From: Christian Brauner <brauner@kernel.org>
To: Florian Weimer <fweimer@redhat.com>,
Aleksa Sarai <cyphar@cyphar.com>, Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Juri Lelli <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>,
Valentin Schneider <vschneid@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Jan Kara <jack@suse.cz>, Arnd Bergmann <arnd@arndb.de>,
Shuah Khan <shuah@kernel.org>, Kees Cook <kees@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org,
linux-kselftest@vger.kernel.org, libc-alpha@sourceware.org
Subject: Re: [PATCH RFC v3 02/10] sched_getattr: port to copy_struct_to_user
Date: Wed, 11 Dec 2024 11:23:43 +0100 [thread overview]
Message-ID: <20241211-gemsen-zuarbeiten-ae8d062ec251@brauner> (raw)
In-Reply-To: <87y10nz9qo.fsf@oldenburg.str.redhat.com>
On Tue, Dec 10, 2024 at 07:14:07PM +0100, Florian Weimer wrote:
> * Aleksa Sarai:
>
> > sched_getattr(2) doesn't care about trailing non-zero bytes in the
> > (ksize > usize) case, so just use copy_struct_to_user() without checking
> > ignored_trailing.
>
> I think this is what causes glibc's misc/tst-sched_setattr test to fail
> on recent kernels. The previous non-modifying behavior was documented
> in the manual page:
>
> If the caller-provided attr buffer is larger than the kernel's
> sched_attr structure, the additional bytes in the user-space
> structure are not touched.
>
> I can just drop this part of the test if the kernel deems both behaviors
> valid.
I think in general both behaviors are valid but I would consider zeroing
the unknown parts of the provided buffer to be the safer option. And all
newer extensible struct system calls do that.
But if sched_getattr(2) wants to keep its old behavior it wouldn't be a
problem to just handle this case:
diff --git a/kernel/sched/syscalls.c b/kernel/sched/syscalls.c
index 0d71fcbaf1e3..46140ec449ba 100644
--- a/kernel/sched/syscalls.c
+++ b/kernel/sched/syscalls.c
@@ -1126,6 +1126,15 @@ SYSCALL_DEFINE4(sched_getattr, pid_t, pid, struct sched_attr __user *, uattr,
}
kattr.size = min(usize, sizeof(kattr));
+ /*
+ * If userspace passed a larger structure than the kernel knows
+ * we historically didn't zero the unknown bits but
+ * copy_struct_to_user() will. Retain the old behavior by
+ * limiting the copy_to_user() to the size the kernel knows
+ * about.
+ */
+ if (usize > sizeof(kattr))
+ usize = sizeof(kattr);
return copy_struct_to_user(uattr, usize, &kattr, sizeof(kattr), NULL);
}
next prev parent reply other threads:[~2024-12-11 10:23 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-09 20:40 [PATCH RFC v3 00/10] extensible syscalls: CHECK_FIELDS to allow for easier feature detection Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 01/10] uaccess: add copy_struct_to_user helper Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 02/10] sched_getattr: port to copy_struct_to_user Aleksa Sarai
2024-12-10 18:14 ` Florian Weimer
2024-12-11 10:23 ` Christian Brauner [this message]
2025-01-18 13:02 ` Xi Ruoyao
2025-01-20 5:28 ` Florian Weimer
2025-01-20 9:21 ` Xi Ruoyao
2025-01-20 9:51 ` Florian Weimer
2024-10-09 20:40 ` [PATCH RFC v3 03/10] openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) Aleksa Sarai
2024-10-10 6:24 ` Greg KH
2024-10-10 10:09 ` (subset) " Christian Brauner
2024-10-09 20:40 ` [PATCH RFC v3 04/10] openat2: add CHECK_FIELDS flag to usize argument Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 05/10] selftests: openat2: add 0xFF poisoned data after misaligned struct Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 06/10] selftests: openat2: add CHECK_FIELDS selftests Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 07/10] clone3: add CHECK_FIELDS flag to usize argument Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 08/10] selftests: clone3: add CHECK_FIELDS selftests Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 09/10] mount_setattr: add CHECK_FIELDS flag to usize argument Aleksa Sarai
2024-10-09 20:40 ` [PATCH RFC v3 10/10] selftests: mount_setattr: add CHECK_FIELDS selftest Aleksa Sarai
2024-10-10 6:26 ` [PATCH RFC v3 00/10] extensible syscalls: CHECK_FIELDS to allow for easier feature detection Florian Weimer
2024-10-21 14:51 ` (subset) " Christian Brauner
2024-10-21 21:38 ` Aleksa Sarai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241211-gemsen-zuarbeiten-ae8d062ec251@brauner \
--to=brauner@kernel.org \
--cc=arnd@arndb.de \
--cc=bsegall@google.com \
--cc=cyphar@cyphar.com \
--cc=dietmar.eggemann@arm.com \
--cc=fweimer@redhat.com \
--cc=jack@suse.cz \
--cc=juri.lelli@redhat.com \
--cc=kees@kernel.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=shuah@kernel.org \
--cc=vincent.guittot@linaro.org \
--cc=viro@zeniv.linux.org.uk \
--cc=vschneid@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox