Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1894889ybn;
        Thu, 26 Sep 2019 03:57:41 -0700 (PDT)
X-Google-Smtp-Source: APXvYqw6ekWKzp/LlBC447fCUSuTq6i/3qnaSJJoMFGtC7BY8uWPfoLRf0MNLDGgwbgPnqQXveaI
X-Received: by 2002:aa7:c616:: with SMTP id h22mr616849edq.96.1569495461246;
        Thu, 26 Sep 2019 03:57:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569495461; cv=none;
        d=google.com; s=arc-20160816;
        b=ldOUQVKJqvuE8nBkKEHSzxBQSlM80AgRcdreXr0P9K+J7tTy1hHjXxaPfuHqGJgEVV
         HY15c5/0+hHMZAign/lzT/sNxKCPKOaAsIY4ccyae9v2hTW5ZVCTSKxG8xbsthAOduVO
         +lypK2mKPvfK8lWvy4IeqWgQEw9r8wGLEtsWTr7mCw4dsQtbS8mWR2TO5Z5r8mAcTQ7U
         ZkNiyHWykXyel4JjKVCiY4ePP3Kz72JO7XbaF/JHQFiPb5Gmq2KFa1XluQ3yqP3OcaGz
         PjE8iq5BB9TK3dOe3ycXvHLHyUHBtPsvc47Km8G/FFd+ZTwke0tnhGgp/5MxxYVBNwRe
         kLYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=fZ0+C/mgAOFdF1Z011LA+gcj1Y24513WeelG2tuk2zk=;
        b=0Mpjxep9fBn87tkHpb27jfyJ8yBEQ7UZ8dpEpZIzwODSJvZMTIqr6g3tVKwfSdEXNQ
         ux30XKumfj39IiMPe3E2W1YxpbCM1rHy5tAPpKubWBMH6nyMs50hg/hcuagxxR9Ofsdr
         aN10B4Z6/MrrK2iCjoGjEgFLEDBaSFzMmm6izINiwzvUGkJVBY70UzXG3KvytmznvILp
         OB2Xqrff7H9emtO+QNdOlcLEAkxYI3je1Ym8VtpZdqMQ1dkcA57FIwpl8VvHaJEUMZ+v
         cYYH4Lh3B796KPQkHqqp5Q4MIotmhFr+2zsgoV/qc9GuLWW/nd0hs5V3YBKthUixRZas
         1mlA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w43si1113755edd.332.2019.09.26.03.57.15;
        Thu, 26 Sep 2019 03:57:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730924AbfIYXEz (ORCPT <rfc822;ayiehere@gmail.com> + 99 others);
        Wed, 25 Sep 2019 19:04:55 -0400
Received: from mx2.mailbox.org ([80.241.60.215]:28370 "EHLO mx2.mailbox.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726114AbfIYXEz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 Sep 2019 19:04:55 -0400
Received: from smtp2.mailbox.org (smtp1.mailbox.org [80.241.60.240])
        (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
        (No client certificate requested)
        by mx2.mailbox.org (Postfix) with ESMTPS id 0BD53A012D;
        Thu, 26 Sep 2019 01:04:53 +0200 (CEST)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp2.mailbox.org ([80.241.60.240])
        by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030)
        with ESMTP id kO7xxPjyD2R1; Thu, 26 Sep 2019 01:04:49 +0200 (CEST)
From:   Aleksa Sarai <cyphar@cyphar.com>
To:     Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Jiri Olsa <jolsa@redhat.com>,
        Namhyung Kim <namhyung@kernel.org>,
        Christian Brauner <christian@brauner.io>
Cc:     Aleksa Sarai <cyphar@cyphar.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        libc-alpha@sourceware.org, linux-api@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH v2 3/4] sched_setattr: switch to copy_struct_from_user()
Date:   Thu, 26 Sep 2019 01:03:31 +0200
Message-Id: <20190925230332.18690-4-cyphar@cyphar.com>
In-Reply-To: <20190925230332.18690-1-cyphar@cyphar.com>
References: <20190925230332.18690-1-cyphar@cyphar.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The change is very straightforward, and helps unify the syscall
interface for struct-from-userspace syscalls. Ideally we could also
unify sched_getattr(2)-style syscalls as well, but unfortunately the
correct semantics for such syscalls are much less clear (see [1] for
more detail). In future we could come up with a more sane idea for how
the syscall interface should look.

[1]: commit 1251201c0d34 ("sched/core: Fix uclamp ABI bug, clean up and
     robustify sched_read_attr() ABI logic and code")

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 kernel/sched/core.c | 43 +++++++------------------------------------
 1 file changed, 7 insertions(+), 36 deletions(-)

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index df9f1fe5689b..cdb2f5e29b88 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4900,9 +4900,6 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a
 	u32 size;
 	int ret;
 
-	if (!access_ok(uattr, SCHED_ATTR_SIZE_VER0))
-		return -EFAULT;
-
 	/* Zero the full structure, so that a short copy will be nice: */
 	memset(attr, 0, sizeof(*attr));
 
@@ -4910,45 +4907,19 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a
 	if (ret)
 		return ret;
 
-	/* Bail out on silly large: */
-	if (size > PAGE_SIZE)
-		goto err_size;
-
 	/* ABI compatibility quirk: */
 	if (!size)
 		size = SCHED_ATTR_SIZE_VER0;
-
-	if (size < SCHED_ATTR_SIZE_VER0)
+	if (size < SCHED_ATTR_SIZE_VER0 || size > PAGE_SIZE)
 		goto err_size;
 
-	/*
-	 * If we're handed a bigger struct than we know of,
-	 * ensure all the unknown bits are 0 - i.e. new
-	 * user-space does not rely on any kernel feature
-	 * extensions we dont know about yet.
-	 */
-	if (size > sizeof(*attr)) {
-		unsigned char __user *addr;
-		unsigned char __user *end;
-		unsigned char val;
-
-		addr = (void __user *)uattr + sizeof(*attr);
-		end  = (void __user *)uattr + size;
-
-		for (; addr < end; addr++) {
-			ret = get_user(val, addr);
-			if (ret)
-				return ret;
-			if (val)
-				goto err_size;
-		}
-		size = sizeof(*attr);
+	ret = copy_struct_from_user(attr, sizeof(*attr), uattr, size);
+	if (ret) {
+		if (ret == -E2BIG)
+			goto err_size;
+		return ret;
 	}
 
-	ret = copy_from_user(attr, uattr, size);
-	if (ret)
-		return -EFAULT;
-
 	if ((attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) &&
 	    size < SCHED_ATTR_SIZE_VER1)
 		return -EINVAL;
@@ -5148,7 +5119,7 @@ sched_attr_copy_to_user(struct sched_attr __user *uattr,
  * sys_sched_getattr - similar to sched_getparam, but with sched_attr
  * @pid: the pid in question.
  * @uattr: structure containing the extended parameters.
- * @usize: sizeof(attr) that user-space knows about, for forwards and backwards compatibility.
+ * @usize: sizeof(attr) for fwd/bwd comp.
  * @flags: for future extension.
  */
 SYSCALL_DEFINE4(sched_getattr, pid_t, pid, struct sched_attr __user *, uattr,
-- 
2.23.0