All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Aleksa Sarai <asarai@suse.de>
Cc: Ingo Molnar <mingo@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
	Christian Brauner <christian@brauner.io>,
	Aleksa Sarai <cyphar@cyphar.com>,
	Rasmus Villemoes <linux@rasmusvillemoes.dk>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	libc-alpha@sourceware.org, linux-api@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH RESEND v3 2/4] clone3: switch to copy_struct_from_user()
Date: Mon, 30 Sep 2019 16:42:38 -0700	[thread overview]
Message-ID: <201909301640.4FC92294FF@keescook> (raw)
In-Reply-To: <20190930191526.19544-3-asarai@suse.de>

On Tue, Oct 01, 2019 at 05:15:24AM +1000, Aleksa Sarai wrote:
> From: Aleksa Sarai <cyphar@cyphar.com>
> 
> The change is very straightforward, and helps unify the syscall
> interface for struct-from-userspace syscalls. Additionally, explicitly
> define CLONE_ARGS_SIZE_VER0 to match the other users of the
> struct-extension pattern.
> 
> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
> ---
>  include/uapi/linux/sched.h |  2 ++
>  kernel/fork.c              | 34 +++++++---------------------------
>  2 files changed, 9 insertions(+), 27 deletions(-)
> 
> diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h
> index b3105ac1381a..0945805982b4 100644
> --- a/include/uapi/linux/sched.h
> +++ b/include/uapi/linux/sched.h
> @@ -47,6 +47,8 @@ struct clone_args {
>  	__aligned_u64 tls;
>  };
>  
> +#define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */
> +
>  /*
>   * Scheduling policies
>   */
> diff --git a/kernel/fork.c b/kernel/fork.c
> index f9572f416126..2ef529869c64 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -2525,39 +2525,19 @@ SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp,
>  #ifdef __ARCH_WANT_SYS_CLONE3
>  noinline static int copy_clone_args_from_user(struct kernel_clone_args *kargs,
>  					      struct clone_args __user *uargs,
> -					      size_t size)
> +					      size_t usize)
>  {
> +	int err;
>  	struct clone_args args;
>  
> -	if (unlikely(size > PAGE_SIZE))
> +	if (unlikely(usize > PAGE_SIZE))
>  		return -E2BIG;

I quickly looked through the earlier threads and couldn't find it, but
I have a memory of some discussion about moving this test into the
copy_struct_from_user() function itself? That would seems like a
reasonable idea? ("4k should be enough for any structure!")

Either way:

Reviewed-by: Kees Cook <keescook@chromium.org>


> -
> -	if (unlikely(size < sizeof(struct clone_args)))
> +	if (unlikely(usize < CLONE_ARGS_SIZE_VER0))
>  		return -EINVAL;
>  
> -	if (unlikely(!access_ok(uargs, size)))
> -		return -EFAULT;
> -
> -	if (size > sizeof(struct clone_args)) {
> -		unsigned char __user *addr;
> -		unsigned char __user *end;
> -		unsigned char val;
> -
> -		addr = (void __user *)uargs + sizeof(struct clone_args);
> -		end = (void __user *)uargs + size;
> -
> -		for (; addr < end; addr++) {
> -			if (get_user(val, addr))
> -				return -EFAULT;
> -			if (val)
> -				return -E2BIG;
> -		}
> -
> -		size = sizeof(struct clone_args);
> -	}
> -
> -	if (copy_from_user(&args, uargs, size))
> -		return -EFAULT;
> +	err = copy_struct_from_user(&args, sizeof(args), uargs, usize);
> +	if (err)
> +		return err;
>  
>  	/*
>  	 * Verify that higher 32bits of exit_signal are unset and that
> -- 
> 2.23.0
> 

-- 
Kees Cook

  reply	other threads:[~2019-09-30 23:42 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-30 19:15 [PATCH RESEND v3 0/4] lib: introduce copy_struct_from_user() helper Aleksa Sarai
2019-09-30 19:15 ` [PATCH RESEND v3 1/4] " Aleksa Sarai
2019-09-30 23:37   ` Kees Cook
2019-10-01  0:26     ` Aleksa Sarai
2019-09-30 19:15 ` [PATCH RESEND v3 2/4] clone3: switch to copy_struct_from_user() Aleksa Sarai
2019-09-30 23:42   ` Kees Cook [this message]
2019-10-01  0:40     ` Aleksa Sarai
2019-09-30 19:15 ` [PATCH RESEND v3 3/4] sched_setattr: " Aleksa Sarai
2019-09-30 23:43   ` Kees Cook
2019-09-30 19:15 ` [PATCH RESEND v3 4/4] perf_event_open: " Aleksa Sarai
2019-09-30 23:44   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201909301640.4FC92294FF@keescook \
    --to=keescook@chromium.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=asarai@suse.de \
    --cc=christian@brauner.io \
    --cc=cyphar@cyphar.com \
    --cc=jolsa@redhat.com \
    --cc=libc-alpha@sourceware.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.