ARM: uaccess: Fix KASAN false-positives

Message ID	20230215023706.19453-1-zev@bewilderbeest.net
State	New
Headers	show Return-Path: <openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> sender: zev) by thorn.bewilderbeest.net (Postfix) with ESMTPSA id 78EE282; Tue, 14 Feb 2023 18:37:14 -0800 (PST) From: Zev Weiss <zev@bewilderbeest.net> To: linux-arm-kernel@lists.infradead.org, kasan-dev@googlegroups.com Subject: [PATCH] ARM: uaccess: Fix KASAN false-positives Date: Tue, 14 Feb 2023 18:37:06 -0800 Message-Id: <20230215023706.19453-1-zev@bewilderbeest.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Zev Weiss <zev@bewilderbeest.net>, Arnd Bergmann <arnd@arndb.de>, Anshuman Khandual <anshuman.khandual@arm.com>, Andrew Jeffery <andrew@aj.id.au>, openbmc@lists.ozlabs.org, Russell King <linux@armlinux.org.uk>, linux-kernel@vger.kernel.org, Dinh Nguyen <dinguyen@kernel.org>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, Alexander Potapenko <glider@google.com>, Stafford Horne <shorne@gmail.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Sam Ravnborg <sam@ravnborg.org>, Dmitry Vyukov <dvyukov@google.com>, Andrey Konovalov <andreyknvl@gmail.com> Errors-To: openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "openbmc" <openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	ARM: uaccess: Fix KASAN false-positives \| expand ARM: uaccess: Fix KASAN false-positives

Message ID

20230215023706.19453-1-zev@bewilderbeest.net

State

New

Headers

From: Zev Weiss <zev@bewilderbeest.net>
To: linux-arm-kernel@lists.infradead.org,
	kasan-dev@googlegroups.com
Subject: [PATCH] ARM: uaccess: Fix KASAN false-positives
Date: Tue, 14 Feb 2023 18:37:06 -0800
Message-Id: <20230215023706.19453-1-zev@bewilderbeest.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Cc: Zev Weiss <zev@bewilderbeest.net>, Arnd Bergmann <arnd@arndb.de>,
 Anshuman Khandual <anshuman.khandual@arm.com>,
 Andrew Jeffery <andrew@aj.id.au>, openbmc@lists.ozlabs.org,
 Russell King <linux@armlinux.org.uk>, linux-kernel@vger.kernel.org,
 Dinh Nguyen <dinguyen@kernel.org>, Andrey Ryabinin <ryabinin.a.a@gmail.com>,
 Alexander Potapenko <glider@google.com>, Stafford Horne <shorne@gmail.com>,
 Vincenzo Frascino <vincenzo.frascino@arm.com>,
 Sam Ravnborg <sam@ravnborg.org>, Dmitry Vyukov <dvyukov@google.com>,
 Andrey Konovalov <andreyknvl@gmail.com>
Errors-To: openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "openbmc"
 <openbmc-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

ARM: uaccess: Fix KASAN false-positives | expand

Commit Message

Zev Weiss Feb. 15, 2023, 2:37 a.m. UTC

From: Andrew Jeffery <andrew@aj.id.au>

__copy_to_user_memcpy() and __clear_user_memset() had been calling
memcpy() and memset() respectively, leading to false-positive KASAN
reports when starting userspace:

    [   10.707901] Run /init as init process
    [   10.731892] process '/bin/busybox' started with executable stack
    [   10.745234] ==================================================================
    [   10.745796] BUG: KASAN: user-memory-access in __clear_user_memset+0x258/0x3ac
    [   10.747260] Write of size 2687 at addr 000de581 by task init/1

Use __memcpy() and __memset() instead to allow userspace access, which
is of course the intent of these functions.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
---
 arch/arm/lib/uaccess_with_memcpy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Arnd Bergmann Feb. 15, 2023, 10:07 a.m. UTC | #1

On Wed, Feb 15, 2023, at 03:37, Zev Weiss wrote:
> From: Andrew Jeffery <andrew@aj.id.au>
>
> __copy_to_user_memcpy() and __clear_user_memset() had been calling
> memcpy() and memset() respectively, leading to false-positive KASAN
> reports when starting userspace:
>
>     [   10.707901] Run /init as init process
>     [   10.731892] process '/bin/busybox' started with executable stack
>     [   10.745234] 
> ==================================================================
>     [   10.745796] BUG: KASAN: user-memory-access in 
> __clear_user_memset+0x258/0x3ac
>     [   10.747260] Write of size 2687 at addr 000de581 by task init/1
>
> Use __memcpy() and __memset() instead to allow userspace access, which
> is of course the intent of these functions.
>
> Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> Signed-off-by: Zev Weiss <zev@bewilderbeest.net>

Looks good to me. I've added it to my randconfig build tree to
see if there are any build time regressions in odd configurations.
If you don't hear back from me until tomorrow, please add this to
Russell's patch system at 

https://www.arm.linux.org.uk/developer/patches/info.php

with my

Reviewed-by: Arnd Bergmann <arnd@arndb.de>

diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c
index 14eecaaf295f..e4c2677cc1e9 100644
--- a/arch/arm/lib/uaccess_with_memcpy.c
+++ b/arch/arm/lib/uaccess_with_memcpy.c
@@ -116,7 +116,7 @@  __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
 			tocopy = n;
 
 		ua_flags = uaccess_save_and_enable();
-		memcpy((void *)to, from, tocopy);
+		__memcpy((void *)to, from, tocopy);
 		uaccess_restore(ua_flags);
 		to += tocopy;
 		from += tocopy;
@@ -178,7 +178,7 @@  __clear_user_memset(void __user *addr, unsigned long n)
 			tocopy = n;
 
 		ua_flags = uaccess_save_and_enable();
-		memset((void *)addr, 0, tocopy);
+		__memset((void *)addr, 0, tocopy);
 		uaccess_restore(ua_flags);
 		addr += tocopy;
 		n -= tocopy;

ARM: uaccess: Fix KASAN false-positives

Commit Message

Comments

Patch