Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1143492ybe; Wed, 4 Sep 2019 13:22:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqxpXR1msep9qJEkc9cs+UhmIEkuo+XpskzGV6vTDH0S6XBmX+FG5OmNfVqYjENcTkuzLWF0 X-Received: by 2002:a17:902:b18c:: with SMTP id s12mr20903522plr.257.1567628530753; Wed, 04 Sep 2019 13:22:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567628530; cv=none; d=google.com; s=arc-20160816; b=U0if7R7TaAhSQqVojANkHoAOJhikWVMO8vLqz36BcdPZQ5W/x9HKck/gBbXiO8LRJj Lhz91THfa+GGEtwqJNO16OdGKf/XJbJWJBRoQjK9FnP3h8qozU4mCvYeliyOXeGD58ly tF2HLdZ98C2BV72FsjptggBTz8TtaoPwCrU3Bi8FQJgB2ZyuuroajBXJWAANCSzniTXU oB0cOCbvu0T2vXut7C0MtK9fPV5qCwFJ1vYXtG/ufMb6PgSBLymLGjCD4ZU+cJ5Fk+do QqF++9PQFZt3SaUW7PuzoOTRbkwtaEU7coTxwp1WCkPtjw0ZxLbwsDzarbJQcVbKsvaU Kr3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Hytkd6CfXipAjOeIYNMd4wgrL1bL1ar67wIzHOwFoo4=; b=KupeprC0VkSqQ4gUFtAx2U3OPf89A69KO2p2X/RZLBlDqEugIRiu7IkYJ4bYQvA/1C iBJQdTO1Kog/3UM3AMg4YXwsoHaDU/Vih2Xmtf07wg+d0RWK981ny4gIcWrbngAbnTRu 0m0D63HGAPJyjoAtLkWN1tk+mtvWkwhqPXOMA1/PXl+VDY9vQFhc/EehdSbSmSgGGPlr H9kgRMXEbkmKWKYj2oQ4H6zKiHutq7RgN/T9b1wb2S9M4A1ZI+WrIplnx0YoaP7EcRXX OiCrxmLGfOSNxva50rg6VGtqM2Lbcr0yw9n1TClmzSdThu33AnrJGCi1XrzYN2UI6qrF SMhg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b8si17581284pgn.56.2019.09.04.13.21.54; Wed, 04 Sep 2019 13:22:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730414AbfIDUVF (ORCPT + 99 others); Wed, 4 Sep 2019 16:21:05 -0400 Received: from mx2.mailbox.org ([80.241.60.215]:62960 "EHLO mx2.mailbox.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730343AbfIDUVE (ORCPT ); Wed, 4 Sep 2019 16:21:04 -0400 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id CBDD1A11C8; Wed, 4 Sep 2019 22:20:59 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter05.heinlein-hosting.de (spamfilter05.heinlein-hosting.de [80.241.56.123]) (amavisd-new, port 10030) with ESMTP id wJ1JmQV60FQK; Wed, 4 Sep 2019 22:20:56 +0200 (CEST) From: Aleksa Sarai To: Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner Cc: Aleksa Sarai , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Kees Cook , Jann Horn , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Rasmus Villemoes , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linus Torvalds , containers@lists.linux-foundation.org, linux-alpha@vger.kernel.org, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-ia64@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org Subject: [PATCH v12 03/12] sched_setattr: switch to copy_struct_{to,from}_user() Date: Thu, 5 Sep 2019 06:19:24 +1000 Message-Id: <20190904201933.10736-4-cyphar@cyphar.com> In-Reply-To: <20190904201933.10736-1-cyphar@cyphar.com> References: <20190904201933.10736-1-cyphar@cyphar.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The change is very straightforward, and takes advantage of the (very minor) efficiency improvements in copy_struct_{to,from}_user() -- that the memchr_inv() check is done on a buffer instead of one-at-at-time with get_user() or put_user(). Signed-off-by: Aleksa Sarai --- kernel/sched/core.c | 85 ++++++--------------------------------------- 1 file changed, 10 insertions(+), 75 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 010d578118d6..2f58b07d3468 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -4900,9 +4900,6 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a u32 size; int ret; - if (!access_ok(uattr, SCHED_ATTR_SIZE_VER0)) - return -EFAULT; - /* Zero the full structure, so that a short copy will be nice: */ memset(attr, 0, sizeof(*attr)); @@ -4910,45 +4907,19 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a if (ret) return ret; - /* Bail out on silly large: */ - if (size > PAGE_SIZE) - goto err_size; - /* ABI compatibility quirk: */ if (!size) size = SCHED_ATTR_SIZE_VER0; - if (size < SCHED_ATTR_SIZE_VER0) goto err_size; - /* - * If we're handed a bigger struct than we know of, - * ensure all the unknown bits are 0 - i.e. new - * user-space does not rely on any kernel feature - * extensions we dont know about yet. - */ - if (size > sizeof(*attr)) { - unsigned char __user *addr; - unsigned char __user *end; - unsigned char val; - - addr = (void __user *)uattr + sizeof(*attr); - end = (void __user *)uattr + size; - - for (; addr < end; addr++) { - ret = get_user(val, addr); - if (ret) - return ret; - if (val) - goto err_size; - } - size = sizeof(*attr); + ret = copy_struct_from_user(attr, sizeof(*attr), uattr, size); + if (ret) { + if (ret == -E2BIG) + goto err_size; + return ret; } - ret = copy_from_user(attr, uattr, size); - if (ret) - return -EFAULT; - if ((attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) && size < SCHED_ATTR_SIZE_VER1) return -EINVAL; @@ -5105,51 +5076,15 @@ SYSCALL_DEFINE2(sched_getparam, pid_t, pid, struct sched_param __user *, param) return retval; } -static int sched_read_attr(struct sched_attr __user *uattr, - struct sched_attr *attr, - unsigned int usize) -{ - int ret; - - if (!access_ok(uattr, usize)) - return -EFAULT; - - /* - * If we're handed a smaller struct than we know of, - * ensure all the unknown bits are 0 - i.e. old - * user-space does not get uncomplete information. - */ - if (usize < sizeof(*attr)) { - unsigned char *addr; - unsigned char *end; - - addr = (void *)attr + usize; - end = (void *)attr + sizeof(*attr); - - for (; addr < end; addr++) { - if (*addr) - return -EFBIG; - } - - attr->size = usize; - } - - ret = copy_to_user(uattr, attr, attr->size); - if (ret) - return -EFAULT; - - return 0; -} - /** * sys_sched_getattr - similar to sched_getparam, but with sched_attr * @pid: the pid in question. * @uattr: structure containing the extended parameters. - * @size: sizeof(attr) for fwd/bwd comp. + * @usize: sizeof(attr) for fwd/bwd comp. * @flags: for future extension. */ SYSCALL_DEFINE4(sched_getattr, pid_t, pid, struct sched_attr __user *, uattr, - unsigned int, size, unsigned int, flags) + unsigned int, usize, unsigned int, flags) { struct sched_attr attr = { .size = sizeof(struct sched_attr), @@ -5157,8 +5092,8 @@ SYSCALL_DEFINE4(sched_getattr, pid_t, pid, struct sched_attr __user *, uattr, struct task_struct *p; int retval; - if (!uattr || pid < 0 || size > PAGE_SIZE || - size < SCHED_ATTR_SIZE_VER0 || flags) + if (!uattr || pid < 0 || usize > PAGE_SIZE || + usize < SCHED_ATTR_SIZE_VER0 || flags) return -EINVAL; rcu_read_lock(); @@ -5188,7 +5123,7 @@ SYSCALL_DEFINE4(sched_getattr, pid_t, pid, struct sched_attr __user *, uattr, rcu_read_unlock(); - retval = sched_read_attr(uattr, &attr, size); + retval = copy_struct_to_user(uattr, usize, &attr, sizeof(attr)); return retval; out_unlock: -- 2.23.0