From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>,
Kees Cook <keescook@chromium.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>, "H . Peter Anvin" <hpa@zytor.com>,
the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Steven Rostedt <rostedt@goodmis.org>,
Brian Gerst <brgerst@gmail.com>,
Peter Zijlstra <peterz@infradead.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Byungchul Park <byungchul.park@lge.com>,
Nilay Vaish <nilayvaish@gmail.com>
Subject: Re: [PATCH v3] mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
Date: Tue, 30 Aug 2016 19:12:42 +0100 [thread overview]
Message-ID: <20160830181242.GK2356@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CA+55aFzUGGFUvjkTy1tK7VqO-M7iQTOAzn3n6dHoxohTqK4rhg@mail.gmail.com>
On Tue, Aug 30, 2016 at 10:02:38AM -0700, Linus Torvalds wrote:
> On Tue, Aug 30, 2016 at 6:04 AM, Josh Poimboeuf <jpoimboe@redhat.com> wrote:
> > There are three usercopy warnings which are currently being silenced for
> > gcc 4.6 and newer:
>
> [.. snip snip ..]
>
> Ok, I'm not entirely happy with the timing, but I think the problem
> counts as a regression since it effectively made all the checks go
> away in practice for most people, so I'm going to apply this patch.
>
> I know Al Viro is working on some uaccess cleanups and trying to make
> a lot of this be generic, so there's hopefully cleanups coming in the
> not too distant future (I say "hopefully", because I worry that
> looking at the mess will make Al dig his eyes out), but this seems to
> be a clear improvement.
>
> I still do wish we'd move the x86 __builtin_constant_p(n) check
> around, so that x86 wouldn't do the run-time check_object_size() for
> the trivially statically correct case, but I guess that's a separate
> issue from this patch anyway.
>
> If somebody has objections to this patch, holler quickly, because it's
> about to get applied. 3.. 2.. 1..
The only thing in my pile it conflicts with is this:
commit 0983ee6305f551faf29b11e59486679f600f1cd9
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat Aug 20 19:03:37 2016 -0400
parisc: fix copy_from_user()
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
index 0f59fd9..54cfea9 100644
--- a/arch/parisc/include/asm/uaccess.h
+++ b/arch/parisc/include/asm/uaccess.h
@@ -221,13 +221,14 @@ static inline unsigned long __must_check copy_from_user(void *to,
unsigned long n)
{
int sz = __compiletime_object_size(to);
- int ret = -EFAULT;
+ unsigned long ret = n;
if (likely(sz == -1 || !__builtin_constant_p(n) || sz >= n))
ret = __copy_from_user(to, from, n);
else
copy_from_user_overflow();
-
+ if (unlikely(ret))
+ memset(to + (n - ret), 0, ret);
return ret;
}
next prev parent reply other threads:[~2016-08-30 18:13 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-18 13:05 [PATCH v4 00/57] x86/dumpstack: rewrite x86 stack dump code Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 01/57] x86/dumpstack: remove show_trace() Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 02/57] x86/asm/head: remove unused init_rsp variable extern Josh Poimboeuf
2016-08-18 16:22 ` Sebastian Andrzej Siewior
2016-08-18 13:05 ` [PATCH v4 03/57] x86/asm/head: rename 'stack_start' -> 'initial_stack' Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 04/57] x86/asm/head: use a common function for starting CPUs Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 05/57] x86/dumpstack: make printk_stack_address() more generally useful Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 06/57] x86/dumpstack: add IRQ_USABLE_STACK_SIZE define Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 07/57] x86/dumpstack: remove extra brackets around "<EOE>" Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 08/57] x86/dumpstack: fix irq stack bounds calculation in show_stack_log_lvl() Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 09/57] x86/dumpstack: fix x86_32 kernel_stack_pointer() previous stack access Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 10/57] x86/dumpstack: add get_stack_pointer() and get_frame_pointer() Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 11/57] x86/dumpstack: remove unnecessary stack pointer arguments Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 12/57] x86: move _stext marker to before head code Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 13/57] x86/head: remove useless zeroed word Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 14/57] x86/head: put real return address on idle task stack Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 15/57] x86/head: fix the end of the stack for idle tasks Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 16/57] x86/entry/32: fix the end of the stack for newly forked tasks Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 17/57] x86/head/32: fix the end of the stack for idle tasks Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 18/57] x86/smp: fix initial idle stack location on 32-bit Josh Poimboeuf
2016-08-18 13:05 ` [PATCH v4 19/57] x86/entry/head/32: use local labels Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 20/57] x86/entry/32: rename 'error_code' to 'common_exception' Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 21/57] perf/x86: check perf_callchain_store() error Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 22/57] oprofile/x86: add regs->ip to oprofile trace Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 23/57] proc: fix return address printk conversion specifer in /proc/<pid>/stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 24/57] ftrace: remove CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST from config Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 25/57] ftrace: only allocate the ret_stack 'fp' field when needed Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 26/57] ftrace: add return address pointer to ftrace_ret_stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 27/57] ftrace: add ftrace_graph_ret_addr() stack unwinding helpers Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 28/57] x86/dumpstack/ftrace: convert dump_trace() callbacks to use ftrace_graph_ret_addr() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 29/57] ftrace/x86: implement HAVE_FUNCTION_GRAPH_RET_ADDR_PTR Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 30/57] x86/dumpstack/ftrace: mark function graph handler function as unreliable Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 31/57] x86/dumpstack/ftrace: don't print unreliable addresses in print_context_stack_bp() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 32/57] x86/dumpstack: allow preemption in show_stack_log_lvl() and dump_trace() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 33/57] x86/dumpstack: simplify in_exception_stack() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 34/57] x86/dumpstack: add get_stack_info() interface Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 35/57] x86/dumpstack: add recursion checking for all stacks Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 36/57] x86/unwind: add new unwind interface and implementations Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 37/57] perf/x86: convert perf_callchain_kernel() to use the new unwinder Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 38/57] x86/stacktrace: convert save_stack_trace_*() " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 39/57] oprofile/x86: convert x86_backtrace() " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 40/57] x86/dumpstack: convert show_trace_log_lvl() " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 41/57] x86/dumpstack: remove dump_trace() and related callbacks Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 42/57] x86/entry/unwind: create stack frames for saved interrupt registers Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 43/57] x86/unwind: create stack frames for saved syscall registers Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 44/57] x86/dumpstack: print stack identifier on its own line Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 45/57] x86/dumpstack: print any pt_regs found on the stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 46/57] x86/dumpstack: fix duplicate RIP address display in __show_regs() Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 47/57] x86/dumpstack: print orig_ax " Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 48/57] x86: remove 64-byte gap at end of irq stack Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 49/57] x86/unwind: warn on kernel stack corruption Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 50/57] x86/unwind: warn on bad stack return address Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 51/57] x86/unwind: warn if stack grows up Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 52/57] x86/dumpstack: warn on stack recursion Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 53/57] x86/mm: move arch_within_stack_frames() to usercopy.c Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 54/57] x86/mm: convert arch_within_stack_frames() to use the new unwinder Josh Poimboeuf
2016-08-19 18:27 ` Kees Cook
2016-08-19 21:55 ` Josh Poimboeuf
2016-08-22 20:27 ` Josh Poimboeuf
2016-08-22 23:33 ` Josh Poimboeuf
2016-08-23 0:59 ` Kees Cook
2016-08-23 4:21 ` Josh Poimboeuf
2016-08-22 22:11 ` Linus Torvalds
2016-08-23 1:27 ` Kees Cook
2016-08-23 16:21 ` Josh Poimboeuf
2016-08-23 18:47 ` Linus Torvalds
2016-08-23 16:06 ` Josh Poimboeuf
2016-08-23 19:28 ` [PATCH 1/2] mm/usercopy: get rid of "provably correct" warnings Josh Poimboeuf
2016-08-24 2:36 ` Kees Cook
2016-08-23 19:28 ` [PATCH 2/2] mm/usercopy: enable usercopy size checking for modern versions of gcc Josh Poimboeuf
2016-08-24 2:37 ` Kees Cook
2016-08-25 20:47 ` Josh Poimboeuf
2016-08-26 2:14 ` Kees Cook
2016-08-26 3:27 ` Josh Poimboeuf
2016-08-26 13:42 ` Kees Cook
2016-08-26 13:55 ` Josh Poimboeuf
2016-08-26 20:56 ` Josh Poimboeuf
2016-08-26 21:00 ` Josh Poimboeuf
2016-08-27 0:37 ` Linus Torvalds
2016-08-29 14:48 ` Josh Poimboeuf
2016-08-29 15:36 ` Linus Torvalds
2016-08-29 17:08 ` [PATCH v2] mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS Josh Poimboeuf
2016-08-29 17:59 ` Josh Poimboeuf
2016-08-30 13:04 ` [PATCH v3] " Josh Poimboeuf
2016-08-30 17:02 ` Linus Torvalds
2016-08-30 18:12 ` Al Viro [this message]
2016-08-30 18:13 ` Linus Torvalds
2016-08-30 18:15 ` Kees Cook
2016-08-30 19:09 ` Josh Poimboeuf
2016-08-30 19:20 ` Kees Cook
2016-08-30 20:13 ` Al Viro
2016-08-30 22:20 ` Kees Cook
2016-08-31 9:43 ` Mark Rutland
2016-08-30 18:33 ` [PATCH 2/2] mm/usercopy: enable usercopy size checking for modern versions of gcc Kees Cook
2016-08-23 20:31 ` [PATCH v4 54/57] x86/mm: convert arch_within_stack_frames() to use the new unwinder Andy Lutomirski
2016-08-23 21:06 ` Linus Torvalds
2016-08-23 21:08 ` Josh Poimboeuf
2016-08-24 1:37 ` Kees Cook
2016-08-18 13:06 ` [PATCH v4 55/57] x86/mm: simplify starting frame logic for hardened usercopy Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 56/57] x86/mm: removed unused arch_within_stack_frames() arguments Josh Poimboeuf
2016-08-18 13:06 ` [PATCH v4 57/57] mm: re-enable gcc frame address warning Josh Poimboeuf
2016-08-18 13:25 ` [PATCH v4 00/57] x86/dumpstack: rewrite x86 stack dump code Frederic Weisbecker
2016-08-18 13:39 ` Ingo Molnar
2016-08-18 14:31 ` Josh Poimboeuf
2016-08-18 14:41 ` Steven Rostedt
2016-08-18 16:36 ` Ingo Molnar
2016-08-18 14:34 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160830181242.GK2356@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=brgerst@gmail.com \
--cc=byungchul.park@lge.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=nilayvaish@gmail.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox