From: Kees Cook <keescook@chromium.org>
To: Aleksa Sarai <asarai@suse.de>
Cc: Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
Christian Brauner <christian@brauner.io>,
Aleksa Sarai <cyphar@cyphar.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Al Viro <viro@zeniv.linux.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
libc-alpha@sourceware.org, linux-api@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH RESEND v3 3/4] sched_setattr: switch to copy_struct_from_user()
Date: Mon, 30 Sep 2019 16:43:57 -0700 [thread overview]
Message-ID: <201909301643.570C02E@keescook> (raw)
In-Reply-To: <20190930191526.19544-4-asarai@suse.de>
On Tue, Oct 01, 2019 at 05:15:25AM +1000, Aleksa Sarai wrote:
> From: Aleksa Sarai <cyphar@cyphar.com>
>
> The change is very straightforward, and helps unify the syscall
> interface for struct-from-userspace syscalls. Ideally we could also
> unify sched_getattr(2)-style syscalls as well, but unfortunately the
> correct semantics for such syscalls are much less clear (see [1] for
> more detail). In future we could come up with a more sane idea for how
> the syscall interface should look.
>
> [1]: commit 1251201c0d34 ("sched/core: Fix uclamp ABI bug, clean up and
> robustify sched_read_attr() ABI logic and code")
>
> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> kernel/sched/core.c | 43 +++++++------------------------------------
> 1 file changed, 7 insertions(+), 36 deletions(-)
>
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index 7880f4f64d0e..dd05a378631a 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -5106,9 +5106,6 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a
> u32 size;
> int ret;
>
> - if (!access_ok(uattr, SCHED_ATTR_SIZE_VER0))
> - return -EFAULT;
> -
> /* Zero the full structure, so that a short copy will be nice: */
> memset(attr, 0, sizeof(*attr));
>
> @@ -5116,45 +5113,19 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a
> if (ret)
> return ret;
>
> - /* Bail out on silly large: */
> - if (size > PAGE_SIZE)
> - goto err_size;
> -
> /* ABI compatibility quirk: */
> if (!size)
> size = SCHED_ATTR_SIZE_VER0;
> -
> - if (size < SCHED_ATTR_SIZE_VER0)
> + if (size < SCHED_ATTR_SIZE_VER0 || size > PAGE_SIZE)
> goto err_size;
>
> - /*
> - * If we're handed a bigger struct than we know of,
> - * ensure all the unknown bits are 0 - i.e. new
> - * user-space does not rely on any kernel feature
> - * extensions we dont know about yet.
> - */
> - if (size > sizeof(*attr)) {
> - unsigned char __user *addr;
> - unsigned char __user *end;
> - unsigned char val;
> -
> - addr = (void __user *)uattr + sizeof(*attr);
> - end = (void __user *)uattr + size;
> -
> - for (; addr < end; addr++) {
> - ret = get_user(val, addr);
> - if (ret)
> - return ret;
> - if (val)
> - goto err_size;
> - }
> - size = sizeof(*attr);
> + ret = copy_struct_from_user(attr, sizeof(*attr), uattr, size);
> + if (ret) {
> + if (ret == -E2BIG)
> + goto err_size;
> + return ret;
> }
>
> - ret = copy_from_user(attr, uattr, size);
> - if (ret)
> - return -EFAULT;
> -
> if ((attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) &&
> size < SCHED_ATTR_SIZE_VER1)
> return -EINVAL;
> @@ -5354,7 +5325,7 @@ sched_attr_copy_to_user(struct sched_attr __user *uattr,
> * sys_sched_getattr - similar to sched_getparam, but with sched_attr
> * @pid: the pid in question.
> * @uattr: structure containing the extended parameters.
> - * @usize: sizeof(attr) that user-space knows about, for forwards and backwards compatibility.
> + * @usize: sizeof(attr) for fwd/bwd comp.
> * @flags: for future extension.
> */
> SYSCALL_DEFINE4(sched_getattr, pid_t, pid, struct sched_attr __user *, uattr,
> --
> 2.23.0
>
--
Kees Cook
next prev parent reply other threads:[~2019-09-30 23:43 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-30 19:15 [PATCH RESEND v3 0/4] lib: introduce copy_struct_from_user() helper Aleksa Sarai
2019-09-30 19:15 ` [PATCH RESEND v3 1/4] " Aleksa Sarai
2019-09-30 23:37 ` Kees Cook
2019-10-01 0:26 ` Aleksa Sarai
2019-09-30 19:15 ` [PATCH RESEND v3 2/4] clone3: switch to copy_struct_from_user() Aleksa Sarai
2019-09-30 23:42 ` Kees Cook
2019-10-01 0:40 ` Aleksa Sarai
2019-09-30 19:15 ` [PATCH RESEND v3 3/4] sched_setattr: " Aleksa Sarai
2019-09-30 23:43 ` Kees Cook [this message]
2019-09-30 19:15 ` [PATCH RESEND v3 4/4] perf_event_open: " Aleksa Sarai
2019-09-30 23:44 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201909301643.570C02E@keescook \
--to=keescook@chromium.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=asarai@suse.de \
--cc=christian@brauner.io \
--cc=cyphar@cyphar.com \
--cc=jolsa@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.