From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CEB81D1E79; Wed, 25 Sep 2024 12:14:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727266496; cv=none; b=PcEU7t0kzV4F+uL8AjWY+BOzE5wRXWFbM4DQJQaV/Njp/oah6UQGIOTq6HwlGt1dj2xy6rmIF/qlg1Zc1r4DegyTRsXBpr3HtbJy/R9MZ2V8PFdsA1rHeTAjzuHcYQNIvu7mGMwCDNXULhGosaqMvlMc46DEYYFF83CgXMw5MbI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727266496; c=relaxed/simple; bh=GF6eKAowSz400PxZ3jqJaBpuMNbtqxtZXvOaGdw70Qo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UBwh4v3AwbQauuoYsfQ0D6u6EK+lAqMQb6x1BlY6209XYYYByWnNhNeCtv6/M1aNMvC0vlUjl2qlnXL4somtmVeFUQfWx5/NVmDgaaruDFPm4m4T2IoR3wDd/LNpOE+7nDPKkbDguanm97FxIJcG0JohgnakyioYNqH9dYMeOvs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cHtAGEEQ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cHtAGEEQ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1C3AC4CECD; Wed, 25 Sep 2024 12:14:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727266495; bh=GF6eKAowSz400PxZ3jqJaBpuMNbtqxtZXvOaGdw70Qo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cHtAGEEQ4z8danmzFSW8L7fl2va6vjU65gz3X/FcDF4N194odx3hE/vaDfEe6Bys4 pSpkrHPOkLdcCwgRtYdiyryXy7oYwESiWdW4LOVHYMZaMxrCQayl1Ue+ZOowm5LzgY 4KZ7kgGv3FRD+bPcd7GO50IlcBCNC/b9BPZA9+ECe74Nk6esENk1A+pmZYCVI/tb6D M2bVi5VbjdS6sVi5M7/v4iM/A/CRSzaFiPwMebwTR80fcCCbgKpBzlHLITcnF3LV/4 rs9e58TI4QXCN48MelxLa/v4ySiKroxclXkuMZrLSLiU01IBbpNJes3ahX3pjUX2RW h+n5/YcYgd13Q== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Kees Cook , Mirsad Todorovac , Dave Hansen , "Gustavo A . R . Silva" , Sasha Levin , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, daniel.sneddon@linux.intel.com, jpoimboe@kernel.org, brgerst@gmail.com, pawan.kumar.gupta@linux.intel.com Subject: [PATCH AUTOSEL 6.6 072/139] x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() Date: Wed, 25 Sep 2024 08:08:12 -0400 Message-ID: <20240925121137.1307574-72-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240925121137.1307574-1-sashal@kernel.org> References: <20240925121137.1307574-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-stable: review X-Patchwork-Hint: Ignore X-stable-base: Linux 6.6.52 Content-Transfer-Encoding: 8bit From: Kees Cook [ Upstream commit d19d638b1e6cf746263ef60b7d0dee0204d8216a ] Modern (fortified) memcpy() prefers to avoid writing (or reading) beyond the end of the addressed destination (or source) struct member: In function ‘fortify_memcpy_chk’, inlined from ‘syscall_get_arguments’ at ./arch/x86/include/asm/syscall.h:85:2, inlined from ‘populate_seccomp_data’ at kernel/seccomp.c:258:2, inlined from ‘__seccomp_filter’ at kernel/seccomp.c:1231:3: ./include/linux/fortify-string.h:580:25: error: call to ‘__read_overflow2_field’ declared with attribute warning: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning] 580 | __read_overflow2_field(q_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ As already done for x86_64 and compat mode, do not use memcpy() to extract syscall arguments from struct pt_regs but rather just perform direct assignments. Binary output differences are negligible, and actually ends up using less stack space: - sub $0x84,%esp + sub $0x6c,%esp and less text size: text data bss dec hex filename 10794 252 0 11046 2b26 gcc-32b/kernel/seccomp.o.stock 10714 252 0 10966 2ad6 gcc-32b/kernel/seccomp.o.after Closes: https://lore.kernel.org/lkml/9b69fb14-df89-4677-9c82-056ea9e706f5@gmail.com/ Reported-by: Mirsad Todorovac Signed-off-by: Kees Cook Signed-off-by: Dave Hansen Reviewed-by: Gustavo A. R. Silva Acked-by: Dave Hansen Tested-by: Mirsad Todorovac Link: https://lore.kernel.org/all/20240708202202.work.477-kees%40kernel.org Signed-off-by: Sasha Levin --- arch/x86/include/asm/syscall.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h index 03bb950eba690..228a42585d5c9 100644 --- a/arch/x86/include/asm/syscall.h +++ b/arch/x86/include/asm/syscall.h @@ -82,7 +82,12 @@ static inline void syscall_get_arguments(struct task_struct *task, struct pt_regs *regs, unsigned long *args) { - memcpy(args, ®s->bx, 6 * sizeof(args[0])); + args[0] = regs->bx; + args[1] = regs->cx; + args[2] = regs->dx; + args[3] = regs->si; + args[4] = regs->di; + args[5] = regs->bp; } static inline int syscall_get_arch(struct task_struct *task) -- 2.43.0