Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp374839yba; Mon, 1 Apr 2019 08:06:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqyF3lKDkY89H7cpWkCF9Nhp0WSU5sUJLi0Wmv2Z2Y/JhGJ2cAJxtuQKZoPnHtatUo3h4JBJ X-Received: by 2002:a62:4649:: with SMTP id t70mr64950572pfa.100.1554131216975; Mon, 01 Apr 2019 08:06:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554131216; cv=none; d=google.com; s=arc-20160816; b=YYkGzol3xYrSwR9j3sAIB/lEscKHFCUhiAvbOBwh8ogOQPcrtPx9nxGfro4a9IcJPb GsydhiWzmLWgAxH/wAWVC/1Xdh7kKEk2LwoXdPbkdCsYnjN0V46SCc27fEfhW3G9vPXU 66g3ADUT29DMeII2YoPhmm3YKbXCsyAGs8jhz/U5wmCYdIngSsOGJVk4Qb2jCX1nIcN5 MaWQuRscX4Pms+PNaa1XeKOY/OYDYCm9666qAYq5+lAwpLNLaMvi5TAG+9n0eCbi8o1X AxJX8CxiWNOK3sZZUwaDZp32FNRTnmeeibumnxhbus33DEkQ1ykzf5SQGZtrjnUuAC6C RSxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=hh7tyO+RaWp7KSodMe7WKcK66rWlDGPe7rlXlqce7Lw=; b=C9Y/VSrpTrBy4pMUotuDeEx+VYJKVC2/5fKFQ1ZgLSRO4S1wesq+YRIe0ZNiYwcRkH l/51quXRQK8ecz6MpaaCMoO8ElLKouwB/kjwzCk/CEkUlEhAI1OVSflzbAtwY/2oLAYY AinTFfVamhGdhUMS6HnA1rOMw3/4R2vMmEC8YOZkvhj2lfbzw3KQfjMrLL5xXyrKrEsO 640PBkGphbohQRzEuZQTh+ePqEGBHJmH12eE6lKq/+eqFV5bmoR+T1o5StzL1zhMVClC fgsKICyImSdUInekkq78TryFRYMAtLTGjl6Pd/X/JFJ6hQL9UpXMuoi/zisKNH48HxQc Y6Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=EAycm5SK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j17si8624563pff.168.2019.04.01.08.06.39; Mon, 01 Apr 2019 08:06:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=EAycm5SK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727042AbfDAPE3 (ORCPT + 99 others); Mon, 1 Apr 2019 11:04:29 -0400 Received: from mail-ot1-f65.google.com ([209.85.210.65]:35158 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726617AbfDAPE3 (ORCPT ); Mon, 1 Apr 2019 11:04:29 -0400 Received: by mail-ot1-f65.google.com with SMTP id m10so8979476otp.2 for ; Mon, 01 Apr 2019 08:04:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hh7tyO+RaWp7KSodMe7WKcK66rWlDGPe7rlXlqce7Lw=; b=EAycm5SKzrsi+Kso9+g5FjPDDS7w6687Arv1NqpEY5RcerG/ftEtt74HkPMlxT3jol kY0CE/0oXVYN1wQZSSkNGdafIJom1bfsV28gZVcMz+eZKa1jrPx7PU5wv3tJgZfs/GGg WObfuKv0A2irYfpuX3OyVX/nsPej5Wwi6UJRY3J13/wd9oL7Ur38k8gwhBUJj0ggJqhQ LFLPUPNIJVqPYVb2UztjUnuhyV/mj1yTHcM02QKPgYleRCgL37MLeuH/nD0ixzAVO8A1 2v+xJI97gwrNJe5HDzK5XoyK5lHPoZLe7VQBrN9b9eLG2E9U8UMx6yMpLfnfZAVWkO39 V13w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hh7tyO+RaWp7KSodMe7WKcK66rWlDGPe7rlXlqce7Lw=; b=U17X1RhOZeRXw7zOGjMtdP1jSVHXM3m7LTyG2CkoTcaiysmEcqFeuKqJTuPDuzZWuy oZRek/M+LZleKg5OPL06k3t183kxNVN6zUorGkli8qlKyUa9rDcuSunUqDRWQ12xHUFz pUY+bkJ/9GOoMH5YzVyqyFDTsJUB40CM0XN1y6/dkckbzwkyjnVgoj2vYeTDq5YPc1XL x8LEE62mQ7TOX29zJbe93y50n8a1/N48//2dJklDwKV9x0Gm0PrbDlPM3Gju98t0mvNh FXc0IHh6j8nSh1mb1jxaXEX+Ylx9QgAuX/l6WcG9oII7rIwisDq2TujjgtLIAwuWIQVY 9Qeg== X-Gm-Message-State: APjAAAVnCvo+MQzvvs9yjjUwTJggatARe9GDowDiRXrWJy4zI1rkp589 a4BU2V/Eh0F973NnsP8teB0tyg/mOmMPAO6+u5VmLvd+Cqk= X-Received: by 2002:a9d:7095:: with SMTP id l21mr46673238otj.35.1554131067973; Mon, 01 Apr 2019 08:04:27 -0700 (PDT) MIME-Version: 1.0 References: <20190328212321.92463-1-jannh@google.com> <20190328212321.92463-2-jannh@google.com> In-Reply-To: From: Jann Horn Date: Mon, 1 Apr 2019 17:04:00 +0200 Message-ID: Subject: Re: [PATCH 2/2] x86: fix __user annotations To: David Laight Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , Andrew Morton , Qiaowei Ren Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 1, 2019 at 4:36 PM David Laight wrote: > > From: Jann Horn > > Sent: 28 March 2019 21:23 > > Fix __user annotations in various places across the x86 tree: > > > ... > > - generic_load_microcode() deals with a pointer that can be either a > > kernel pointer or a user pointer; change the code to pass it around as > > a __user pointer, and add explicit casts to convert between __user and > > __kernel > ... > > -static int get_ucode_fw(void *to, const void *from, size_t n) > > +static int get_ucode_fw(void *to, const void __user *from, size_t n) > > { > > - memcpy(to, from, n); > > + /* cast paired with request_microcode_fw() */ > > + memcpy(to, (const void __force *)from, n); > > return 0; > > } > > > > @@ -993,7 +996,8 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, > > return UCODE_NFOUND; > > } > > > > - ret = generic_load_microcode(cpu, (void *)firmware->data, > > + /* cast paired with get_ucode_fw() */ > > + ret = generic_load_microcode(cpu, (void __force __user *)firmware->data, > > firmware->size, &get_ucode_fw); > > > > release_firmware(firmware); > > @@ -1001,7 +1005,7 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, > > return ret; > > } > > > > -static int get_ucode_user(void *to, const void *from, size_t n) > > +static int get_ucode_user(void *to, const void __user *from, size_t n) > > { > > return copy_from_user(to, from, n); > > } > > @@ -1012,7 +1016,7 @@ request_microcode_user(int cpu, const void __user *buf, size_t size) > > if (is_blacklisted(cpu)) > > return UCODE_NFOUND; > > > > - return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user); > > + return generic_load_microcode(cpu, buf, size, &get_ucode_user); > > That is all an 'accident waiting to happen' ... What's your suggestion? The code used to store user pointers in kernel-typed pointers. Now it only stores kernel pointers in user-typed pointers, which is much less hazardous.