Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp962773ybe; Thu, 5 Sep 2019 08:23:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqwSANzaIHpWJnDUeUz5O8a25g4ytiELXgZkZk8XTaVk/M9lvXoD2YavXvk6K37CmASIRka+ X-Received: by 2002:a17:902:4d45:: with SMTP id o5mr4083499plh.146.1567697028405; Thu, 05 Sep 2019 08:23:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567697028; cv=none; d=google.com; s=arc-20160816; b=nlrAG/1GCQr4IGI1uO9wSg7NHpr2H8My6+OTL5W5QG9gGQ/DJzEpjsJ2WFE9dqwCmt dXsAu6l9a15D4pARrNi0YfgEh45rBTG7UY9RxTnS8OiOXvYitt/Lz9X/qNltc3sjm2Ro XkGLUR/vmIXs9bgL7ECcA6fRLdHNKE70uGuAljvgUJkmDdsntSUthaAgD2uPYG+eRtlA vRsfQKnin3oqPzrm6MO+2BYQOsXD/5WFLgr6PlUEj8zxekZjwr2jPLe9dKkwFXTdtn9g GGQfBaqWVVElvksBV+QBObSjKLUfkkBjK6/QG/XWuhecZAQws1vLSelOEl77FADd96T1 EdGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=FZQLTiI56V9ejCTERxmKEuoyOsqpXI4ROWUat/u48IQ=; b=gk9w/beiZm2zkhqxurTLMEty3hUo/wWGLVNalV4ziVbb0XViHylsC4GRNc98IIC97y twAEIwgvh3gLLy6N/eTiVWDA7VEYJl93hl0xy/Q1AHgSpxXdBfTelH1sKV3/R1v6YoLv oiTF9jAuMomUtRP56BmrX1vp12dL4PQ4/jXoY9RnwH5vQ3TAvoU/A7JFRx73yQT8SwTV nFoeDPryYzxo+2pFbs7hDZokHfr2pg1tDwj6XFj6S4nctQZ6woKpK7JXJME7R5zn+wh9 9Gq18yeHaCO3jBRv3V/WsGASRZWEbXhFPGBAONm+W/KEirXdaNYROBZQe8azgGsBGPuY kQkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=TmAHYZxq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id gn12si2251538plb.308.2019.09.05.08.23.31; Thu, 05 Sep 2019 08:23:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=TmAHYZxq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388302AbfIELRn (ORCPT + 99 others); Thu, 5 Sep 2019 07:17:43 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:33835 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388292AbfIELRn (ORCPT ); Thu, 5 Sep 2019 07:17:43 -0400 Received: by mail-lj1-f195.google.com with SMTP id x18so2068627ljh.1 for ; Thu, 05 Sep 2019 04:17:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=FZQLTiI56V9ejCTERxmKEuoyOsqpXI4ROWUat/u48IQ=; b=TmAHYZxqRc6xu2le8iULfxikI7ku0uT9OqruTeiVIjBtHlSUVtr7xfmu4YCFlsjTOs Rhq1GYmaO5KwXBXGMlzcAxQ/LcO6e9A60OIH5XcxDVVNn2uwqfJXj5l04xQJTBjas8S+ rezhJDHHi4QSeAmUuvBdnaXdMHr6k1YEDw8fQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=FZQLTiI56V9ejCTERxmKEuoyOsqpXI4ROWUat/u48IQ=; b=HDPBrfZla1c+CKyYE8oZ+E+5YF7vZbtvGbz5xd1dolGvzpPoFwYHyE0hQ7hGMUJI0R BvhN0iv8k84A6qqcgrhyQIFAu2lOxcU/YAqqw0O+9V2z+/0u3Agl6FA5saDrN0/+7Kke oy4/7xD5TF9Hd4GCh0V30tkfX+IWahGLwlHCJL+BRm+UpOVrOsU85RzljoxuDN6s5+ZX n4U1XeM+O+5lJQ0QKqX7ZghSA/wX6D4QvSry5qmFZQGMyRXu+p6EmAyLxTQyJ3p6Xgho jUT1aiOgkhUPmqsGngFQR0pnOhZrZ2rJC3P/bU4dzmOVw6A9G0phwYdaaB+Db5oxCHKs T9jg== X-Gm-Message-State: APjAAAXPvGMP4DUHKCp2SO6lGbgJL0XxLA7e/WpZB5S4Mv+0+3V4qIYn CVSJ3rEQM9TgawUuX0ZAmhLarw== X-Received: by 2002:a2e:5418:: with SMTP id i24mr1705390ljb.126.1567682261376; Thu, 05 Sep 2019 04:17:41 -0700 (PDT) Received: from [172.16.11.28] ([81.216.59.226]) by smtp.gmail.com with ESMTPSA id l3sm377157lfc.31.2019.09.05.04.17.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Sep 2019 04:17:40 -0700 (PDT) Subject: Re: [PATCH v12 01/12] lib: introduce copy_struct_{to,from}_user helpers To: Christian Brauner , Aleksa Sarai Cc: Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Shuah Khan , Shuah Khan , Ingo Molnar , Peter Zijlstra , Christian Brauner , Eric Biederman , Andy Lutomirski , Andrew Morton , Alexei Starovoitov , Kees Cook , Jann Horn , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Aleksa Sarai , Linus Torvalds , containers@lists.linux-foundation.org, linux-alpha@vger.kernel.org, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-ia64@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, linux-xtensa@linux-xtensa.org, sparclinux@vger.kernel.org References: <20190904201933.10736-1-cyphar@cyphar.com> <20190904201933.10736-2-cyphar@cyphar.com> <20190905110544.d6c5t7rx25kvywmi@wittgenstein> From: Rasmus Villemoes Message-ID: Date: Thu, 5 Sep 2019 13:17:38 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190905110544.d6c5t7rx25kvywmi@wittgenstein> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/09/2019 13.05, Christian Brauner wrote: > On Thu, Sep 05, 2019 at 06:19:22AM +1000, Aleksa Sarai wrote: >> + if (unlikely(!access_ok(dst, usize))) >> + return -EFAULT; >> + >> + /* Deal with trailing bytes. */ >> + if (usize < ksize) { >> + if (memchr_inv(src + size, 0, rest)) >> + return -EFBIG; >> + } else if (usize > ksize) { >> + if (__memzero_user(dst + size, rest)) >> + return -EFAULT; > > Is zeroing that memory really our job? Seems to me we should just check > it is zeroed. Of course it is, otherwise you'd require userspace to clear the output buffer it gives us, which in the majority of cases is wasted work. It's much easier to reason about if we just say "the kernel populates [uaddr, uaddr + usize)". It's completely symmetric to copy_struct_from_user doing a memset() of the tail of the kernel buffer in case of ksize>usize - you wouldn't want to require the kernel callers to pass a zeroed buffer to copy_struct_from_user() - it's just that when we memset(__user*), there's an error check to do. Rasmus