From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org, hch@infradead.org,
Paul Mackerras <paulus@samba.org>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH RESEND v3 4/6] signal: Add unsafe_copy_siginfo_to_user32()
Date: Mon, 13 Sep 2021 19:01:18 +0200 [thread overview]
Message-ID: <cf6e3669-1644-9611-6acc-781f46dd4f9e@csgroup.eu> (raw)
In-Reply-To: <87r1dspj2c.fsf@disp2133>
Le 13/09/2021 à 17:54, Eric W. Biederman a écrit :
> Christophe Leroy <christophe.leroy@csgroup.eu> writes:
>
>> In the same spirit as commit fb05121fd6a2 ("signal: Add
>> unsafe_get_compat_sigset()"), implement an 'unsafe' version of
>> copy_siginfo_to_user32() in order to use it within user access blocks.
>>
>> To do so, we need inline version of copy_siginfo_to_external32() as we
>> don't want any function call inside user access blocks.
>
> I don't understand. What is wrong with?
>
> #define unsafe_copy_siginfo_to_user32(to, from, label) do { \
> struct compat_siginfo __user *__ucs_to = to; \
> const struct kernel_siginfo *__ucs_from = from; \
> struct compat_siginfo __ucs_new; \
> \
> copy_siginfo_to_external32(&__ucs_new, __ucs_from); \
> unsafe_copy_to_user(__ucs_to, &__ucs_new, \
> sizeof(struct compat_siginfo), label); \
> } while (0)
As far as I understood, it is forbidden to call functions within user
access blocks.
On powerpc it doesn't matter (yet), but as far as I understand x86 as a
tool called "objtool" to enforce that.
>
> Your replacement of "memset(to, 0, sizeof(*to))" with
> "struct compat_siginfo __ucs_new = {0}". is actively unsafe as the
> compiler is free not to initialize any holes in the structure to 0 in
> the later case.
Ah ? I didn't know that.
Maybe we can make as exception for memset(). Or we can hard-code a
zeroizing loop.
>
> Is there something about the unsafe macros that I am not aware of that
> makes it improper to actually call C functions? Is that a requirement
> for the instructions that change the user space access behavior?
See see
https://lore.kernel.org/lkml/20190318155142.025214872@infradead.org/T/ ?
>
> From the looks of this change all that you are doing is making it so
> that all of copy_siginfo_to_external32 is being inlined. If that is not
> a hard requirement of the instructions it seems like the wrong thing to
> do here. copy_siginfo_to_external32 has not failures so it does not need
> to be inlined so you can jump to the label.
Yes that's what I did, make sure everything is inlined. Or maybe I
misunderstood something ?
Christophe
next prev parent reply other threads:[~2021-09-13 17:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-13 15:19 [PATCH RESEND v3 1/6] powerpc/signal64: Access function descriptor with user access block Christophe Leroy
2021-09-13 15:19 ` [PATCH RESEND v3 2/6] powerpc/signal: Include the new stack frame inside the " Christophe Leroy
2021-09-13 15:19 ` [PATCH RESEND v3 3/6] signal: Add unsafe_copy_siginfo_to_user() Christophe Leroy
2021-09-13 15:19 ` [PATCH RESEND v3 4/6] signal: Add unsafe_copy_siginfo_to_user32() Christophe Leroy
2021-09-13 15:54 ` Eric W. Biederman
2021-09-13 17:01 ` Christophe Leroy [this message]
2021-09-13 15:19 ` [PATCH RESEND v3 5/6] powerpc/uaccess: Add unsafe_clear_user() Christophe Leroy
2021-09-13 15:19 ` [PATCH RESEND v3 6/6] powerpc/signal: Use unsafe_copy_siginfo_to_user() Christophe Leroy
2021-09-13 15:57 ` Eric W. Biederman
2021-09-13 16:21 ` Eric W. Biederman
2021-09-13 17:19 ` Christophe Leroy
2021-09-13 19:11 ` Eric W. Biederman
2021-09-14 14:00 ` Christophe Leroy
2021-09-13 17:14 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cf6e3669-1644-9611-6acc-781f46dd4f9e@csgroup.eu \
--to=christophe.leroy@csgroup.eu \
--cc=ebiederm@xmission.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).