From: Romain Perier <romain.perier@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>,
Romain Perier <romain.perier@gmail.com>
Subject: [PRE-REVIEW PATCH 01/16] tasklet: Prepare to change tasklet callback argument type
Date: Sun, 29 Sep 2019 18:30:13 +0200 [thread overview]
Message-ID: <20190929163028.9665-2-romain.perier@gmail.com> (raw)
In-Reply-To: <20190929163028.9665-1-romain.perier@gmail.com>
Nowadays, modern kernel subsystems that use callbacks pass the data
structure associated with a given callback as argument to the callback.
The tasklet subsystem remains the one to pass callback argument as an
arbitrary unsigned long argument. This has several problems:
- This keeps an extra field for storing the argument in each tasklet
data structure, it bloats the tasklet_struct structure with a redundant
.data field
- No type checking cannot be performed on this argument. Instead of
using container_of() like other callback subsystems, it forces callbacks
to do explicit type cast of the unsigned long argument into the required
object type.
- Buffer overflows can overwrite the .function and the .data field, so
an attacker can easily overwrite the function and its first argument
to whatever it wants.
This adds a new tasklet initialization API which will gradually replace
the existing one.
This work is greatly inspired from the timer_struct conversion series,
see commit e99e88a9d ("treewide: setup_timer() -> timer_setup()")
Signed-off-by: Romain Perier <romain.perier@gmail.com>
---
include/linux/interrupt.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
index 89fc59dab57d..f5332ae2dbeb 100644
--- a/include/linux/interrupt.h
+++ b/include/linux/interrupt.h
@@ -673,6 +673,18 @@ extern void tasklet_kill_immediate(struct tasklet_struct *t, unsigned int cpu);
extern void tasklet_init(struct tasklet_struct *t,
void (*func)(unsigned long), unsigned long data);
+#define TASKLET_DATA_TYPE unsigned long
+#define TASKLET_FUNC_TYPE void (*)(TASKLET_DATA_TYPE)
+
+#define from_tasklet(var, callback_tasklet, tasklet_fieldname) \
+ container_of(callback_tasklet, typeof(*var), tasklet_fieldname)
+
+static inline void tasklet_setup(struct tasklet_struct *t,
+ void (*callback)(struct tasklet_struct *))
+{
+ tasklet_init(t, (TASKLET_FUNC_TYPE)callback, (TASKLET_DATA_TYPE)t);
+}
+
/*
* Autoprobing for irqs:
*
--
2.23.0
next prev parent reply other threads:[~2019-09-29 16:31 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-29 16:30 [PRE-REVIEW PATCH 00/16] Modernize the tasklet API Romain Perier
2019-09-29 16:30 ` Romain Perier [this message]
2019-09-29 16:30 ` [PRE-REVIEW PATCH 02/16] crypto: ccp - Prepare to use the new " Romain Perier
2019-09-30 22:35 ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 03/16] mmc: renesas_sdhi: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 04/16] net: liquidio: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 05/16] chelsio: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 06/16] net: mvpp2: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 07/16] qed: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 08/16] isdn: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 09/16] scsi: pm8001: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 10/16] scsi: pmcraid: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 11/16] treewide: Globally replace tasklet_init() by tasklet_setup() Romain Perier
2019-09-30 22:46 ` Kees Cook
2019-10-01 17:18 ` Romain Perier
2019-10-10 22:30 ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 12/16] tasklet: Pass tasklet_struct pointer as .data in DECLARE_TASKLET Romain Perier
2019-09-30 22:44 ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 13/16] tasklet: Pass tasklet_struct pointer to callbacks unconditionally Romain Perier
2019-09-30 22:49 ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 14/16] tasklet: Remove the data argument from DECLARE_TASKLET() macros Romain Perier
2019-09-30 22:50 ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 15/16] tasklet: convert callbacks prototype for using struct tasklet_struct * arguments Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 16/16] tasklet: Add the new initialization function permanently Romain Perier
2019-09-30 22:52 ` Kees Cook
2019-10-01 17:34 ` Romain Perier
2019-09-30 23:06 ` [PRE-REVIEW PATCH 00/16] Modernize the tasklet API Kees Cook
2019-10-01 17:47 ` Romain Perier
2019-10-10 22:34 ` Kees Cook
2019-10-30 8:20 ` Allen
2019-11-07 7:29 ` Romain Perier
2019-11-07 21:22 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190929163028.9665-2-romain.perier@gmail.com \
--to=romain.perier@gmail.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox