From patchwork Mon Sep 30 18:28:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksa Sarai X-Patchwork-Id: 1169529 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-105500-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cyphar.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="EwOYD+BO"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46hrWp0nYSz9s4Y for ; Tue, 1 Oct 2019 04:28:53 +1000 (AEST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; q=dns; s=default; b=bo0 i9QOtsTiWyd0SfinRI8X1QyIhPqJqCULXK2JeLDqeKfFFWuijfVcGEFRVUGaLqCa Dd7zK00X5WprZBw1znWM17W0O9hGIIGzx+zFVCHqgloPOy51p8PMIvCzUl0KkuXz lqq3DOmQYoCs+2mBXriFZghxmaO2vEo3n3YIlCyM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; s=default; bh=EbzKcm+Ib 1IjWYNIFi7oJr/hHUk=; b=EwOYD+BOwr0eI0YbTm1VieRKIIVmXc5E0ruqWaQai Qzg+nywzupMuN2jIyd00VPidWRTRQCZ9k+UPPteLdR13VxmTVhG9b4jK+ZQfPmKm MpgHIz8mWMFtA5GEsILD4c8C669ID3JMK3FMOs5j0osmnECLM9D6x7MqbwAXUQWD fg= Received: (qmail 11895 invoked by alias); 30 Sep 2019 18:28:48 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 11885 invoked by uid 89); 30 Sep 2019 18:28:48 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-16.8 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_2, GIT_PATCH_3, KAM_MANYTO, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.1 spammy=mix, events, operate, H*Ad:D*dk X-HELO: mx2.mailbox.org From: Aleksa Sarai To: Ingo Molnar , Peter Zijlstra , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Christian Brauner , Kees Cook Cc: Aleksa Sarai , Rasmus Villemoes , Al Viro , Linus Torvalds , libc-alpha@sourceware.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 0/4] lib: introduce copy_struct_from_user() helper Date: Tue, 1 Oct 2019 04:28:06 +1000 Message-Id: <20190930182810.6090-1-cyphar@cyphar.com> MIME-Version: 1.0 Patch changelog: v3: * Rename is_zeroed_user() to check_zeroed_user(). [Christian Brauner] * Various minor cleanups. [Christian Brauner] * Add tests for check_zeroed_user() and copy_struct_from_user() to lib/test_user_copy.ko (and thus EXPORT_SYMBOL them both). v2: v1: This series was split off from the openat2(2) syscall discussion[1]. However, the copy_struct_to_user() helper has been dropped, because after some discussion it appears that there is no really obvious semantics for how copy_struct_to_user() should work on mixed-vintages (for instance, whether [2] is the correct semantics for all syscalls). A common pattern for syscall extensions is increasing the size of a struct passed from userspace, such that the zero-value of the new fields result in the old kernel behaviour (allowing for a mix of userspace and kernel vintages to operate on one another in most cases). Previously there was no common lib/ function that implemented the necessary extension-checking semantics (and different syscalls implemented them slightly differently or incompletely[3]). This series implements the helper and ports several syscalls to use it. Some in-kernel selftests are included in this patch. More complete self-tests for copy_struct_from_user() are included in the openat2() patchset. [1]: https://lore.kernel.org/lkml/20190904201933.10736-1-cyphar@cyphar.com/ [2]: commit 1251201c0d34 ("sched/core: Fix uclamp ABI bug, clean up and robustify sched_read_attr() ABI logic and code") [3]: For instance {sched_setattr,perf_event_open,clone3}(2) all do do similar checks to copy_struct_from_user() while rt_sigprocmask(2) always rejects differently-sized struct arguments. Aleksa Sarai (4): lib: introduce copy_struct_from_user() helper clone3: switch to copy_struct_from_user() sched_setattr: switch to copy_struct_from_user() perf_event_open: switch to copy_struct_from_user() include/linux/bitops.h | 7 ++ include/linux/uaccess.h | 4 ++ include/uapi/linux/sched.h | 2 + kernel/events/core.c | 47 +++---------- kernel/fork.c | 34 ++-------- kernel/sched/core.c | 43 ++---------- lib/strnlen_user.c | 8 +-- lib/test_user_copy.c | 133 +++++++++++++++++++++++++++++++++++-- lib/usercopy.c | 123 ++++++++++++++++++++++++++++++++++ 9 files changed, 287 insertions(+), 114 deletions(-)