Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2970334imu; Sun, 9 Dec 2018 13:58:16 -0800 (PST) X-Google-Smtp-Source: AFSGD/VgVxvQsnpAeQu4P+Ldk5qp4nEPzdORQj4e2Ta7Gx3daDomGUj2ZE9N3h3KQnYPnO5sNfpc X-Received: by 2002:a17:902:20e9:: with SMTP id v38mr9388378plg.250.1544392695969; Sun, 09 Dec 2018 13:58:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544392695; cv=none; d=google.com; s=arc-20160816; b=MxW8+wBJo2bBu/wdMFHLnj+FqhTROkVvorG3yfrAX1N+i/SCJ8Krtfu2z7C9V9nmei hmD81fQwJNTBCYH6bDrPOWqGJ2salqrRp1defVhouw8jJ3AVcK7kR0aDcdcUoB1gnLzw jr0me/wpOkcftTa1KCEg3xMWy7b8YrlhnNq9I+rQdiFM9eiQHAZRUd8UpSpUd/eBNOfA 2ujPJnQK1l50PFSxRf5vGMEfO3fc+wKWN86E5oq02m3v+2Kx3xsK0K0lfxx61neJE0pu Wuye1uNJvXUNgKAhcHeLc3KFmKkLGDeGYJ1+dJh2m9ygMRAVW4dvgZjOr2fAN1a+1MpS 2XVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=RFvVpK+jpYibZRBQvBQu2HbtZMnDCTeHe6yNPCupRBc=; b=fbDCmNKeVp65YN3L9iS9T4zA326aq7NBcUXc4Z1hjjgCpCes8+ycDcVU8PqCih1isd uAZ557/iY6ucb/U3GtqMTCY/CIWOV+wBL65h209H0iAk0genmNyWFECy5ts9MknPT45V 5gBjXfsvkbyqUOwUxKB01cdnSG8WjEpGV946Ah2FS7KRyXaj5uUoxUrV701qKtsSCzHn L7/X4THJZAg4+Y70yvYpr8Uyt8ksiWGdPWjb4KRGSmxJkoPoxO86ESyMylwQ4jIErkws hOhrGQzhpjkPnETNbD9V6fCLWF69GUr7M9bkviZztumETp6Fhbdh02UNCC+SWW2RMY2X 6kng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 18si8223944pgo.331.2018.12.09.13.58.00; Sun, 09 Dec 2018 13:58:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726974AbeLIV4y (ORCPT + 99 others); Sun, 9 Dec 2018 16:56:54 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:39028 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726284AbeLIV4x (ORCPT ); Sun, 9 Dec 2018 16:56:53 -0500 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.91 #2 (Red Hat Linux)) id 1gW74F-0000z6-LH; Sun, 09 Dec 2018 21:56:51 +0000 Date: Sun, 9 Dec 2018 21:56:51 +0000 From: Al Viro To: Luc Van Oostenryck Cc: Tycho Andersen , linux-sparse@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Subject: Re: [RFC v1] copy_{to,from}_user(): only inline when !__CHECKER__ Message-ID: <20181209215651.GD2217@ZenIV.linux.org.uk> References: <20181209204449.18906-1-tycho@tycho.ws> <20181209210220.GB2217@ZenIV.linux.org.uk> <20181209212523.GE30796@cisco> <20181209213951.kumz33u6prb2seqz@ltop.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181209213951.kumz33u6prb2seqz@ltop.local> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Dec 09, 2018 at 10:39:52PM +0100, Luc Van Oostenryck wrote: > There are several more or less bad/good solutions, like: > * add raw_copy_{to,from}_user() in the list of checked function > (not inlined in most archs). > * add a new annotation to force sparse to check the byte count > (I'm thinking about __range__/OP_RANGE or something similar). > * do these checks before functions are inlined (but then some > constant count could not yet be seen as constant). * just spell it out in copy_to_user() itself - as in #ifdef C_T_U_SIZE_LIMIT if (__builtin_constant_p(count) && count > C_T_U_SIZE_LIMIT) /* something warning-triggering */ #endif in the beginning of copy_from_user(). Or simply #ifdef C_T_U_SIZE_LIMIT BUILD_BUG_ON(__builtin_constant_p(count) && count > C_T_U_SIZE_LIMIT); #endif in there...