCY K2sJPH93axSP4b1twvO5hg467TJ9WE9oEpEKBwzyIVrMpGtdU7cCe7fyYPZJRtvmiqbSwu2VAvEeR 3GQZqabeM3nEz5uyRdI2TxVkmQ8PFoydByNQPyK72tr/7eQUSbXzKEYbFDo92qPTOVVCb2O+OaCuJ HFzcjt5g==; Received: from [2001:4bb8:191:66b6:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWDSP-0006n7-Lf; Wed, 06 May 2020 06:23:02 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 12/15] maccess: always use strict semantics for probe_kernel_read Date: Wed, 6 May 2020 08:22:20 +0200 Message-Id: <20200506062223.30032-13-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200506062223.30032-1-hch@lst.de> References: <20200506062223.30032-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Except for historical confusion in the kprobes/uprobes and bpf tracers there is no good reason to ever allow user memory accesses from probe_kernel_read. Make the tracers fall back to a probe_user_read if the probe_kernel_read falls to keep the core API clean. Signed-off-by: Christoph Hellwig --- arch/parisc/lib/memcpy.c | 3 +-- arch/um/kernel/maccess.c | 3 +-- arch/x86/mm/maccess.c | 5 +---- include/linux/uaccess.h | 4 +--- kernel/trace/bpf_trace.c | 20 +++++++++++++------ kernel/trace/trace_kprobe.c | 11 ++++++++++- mm/maccess.c | 39 ++++++------------------------------- 7 files changed, 34 insertions(+), 51 deletions(-) diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c index 5ef648bd33119..9fe662b3b5604 100644 --- a/arch/parisc/lib/memcpy.c +++ b/arch/parisc/lib/memcpy.c @@ -57,8 +57,7 @@ void * memcpy(void * dst,const void *src, size_t count) EXPORT_SYMBOL(raw_copy_in_user); EXPORT_SYMBOL(memcpy); -bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size, - bool strict) +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size) { if ((unsigned long)unsafe_src < PAGE_SIZE) return false; diff --git a/arch/um/kernel/maccess.c b/arch/um/kernel/maccess.c index 90a1bec923158..734f3d7e57c0f 100644 --- a/arch/um/kernel/maccess.c +++ b/arch/um/kernel/maccess.c @@ -7,8 +7,7 @@ #include #include -bool probe_kernel_read_allowed(void *dst, const void *src, size_t size, - bool strict) +bool probe_kernel_read_allowed(void *dst, const void *src, size_t size) { void *psrc = (void *)rounddown((unsigned long)src, PAGE_SIZE); diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c index 5c323ab187b27..a1bd81677aa72 100644 --- a/arch/x86/mm/maccess.c +++ b/arch/x86/mm/maccess.c @@ -26,10 +26,7 @@ static __always_inline bool invalid_probe_range(u64 vaddr) } #endif -bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size, - bool strict) +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size) { - if (!strict) - return true; return !invalid_probe_range((unsigned long)unsafe_src); } diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 09d6e358883cc..99e2c2a41164a 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -301,11 +301,9 @@ copy_struct_from_user(void *dst, size_t ksize, const void __user *src, return 0; } -bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, - size_t size, bool strict); +bool probe_kernel_read_allowed(void *dst, const void *unsafe_src, size_t size); extern long probe_kernel_read(void *dst, const void *src, size_t size); -extern long probe_kernel_read_strict(void *dst, const void *src, size_t size); extern long probe_user_read(void *dst, const void __user *src, size_t size); extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index ffe841433caa1..f694befe8ec9b 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -183,12 +183,20 @@ bpf_probe_read_kernel_common(void *dst, u32 size, const void *unsafe_ptr, int ret = security_locked_down(LOCKDOWN_BPF_READ); if (unlikely(ret < 0)) - goto out; - ret = compat ? probe_kernel_read(dst, unsafe_ptr, size) : - probe_kernel_read_strict(dst, unsafe_ptr, size); - if (unlikely(ret < 0)) -out: - memset(dst, 0, size); + goto fail; + + ret = probe_kernel_read(dst, unsafe_ptr, size); + if (unlikely(ret < 0)) { + if (compat) + ret = probe_user_read(dst, + (__force const void __user *)unsafe_ptr, size); + if (unlikely(ret < 0)) + goto fail; + } + + return 0; +fail: + memset(dst, 0, size); return ret; } diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 525d12137325c..1300c9fd5c755 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1203,6 +1203,9 @@ fetch_store_strlen(unsigned long addr) do { ret = probe_kernel_read(&c, (u8 *)addr + len, 1); + if (ret) + ret = probe_user_read(&c, + (__force u8 __user *)addr + len, 1); len++; } while (c && ret == 0 && len < MAX_STRING_SIZE); @@ -1275,7 +1278,13 @@ fetch_store_string_user(unsigned long addr, void *dest, void *base) static nokprobe_inline int probe_mem_read(void *dest, void *src, size_t size) { - return probe_kernel_read(dest, src, size); + int ret; + + ret = probe_kernel_read(dest, src, size); + if (ret) + ret = probe_user_read(dest, (__force const void __user *)src, + size); + return ret; } static nokprobe_inline int diff --git a/mm/maccess.c b/mm/maccess.c index cbd9d668aa46e..811f49e8de113 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -6,36 +6,14 @@ #include #include -static long __probe_kernel_read(void *dst, const void *src, size_t size, - bool strict); - bool __weak probe_kernel_read_allowed(void *dst, const void *unsafe_src, - size_t size, bool strict) + size_t size) { return true; } /** - * probe_kernel_read(): safely attempt to read from any location - * @dst: pointer to the buffer that shall take the data - * @src: address to read from - * @size: size of the data chunk - * - * Same as probe_kernel_read_strict() except that for architectures with - * not fully separated user and kernel address spaces this function also works - * for user address tanges. - * - * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely - * separate kernel and user address spaces, and also a bad idea otherwise. - */ -long probe_kernel_read(void *dst, const void *src, size_t size) -{ - return __probe_kernel_read(dst, src, size, false); -} -EXPORT_SYMBOL_GPL(probe_kernel_read); - -/** - * probe_kernel_read_strict(): safely attempt to read from kernel-space + * probe_kernel_read(): safely attempt to read from kernel-space * @dst: pointer to the buffer that shall take the data * @src: address to read from * @size: size of the data chunk @@ -48,18 +26,12 @@ EXPORT_SYMBOL_GPL(probe_kernel_read); * probe_kernel_read() suitable for use within regions where the caller * already holds mmap_sem, or other locks which nest inside mmap_sem. */ -long probe_kernel_read_strict(void *dst, const void *src, size_t size) -{ - return __probe_kernel_read(dst, src, size, true); -} - -static long __probe_kernel_read(void *dst, const void *src, size_t size, - bool strict) +long probe_kernel_read(void *dst, const void *src, size_t size) { long ret; mm_segment_t old_fs = get_fs(); - if (!probe_kernel_read_allowed(dst, src, size, strict)) + if (!probe_kernel_read_allowed(dst, src, size)) return -EFAULT; set_fs(KERNEL_DS); @@ -73,6 +45,7 @@ static long __probe_kernel_read(void *dst, const void *src, size_t size, return -EFAULT; return 0; } +EXPORT_SYMBOL_GPL(probe_kernel_read); /** * probe_user_read(): safely attempt to read from a user-space location @@ -180,7 +153,7 @@ long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, long count) if (unlikely(count <= 0)) return 0; - if (!probe_kernel_read_allowed(dst, unsafe_addr, count, true)) + if (!probe_kernel_read_allowed(dst, unsafe_addr, count)) return -EFAULT; set_fs(KERNEL_DS); From patchwork Wed May 6 06:22:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 219819 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2EADEC28CBC for ; Wed, 6 May 2020 06:23:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0EBB92075E for ; Wed, 6 May 2020 06:23:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="Oyixt2C6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728412AbgEFGXO (ORCPT ); Wed, 6 May 2020 02:23:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728379AbgEFGXJ (ORCPT ); Wed, 6 May 2020 02:23:09 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91E07C061A0F; Tue, 5 May 2020 23:23:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=73xwWdERJOWUidTf3k9x6ajdY4gu8lH6d9hC6e9Kw30=; b=Oyixt2C6FuXCADF1Z+bzaBBZEJ 7tisz3mAxiH6My9gPYayi+8kQ0EDYfM7Fbww+XIZZaZxILzafqEE0OP3nRspxSPy9NbA/AAiYQa1Q B2+IJamBj3lig3cxkULH/b83CXpuMXvUPGt/yMfttVFhQOPvp9XtIh6j0JYcQ8a+iWNULMkP+ofni MKyeTyxPqBoBp/rIdfm/PUJ3LQKbN/u9JT+3y5dC5eWulRhVg4fq9zF2m4M7ixp71P0XOMKEFD/b7 ykJq5/awg9XkD1SwTBiY8MZ2NNd2qO5Bxzr4svUU8/UDdRP++K9rAJXDPxGkRGzdP6Bl3HcwWyHRA qgaJ27hw==; Received: from [2001:4bb8:191:66b6:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jWDSV-0006q8-ME; Wed, 06 May 2020 06:23:08 +0000 From: Christoph Hellwig To: x86@kernel.org, Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Linus Torvalds , Andrew Morton Cc: linux-parisc@vger.kernel.org, linux-um@lists.infradead.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH 14/15] maccess: allow architectures to provide kernel probing directly Date: Wed, 6 May 2020 08:22:22 +0200 Message-Id: <20200506062223.30032-15-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200506062223.30032-1-hch@lst.de> References: <20200506062223.30032-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Provide alternative versions of probe_kernel_read, probe_kernel_write and strncpy_from_kernel_unsafe that don't need set_fs magic, but instead use arch hooks that are modelled after unsafe_{get,put}_user to access kernel memory in an exception safe way. Signed-off-by: Christoph Hellwig --- mm/maccess.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/mm/maccess.c b/mm/maccess.c index aa59967d9b658..d99a5a67fa9b3 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -12,6 +12,81 @@ bool __weak probe_kernel_read_allowed(void *dst, const void *unsafe_src, return true; } +#ifdef HAVE_ARCH_PROBE_KERNEL + +#define probe_kernel_read_loop(dst, src, len, type, err_label) \ + while (len >= sizeof(type)) { \ + arch_kernel_read(dst, src, type, err_label); \ + dst += sizeof(type); \ + src += sizeof(type); \ + len -= sizeof(type); \ + } + +long probe_kernel_read(void *dst, const void *src, size_t size) +{ + if (!probe_kernel_read_allowed(dst, src, size)) + return -EFAULT; + + pagefault_disable(); + probe_kernel_read_loop(dst, src, size, u64, Efault); + probe_kernel_read_loop(dst, src, size, u32, Efault); + probe_kernel_read_loop(dst, src, size, u16, Efault); + probe_kernel_read_loop(dst, src, size, u8, Efault); + pagefault_enable(); + return 0; +Efault: + pagefault_enable(); + return -EFAULT; +} +EXPORT_SYMBOL_GPL(probe_kernel_read); + +#define probe_kernel_write_loop(dst, src, len, type, err_label) \ + while (len >= sizeof(type)) { \ + arch_kernel_write(dst, src, type, err_label); \ + dst += sizeof(type); \ + src += sizeof(type); \ + len -= sizeof(type); \ + } + +long probe_kernel_write(void *dst, const void *src, size_t size) +{ + pagefault_disable(); + probe_kernel_write_loop(dst, src, size, u64, Efault); + probe_kernel_write_loop(dst, src, size, u32, Efault); + probe_kernel_write_loop(dst, src, size, u16, Efault); + probe_kernel_write_loop(dst, src, size, u8, Efault); + pagefault_enable(); + return 0; +Efault: + pagefault_enable(); + return -EFAULT; +} + +long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, long count) +{ + const void *src = unsafe_addr; + + if (unlikely(count <= 0)) + return 0; + if (!probe_kernel_read_allowed(dst, unsafe_addr, count)) + return -EFAULT; + + pagefault_disable(); + do { + arch_kernel_read(dst, src, u8, Efault); + dst++; + src++; + } while (dst[-1] && src - unsafe_addr < count); + pagefault_enable(); + + dst[-1] = '\0'; + return src - unsafe_addr; +Efault: + pagefault_enable(); + dst[-1] = '\0'; + return -EFAULT; +} +#else /* HAVE_ARCH_PROBE_KERNEL */ /** * probe_kernel_read(): safely attempt to read from kernel-space * @dst: pointer to the buffer that shall take the data @@ -114,6 +189,7 @@ long strncpy_from_kernel_unsafe(char *dst, const void *unsafe_addr, long count) return ret ? -EFAULT : src - unsafe_addr; } +#endif /* HAVE_ARCH_PROBE_KERNEL */ /** * probe_user_read(): safely attempt to read from a user-space location