From: Alexander Potapenko <glider@google.com>
To: akpm@linux-foundation.org, bp@alien8.de, mingo@redhat.com,
corbet@lwn.net, tglx@linutronix.de, arnd@arndb.de
Cc: akinobu.mita@gmail.com, hpa@zytor.com, viro@zeniv.linux.org.uk,
glider@google.com, andreyknvl@google.com, dvyukov@google.com,
elver@google.com, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
x86@kernel.org, albert.linde@gmail.com,
Albert van der Linde <alinde@google.com>
Subject: [PATCH v4] x86: add failure injection to get/put/clear_user
Date: Fri, 23 Oct 2020 10:16:28 +0200 [thread overview]
Message-ID: <20201023081628.1296884-1-glider@google.com> (raw)
From: Albert van der Linde <alinde@google.com>
To test fault-tolerance of user memory acceses in x86, add support for
fault injection.
Make both put_user() and get_user() fail with -EFAULT, and clear_user()
fail by not clearing any bytes.
Reviewed-by: Akinobu Mita <akinobu.mita@gmail.com>
Reviewed-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Albert van der Linde <alinde@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
---
v2:
- no significant changes
v3:
- no changes
v4:
- instrument the new out-of-line implementations of get_user()/put_user()
- fix a minor checkpatch warning in the inline assembly
---
---
arch/x86/include/asm/uaccess.h | 36 ++++++++++++++++++++++------------
arch/x86/lib/usercopy_64.c | 3 +++
2 files changed, 26 insertions(+), 13 deletions(-)
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index f13659523108..7041ebc48b75 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -5,6 +5,7 @@
* User space memory access functions
*/
#include <linux/compiler.h>
+#include <linux/fault-inject-usercopy.h>
#include <linux/kasan-checks.h>
#include <linux/string.h>
#include <asm/asm.h>
@@ -126,11 +127,16 @@ extern int __get_user_bad(void);
int __ret_gu; \
register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \
__chk_user_ptr(ptr); \
- asm volatile("call __" #fn "_%P4" \
- : "=a" (__ret_gu), "=r" (__val_gu), \
- ASM_CALL_CONSTRAINT \
- : "0" (ptr), "i" (sizeof(*(ptr)))); \
- (x) = (__force __typeof__(*(ptr))) __val_gu; \
+ if (should_fail_usercopy()) { \
+ (x) = 0; \
+ __ret_gu = -EFAULT; \
+ } else { \
+ asm volatile("call __" #fn "_%P4" \
+ : "=a" (__ret_gu), "=r" (__val_gu), \
+ ASM_CALL_CONSTRAINT \
+ : "0" (ptr), "i" (sizeof(*(ptr)))); \
+ (x) = (__force __typeof__(*(ptr))) __val_gu; \
+ } \
__builtin_expect(__ret_gu, 0); \
})
@@ -213,14 +219,18 @@ extern void __put_user_nocheck_8(void);
int __ret_pu; \
register __typeof__(*(ptr)) __val_pu asm("%"_ASM_AX); \
__chk_user_ptr(ptr); \
- __val_pu = (x); \
- asm volatile("call __" #fn "_%P[size]" \
- : "=c" (__ret_pu), \
- ASM_CALL_CONSTRAINT \
- : "0" (ptr), \
- "r" (__val_pu), \
- [size] "i" (sizeof(*(ptr))) \
- :"ebx"); \
+ if (unlikely(should_fail_usercopy())) { \
+ __ret_pu = -EFAULT; \
+ } else { \
+ __val_pu = (x); \
+ asm volatile("call __" #fn "_%P[size]" \
+ : "=c" (__ret_pu), \
+ ASM_CALL_CONSTRAINT \
+ : "0" (ptr), \
+ "r" (__val_pu), \
+ [size] "i" (sizeof(*(ptr))) \
+ : "ebx"); \
+ } \
__builtin_expect(__ret_pu, 0); \
})
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index 508c81e97ab1..5617b3864586 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -7,6 +7,7 @@
* Copyright 2002 Andi Kleen <ak@suse.de>
*/
#include <linux/export.h>
+#include <linux/fault-inject-usercopy.h>
#include <linux/uaccess.h>
#include <linux/highmem.h>
@@ -50,6 +51,8 @@ EXPORT_SYMBOL(__clear_user);
unsigned long clear_user(void __user *to, unsigned long n)
{
+ if (should_fail_usercopy())
+ return n;
if (access_ok(to, n))
return __clear_user(to, n);
return n;
--
2.29.0.rc2.309.g374f81d7ae-goog
next reply other threads:[~2020-10-23 8:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-23 8:16 Alexander Potapenko [this message]
2020-10-23 8:19 ` [PATCH v4] x86: add failure injection to get/put/clear_user Alexander Potapenko
2020-10-23 11:01 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201023081628.1296884-1-glider@google.com \
--to=glider@google.com \
--cc=akinobu.mita@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=albert.linde@gmail.com \
--cc=alinde@google.com \
--cc=andreyknvl@google.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=hpa@zytor.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.