Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp662075img; Tue, 26 Feb 2019 06:36:36 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ8z1KDp7TiLnXQyXhCqWgPs5udyCKDHS8mbsjpyXSmiF8BbpLVuTDAVEJKJRJJ6fYvh/5Q X-Received: by 2002:a62:6d81:: with SMTP id i123mr26141550pfc.235.1551191796441; Tue, 26 Feb 2019 06:36:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551191796; cv=none; d=google.com; s=arc-20160816; b=ASr/XqY54+tf0a6cBWWBejp8lVN2eVzXgGtEtgrTyEnAfGuQ9bcMr/rtgY4W18dJA2 gJUmt4pmRbk6IAghPPUYcfFtnRKXCZwdJjS9ZnZmE5FgAt3qFtXEpzd2m4RSEdGrneZy Ao89iYtYsC2C+0caiaUH4ksGs3XAIbRkJxo7kiIInWwMDC0/zfJyJp3SxfpuQPUj3w56 nvz6CJEdbg3UoQaLT22LRozSFwp+yng0YjzoK3m73hociMByOgZ5KlWIqVNsNk5x98hJ NWCEWnYAg7guXInKZeo5SQkP+FNrz5OZSgofi8EdT6F5nC5Gd6vP2ukoWsV6nEEPtzA5 qrIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=AUt4iAfRYbk6BwjoCKxvIK1Q45AuJd2RFSG+AdGqGGc=; b=A+pGbSUudwlaVGxyb+WBJw7J/iOzgieGdN8OcrUQ3ZNImoo8rZ+wik/QR0SY1ndry1 Qh5+gEdtgrkOTQoXff21tCEeov3LvOTHm6MPeZWE/YlIYaonifSMSKC5w4qVAUHHkRvF dqR+6lAhoqwfQ5pz1GIcYI0mlt0h+Sv9LqfTZ+Qf/eLmZnDwCiLqJXgqsLYXuES8DflG p8xdEbhwFT+QjeVxJrJchwp+irTAWbtWGJdqTe8gcb6oRzAUS2IJdj8frTCep55I8A+C 7iw1l6RQS8vtmylZGOwFeSyd4eZHkLrpRWVV+95A3KfjKuzgxonPviZTZM8kIRaWyP4w bxvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XRKcLkoJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v37si9779531plg.274.2019.02.26.06.36.17; Tue, 26 Feb 2019 06:36:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XRKcLkoJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727506AbfBZOfx (ORCPT + 99 others); Tue, 26 Feb 2019 09:35:53 -0500 Received: from mail-pg1-f193.google.com ([209.85.215.193]:46093 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727390AbfBZOfw (ORCPT ); Tue, 26 Feb 2019 09:35:52 -0500 Received: by mail-pg1-f193.google.com with SMTP id 196so6291647pgf.13 for ; Tue, 26 Feb 2019 06:35:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AUt4iAfRYbk6BwjoCKxvIK1Q45AuJd2RFSG+AdGqGGc=; b=XRKcLkoJARsdGGCLNMsEu1Vu8sk3uYCwX73ehOf3+cVLv75cO4w/3UTqMluqhaIGyh cCy4xvROzeQSaFXI2Iu8ow09wzrfeUVrM4ZBHYRiwLLWx0shcllKfcDdFKilrD1Kr8Mf pLE8gRxiLBO8WSSp7OrsZFKA+euo20XGdvScqo95ZZCUwpBjOnXMacjezDCcsLkt/Mth pHEFCvychKIJQf6QLymBizZy5Tzkwkra5iyXKKlgGp2QSjfkxadk85kayKTWgP4jHqma lYOKPh4aOy50Vdd3ysijeaTRxrjd48CuRB+UX9PdLo8hQkWNFjb25zGeU7TCq+mn7l5N FWRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AUt4iAfRYbk6BwjoCKxvIK1Q45AuJd2RFSG+AdGqGGc=; b=li02wqNLQw6GFjJDldj6rbuy7rhhwu1bg1ziNnJnhBrLGXzjvS43sm6+fru+/nN3GJ 4VvL721Um6didZi1PvsU5WRk2yEW8xvchr2bD4ad5n7LZS9Klot5FRPaXWqeQX3Hsgkc i3gN2mYGMQT4CW00AEcujwnLm1wt8P07+US/9nqzteEtvJi9AV7ixsBUzbF6NztmAdcO Yrp6g6XQUUNe6lXOcSlDEOPv6JzJQpdR9LrUik4eeyipFNcF3XozHvi7FZLJFsQpJuLv qtdyYqh1rfLRyENGCa0wZlQXuT3I+7V2r2qNUbmkmBBWgqhvSIQ41VzZ03X5JTyIJpmX ppwg== X-Gm-Message-State: AHQUAuY14foYRtZuVFNmSYESEkQ/37KPXS6SigRWWRnMxFleWBVwblYq TId/roATHJ25J5OahRI9tdJepsxedDoPEZMk4ao6zA== X-Received: by 2002:a62:6383:: with SMTP id x125mr25941741pfb.239.1551191751796; Tue, 26 Feb 2019 06:35:51 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Andrey Konovalov Date: Tue, 26 Feb 2019 15:35:40 +0100 Message-ID: Subject: Re: [PATCH v10 06/12] fs, arm64: untag user pointers in copy_mount_options To: Dave Hansen Cc: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Vincenzo Frascino , Linux ARM , "open list:DOCUMENTATION" , Linux Memory Management List , linux-arch , "open list:KERNEL SELFTEST FRAMEWORK" , LKML , Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya , Luc Van Oostenryck , Dave Martin , Kevin Brodsky , Szabolcs Nagy Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Feb 23, 2019 at 12:03 AM Dave Hansen wrote: > > On 2/22/19 4:53 AM, Andrey Konovalov wrote: > > --- a/fs/namespace.c > > +++ b/fs/namespace.c > > @@ -2730,7 +2730,7 @@ void *copy_mount_options(const void __user * data) > > * the remainder of the page. > > */ > > /* copy_from_user cannot cross TASK_SIZE ! */ > > - size = TASK_SIZE - (unsigned long)data; > > + size = TASK_SIZE - (unsigned long)untagged_addr(data); > > if (size > PAGE_SIZE) > > size = PAGE_SIZE; > > I would have thought that copy_from_user() *is* entirely capable of > detecting and returning an error in the case that its arguments cross > TASK_SIZE. It will fail and return an error, but that's what it's > supposed to do. > > I'd question why this code needs to be doing its own checking in the > first place. Is there something subtle going on? The comment above exact_copy_from_user() states: Some copy_from_user() implementations do not return the exact number of bytes remaining to copy on a fault. But copy_mount_options() requires that. Note that this function differs from copy_from_user() in that it will oops on bad values of `to', rather than returning a short copy.