Re: [PATCH] x86: uaccess: fix regression in unsafe_get_user

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Borislav Petkov <bp@alien8.de>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Arthur Gautier <baloo@gandi.net>, Jann Horn <jannh@google.com>,
	the arch/x86 maintainers <x86@kernel.org>,
	Ingo Molnar <mingo@redhat.com>,
	kernel list <linux-kernel@vger.kernel.org>,
	Pascal Bouchareine <pascal@gandi.net>
Subject: Re: [PATCH] x86: uaccess: fix regression in unsafe_get_user
Date: Thu, 26 Sep 2019 16:08:50 +0200	[thread overview]
Message-ID: <20190926140850.GC18383@zn.tnic> (raw)
In-Reply-To: <CALCETrXyard2OXmOafiLks3YuyO=ObbjDXB6NJo_08rL4M6azw@mail.gmail.com>

On Mon, Feb 18, 2019 at 11:15:44AM -0800, Andy Lutomirski wrote:
> diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
> index 58eacd41526c..709d6efe0d42 100644
> --- a/lib/strncpy_from_user.c
> +++ b/lib/strncpy_from_user.c
> @@ -10,12 +10,7 @@
>  #include <asm/byteorder.h>
>  #include <asm/word-at-a-time.h>
>  
> -#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
> -#define IS_UNALIGNED(src, dst)	0
> -#else
> -#define IS_UNALIGNED(src, dst)	\
> -	(((long) dst | (long) src) & (sizeof(long) - 1))
> -#endif
> +#define IS_UNALIGNED(addr) (((long)(addr)) & (sizeof(long) - 1))
>  
>  /*
>   * Do a strncpy, return length of string without final '\0'.
> @@ -35,14 +30,39 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, long
>  	if (max > count)
>  		max = count;
>  
> -	if (IS_UNALIGNED(src, dst))
> +	/*
> +	 * First handle any unaligned prefix of src.
> +	 */
> +	while (max && IS_UNALIGNED(src+res)) {

put spaces around the '+', below too.

> +		char c;
> +
> +		unsafe_get_user(c, src+res, efault);
> +		dst[res] = c;
> +		if (!c)
> +			return res;
> +		res++;
> +		max--;
> +	}
> +
> +	/*
> +	 * Now we know that src + res is aligned.  If dst is unaligned and
> +	 * we don't have efficient unaligned access, then keep going one
> +	 * byte at a time.  (This could be optimized, but it would make
> +	 * the code more complicated.
> +	 */
> +#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
> +	if (IS_UNALIGNED(dst + res))
>  		goto byte_at_a_time;
> +#endif
>  
>  	while (max >= sizeof(unsigned long)) {
> +		/*
> +		 * src + res is aligned, so the reads in this loop will
> +		 * not cross a page boundary.
> +		 */
>  		unsigned long c, data;
>  
> -		/* Fall back to byte-at-a-time if we get a page fault */
> -		unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time);
> +		unsafe_get_user(c, (unsigned long __user *)(src+res), efault);
>  
>  		*(unsigned long *)(dst+res) = c;
>  		if (has_zero(c, &data, &constants)) {
> @@ -54,7 +74,9 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, long
>  		max -= sizeof(unsigned long);
>  	}
>  
> -byte_at_a_time:

You can't remove that label - the ifndef above.

> +	/*
> +	 * Finish the job one byte at a time.
> +	 */
>  	while (max) {
>  		char c;

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

     prev parent reply	other threads:[~2019-09-26 14:08 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-15 23:59 [PATCH] x86: uaccess: fix regression in unsafe_get_user baloo
2019-02-16  4:20 ` Jann Horn
2019-02-16 20:18   ` Thomas Gleixner
2019-02-16 22:25     ` Thomas Gleixner
2019-02-16 22:50     ` Andy Lutomirski
2019-02-16 22:57       ` Andy Lutomirski
2019-02-16 23:47       ` Al Viro
2019-02-17  0:02         ` Al Viro
2019-02-17  2:36         ` Andy Lutomirski
2019-02-17  3:41         ` Arthur Gautier
2019-02-17  4:22           ` Al Viro
2019-02-18 13:04             ` Thomas Gleixner
2019-02-18 19:15               ` Andy Lutomirski
2019-02-18 21:13                 ` Jann Horn
2019-02-18 21:51                 ` Arthur Gautier
2019-09-26  9:58                   ` Arthur Gautier
2019-09-26 14:09                     ` Borislav Petkov
2019-10-10 16:49                       ` Arthur Gautier
2019-11-05 14:11                         ` Borislav Petkov
2019-11-05 16:05                           ` Arthur Gautier
2019-11-06  0:21                             ` Andy Lutomirski
2019-11-06  2:22                               ` Arthur Gautier
2019-09-26 14:08                 ` Borislav Petkov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190926140850.GC18383@zn.tnic \
    --to=bp@alien8.de \
    --cc=baloo@gandi.net \
    --cc=jannh@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@redhat.com \
    --cc=pascal@gandi.net \
    --cc=tglx@linutronix.de \
    --cc=viro@zeniv.linux.org.uk \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox