From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: kasan: instrument user memory access API
Date: Fri, 27 May 2016 13:38:10 +0100 [thread overview]
Message-ID: <20160527123809.GD24469@leverpostej> (raw)
In-Reply-To: <1464288231-11304-1-git-send-email-yang.shi@linaro.org>
Hi,
On Thu, May 26, 2016 at 11:43:51AM -0700, Yang Shi wrote:
> The upstream commit 1771c6e1a567ea0ba2cccc0a4ffe68a1419fd8ef
> ("x86/kasan: instrument user memory access API") added KASAN instrument to
> x86 user memory access API, so added such instrument to ARM64 too.
>
> Tested by test_kasan module.
I just gave this a go atop of the current HEAD (dc03c0f9d12d8528) on a
Juno R1 board. I hit the expected exceptions when using the test_kasan
module (once I remembered to rebuild it), and things seem to run
smoothly otherwise.
I don't see any built issues when !CONFIG_KASAN, and the patch itself
looks right to me.
So FWIW:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
As an aside, it's a shame that each architecture has to duplicate this
logic, rather than having something in the generic code like:
static inline unsigned long __must_check
copy_from_user(void *to, const void __user *from, unsigned long n)
{
kasan_check_read(from, n);
arch_copy_from_user(to, from, n);
}
Thanks,
Mark.
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++--
> 1 file changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
> index 0685d74..ec352fa 100644
> --- a/arch/arm64/include/asm/uaccess.h
> +++ b/arch/arm64/include/asm/uaccess.h
> @@ -23,6 +23,7 @@
> */
> #include <linux/string.h>
> #include <linux/thread_info.h>
> +#include <linux/kasan-checks.h>
>
> #include <asm/alternative.h>
> #include <asm/cpufeature.h>
> @@ -276,6 +277,8 @@ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long
>
> static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
> {
> + kasan_check_write(to, n);
> +
> if (access_ok(VERIFY_READ, from, n))
> n = __copy_from_user(to, from, n);
> else /* security hole - plug it */
> @@ -285,6 +288,8 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
>
> static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
> {
> + kasan_check_read(from, n);
> +
> if (access_ok(VERIFY_WRITE, to, n))
> n = __copy_to_user(to, from, n);
> return n;
> @@ -297,8 +302,17 @@ static inline unsigned long __must_check copy_in_user(void __user *to, const voi
> return n;
> }
>
> -#define __copy_to_user_inatomic __copy_to_user
> -#define __copy_from_user_inatomic __copy_from_user
> +static inline unsigned long __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
> +{
> + kasan_check_read(from, n);
> + return __copy_to_user(to, from, n);
> +}
> +
> +static inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
> +{
> + kasan_check_write(to, n);
> + return __copy_from_user(to, from, n);
> +}
>
> static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
> {
> --
> 2.0.2
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Yang Shi <yang.shi@linaro.org>
Cc: aryabinin@virtuozzo.com, will.deacon@arm.com,
catalin.marinas@arm.com, linux-mm@kvack.org,
linaro-kernel@lists.linaro.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] arm64: kasan: instrument user memory access API
Date: Fri, 27 May 2016 13:38:10 +0100 [thread overview]
Message-ID: <20160527123809.GD24469@leverpostej> (raw)
In-Reply-To: <1464288231-11304-1-git-send-email-yang.shi@linaro.org>
Hi,
On Thu, May 26, 2016 at 11:43:51AM -0700, Yang Shi wrote:
> The upstream commit 1771c6e1a567ea0ba2cccc0a4ffe68a1419fd8ef
> ("x86/kasan: instrument user memory access API") added KASAN instrument to
> x86 user memory access API, so added such instrument to ARM64 too.
>
> Tested by test_kasan module.
I just gave this a go atop of the current HEAD (dc03c0f9d12d8528) on a
Juno R1 board. I hit the expected exceptions when using the test_kasan
module (once I remembered to rebuild it), and things seem to run
smoothly otherwise.
I don't see any built issues when !CONFIG_KASAN, and the patch itself
looks right to me.
So FWIW:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
As an aside, it's a shame that each architecture has to duplicate this
logic, rather than having something in the generic code like:
static inline unsigned long __must_check
copy_from_user(void *to, const void __user *from, unsigned long n)
{
kasan_check_read(from, n);
arch_copy_from_user(to, from, n);
}
Thanks,
Mark.
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++--
> 1 file changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
> index 0685d74..ec352fa 100644
> --- a/arch/arm64/include/asm/uaccess.h
> +++ b/arch/arm64/include/asm/uaccess.h
> @@ -23,6 +23,7 @@
> */
> #include <linux/string.h>
> #include <linux/thread_info.h>
> +#include <linux/kasan-checks.h>
>
> #include <asm/alternative.h>
> #include <asm/cpufeature.h>
> @@ -276,6 +277,8 @@ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long
>
> static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
> {
> + kasan_check_write(to, n);
> +
> if (access_ok(VERIFY_READ, from, n))
> n = __copy_from_user(to, from, n);
> else /* security hole - plug it */
> @@ -285,6 +288,8 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
>
> static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
> {
> + kasan_check_read(from, n);
> +
> if (access_ok(VERIFY_WRITE, to, n))
> n = __copy_to_user(to, from, n);
> return n;
> @@ -297,8 +302,17 @@ static inline unsigned long __must_check copy_in_user(void __user *to, const voi
> return n;
> }
>
> -#define __copy_to_user_inatomic __copy_to_user
> -#define __copy_from_user_inatomic __copy_from_user
> +static inline unsigned long __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
> +{
> + kasan_check_read(from, n);
> + return __copy_to_user(to, from, n);
> +}
> +
> +static inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
> +{
> + kasan_check_write(to, n);
> + return __copy_from_user(to, from, n);
> +}
>
> static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
> {
> --
> 2.0.2
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Yang Shi <yang.shi@linaro.org>
Cc: aryabinin@virtuozzo.com, will.deacon@arm.com,
catalin.marinas@arm.com, linux-mm@kvack.org,
linaro-kernel@lists.linaro.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] arm64: kasan: instrument user memory access API
Date: Fri, 27 May 2016 13:38:10 +0100 [thread overview]
Message-ID: <20160527123809.GD24469@leverpostej> (raw)
In-Reply-To: <1464288231-11304-1-git-send-email-yang.shi@linaro.org>
Hi,
On Thu, May 26, 2016 at 11:43:51AM -0700, Yang Shi wrote:
> The upstream commit 1771c6e1a567ea0ba2cccc0a4ffe68a1419fd8ef
> ("x86/kasan: instrument user memory access API") added KASAN instrument to
> x86 user memory access API, so added such instrument to ARM64 too.
>
> Tested by test_kasan module.
I just gave this a go atop of the current HEAD (dc03c0f9d12d8528) on a
Juno R1 board. I hit the expected exceptions when using the test_kasan
module (once I remembered to rebuild it), and things seem to run
smoothly otherwise.
I don't see any built issues when !CONFIG_KASAN, and the patch itself
looks right to me.
So FWIW:
Acked-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
As an aside, it's a shame that each architecture has to duplicate this
logic, rather than having something in the generic code like:
static inline unsigned long __must_check
copy_from_user(void *to, const void __user *from, unsigned long n)
{
kasan_check_read(from, n);
arch_copy_from_user(to, from, n);
}
Thanks,
Mark.
>
> Signed-off-by: Yang Shi <yang.shi@linaro.org>
> ---
> arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++--
> 1 file changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
> index 0685d74..ec352fa 100644
> --- a/arch/arm64/include/asm/uaccess.h
> +++ b/arch/arm64/include/asm/uaccess.h
> @@ -23,6 +23,7 @@
> */
> #include <linux/string.h>
> #include <linux/thread_info.h>
> +#include <linux/kasan-checks.h>
>
> #include <asm/alternative.h>
> #include <asm/cpufeature.h>
> @@ -276,6 +277,8 @@ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long
>
> static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
> {
> + kasan_check_write(to, n);
> +
> if (access_ok(VERIFY_READ, from, n))
> n = __copy_from_user(to, from, n);
> else /* security hole - plug it */
> @@ -285,6 +288,8 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
>
> static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
> {
> + kasan_check_read(from, n);
> +
> if (access_ok(VERIFY_WRITE, to, n))
> n = __copy_to_user(to, from, n);
> return n;
> @@ -297,8 +302,17 @@ static inline unsigned long __must_check copy_in_user(void __user *to, const voi
> return n;
> }
>
> -#define __copy_to_user_inatomic __copy_to_user
> -#define __copy_from_user_inatomic __copy_from_user
> +static inline unsigned long __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
> +{
> + kasan_check_read(from, n);
> + return __copy_to_user(to, from, n);
> +}
> +
> +static inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
> +{
> + kasan_check_write(to, n);
> + return __copy_from_user(to, from, n);
> +}
>
> static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
> {
> --
> 2.0.2
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
next prev parent reply other threads:[~2016-05-27 12:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-26 18:43 [PATCH] arm64: kasan: instrument user memory access API Yang Shi
2016-05-26 18:43 ` Yang Shi
2016-05-26 18:43 ` Yang Shi
2016-05-27 11:02 ` Andrey Ryabinin
2016-05-27 11:02 ` Andrey Ryabinin
2016-05-27 11:02 ` Andrey Ryabinin
2016-05-27 16:34 ` Shi, Yang
2016-05-27 16:34 ` Shi, Yang
2016-05-27 16:34 ` Shi, Yang
2016-05-27 17:46 ` Mark Rutland
2016-05-27 17:46 ` Mark Rutland
2016-05-27 17:46 ` Mark Rutland
2016-05-27 18:05 ` Shi, Yang
2016-05-27 18:05 ` Shi, Yang
2016-05-27 18:05 ` Shi, Yang
2016-05-27 12:38 ` Mark Rutland [this message]
2016-05-27 12:38 ` Mark Rutland
2016-05-27 12:38 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160527123809.GD24469@leverpostej \
--to=mark.rutland@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.