From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1826C432BE for ; Thu, 2 Sep 2021 06:55:54 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5B1B161008 for ; Thu, 2 Sep 2021 06:55:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5B1B161008 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.ozlabs.org Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4H0Wsh3dPGz2ynL for ; Thu, 2 Sep 2021 16:55:52 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256 header.s=casper.20170209 header.b=J7gbN5uh; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=casper.srs.infradead.org (client-ip=2001:8b0:10b:1236::1; helo=casper.infradead.org; envelope-from=batv+1fe5bfb7fcaf9fee4071+6584+infradead.org+hch@casper.srs.infradead.org; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256 header.s=casper.20170209 header.b=J7gbN5uh; dkim-atps=neutral Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4H0Wrz1pH8z2xY8 for ; Thu, 2 Sep 2021 16:55:14 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Mh8OchEd6FmGVIr9IY/rauTsPqFSK4QQAj2HctJHOu4=; b=J7gbN5uh8SlTASWpJ8YSA/TxVp lRefSwd0KAjIrpx1kPoz69y1TgfsjptLpjnJhJjVCNoq4eLwgV/iU4LLKroQEzsRRIV4Inn2yRl/L ugMpGLIjN2S0kQE2XT2wxm/typgyWvsbF/YlAETUK69H3vZiuvlp7aT2oykWDvWdisTh0/3ZuIcY4 5rMX90ZC0EhcOVMDYtEHLqQqREiPJU16Zdvr3/93rVTJWGzem6aYyq49AUGjQ9ect9XpVT9rgFoDY vEZu9ETLADTmtAa37kANnFDsc3RABHwM9ZwGKcS7nb5m1bNvbQHXEBEvtSg04DtDQeHPmUa076fxh gNSWBQ6Q==; Received: from hch by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1mLgc3-003BxP-Er; Thu, 02 Sep 2021 06:54:28 +0000 Date: Thu, 2 Sep 2021 07:54:15 +0100 From: Christoph Hellwig To: Christophe Leroy Subject: Re: [PATCH v2 3/5] signal: Add unsafe_copy_siginfo_to_user() Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Zijlstra , linux-kernel@vger.kernel.org, Linus Torvalds , Paul Mackerras , Josh Poimboeuf , linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Mon, Aug 23, 2021 at 03:35:53PM +0000, Christophe Leroy wrote: > In the same spirit as commit fb05121fd6a2 ("signal: Add > unsafe_get_compat_sigset()"), implement an 'unsafe' version of > copy_siginfo_to_user() in order to use it within user access blocks. > > For that, also add an 'unsafe' version of clear_user(). I'm a little worried about all these unsafe helper in powerpc and the ever increasing scope of the unsafe sections. Can you at least at powerpc support to objtool to verify them? objtool verifications has helped to find quite a few bugs in unsafe sections on x86. > > Signed-off-by: Christophe Leroy > --- > include/linux/signal.h | 15 +++++++++++++++ > include/linux/uaccess.h | 1 + > kernel/signal.c | 5 ----- > 3 files changed, 16 insertions(+), 5 deletions(-) > > diff --git a/include/linux/signal.h b/include/linux/signal.h > index 3454c7ff0778..659bd43daf10 100644 > --- a/include/linux/signal.h > +++ b/include/linux/signal.h > @@ -35,6 +35,21 @@ static inline void copy_siginfo_to_external(siginfo_t *to, > int copy_siginfo_to_user(siginfo_t __user *to, const kernel_siginfo_t *from); > int copy_siginfo_from_user(kernel_siginfo_t *to, const siginfo_t __user *from); > > +static __always_inline char __user *si_expansion(const siginfo_t __user *info) > +{ > + return ((char __user *)info) + sizeof(struct kernel_siginfo); > +} > + > +#define unsafe_copy_siginfo_to_user(to, from, label) do { \ > + siginfo_t __user *__ucs_to = to; \ > + const kernel_siginfo_t *__ucs_from = from; \ > + char __user *__ucs_expansion = si_expansion(__ucs_to); \ > + \ > + unsafe_copy_to_user(__ucs_to, __ucs_from, \ > + sizeof(struct kernel_siginfo), label); \ > + unsafe_clear_user(__ucs_expansion, SI_EXPANSION_SIZE, label); \ > +} while (0) > + > enum siginfo_layout { > SIL_KILL, > SIL_TIMER, > diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h > index c05e903cef02..37073caac474 100644 > --- a/include/linux/uaccess.h > +++ b/include/linux/uaccess.h > @@ -398,6 +398,7 @@ long strnlen_user_nofault(const void __user *unsafe_addr, long count); > #define unsafe_put_user(x,p,e) unsafe_op_wrap(__put_user(x,p),e) > #define unsafe_copy_to_user(d,s,l,e) unsafe_op_wrap(__copy_to_user(d,s,l),e) > #define unsafe_copy_from_user(d,s,l,e) unsafe_op_wrap(__copy_from_user(d,s,l),e) > +#define unsafe_clear_user(d, l, e) unsafe_op_wrap(__clear_user(d, l), e) > static inline unsigned long user_access_save(void) { return 0UL; } > static inline void user_access_restore(unsigned long flags) { } > #endif > diff --git a/kernel/signal.c b/kernel/signal.c > index a3229add4455..83b5971e4304 100644 > --- a/kernel/signal.c > +++ b/kernel/signal.c > @@ -3261,11 +3261,6 @@ enum siginfo_layout siginfo_layout(unsigned sig, int si_code) > return layout; > } > > -static inline char __user *si_expansion(const siginfo_t __user *info) > -{ > - return ((char __user *)info) + sizeof(struct kernel_siginfo); > -} > - > int copy_siginfo_to_user(siginfo_t __user *to, const kernel_siginfo_t *from) > { > char __user *expansion = si_expansion(to); > -- > 2.25.0 > ---end quoted text---