Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp2110076ybn; Thu, 26 Sep 2019 07:11:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqww8qhIB/4jjuwBaU4j+L//xeIjh0ulEEE1D6m9hMmkRqIkLUmvwu4Ynelb9G7fPvNsyoFn X-Received: by 2002:a50:ed8e:: with SMTP id h14mr3837592edr.69.1569507095796; Thu, 26 Sep 2019 07:11:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569507095; cv=none; d=google.com; s=arc-20160816; b=lfK9bKjyw6mYZe/Sa4i8AJePJZ49fUuRvCD3NeM4y8/Rb0bSb8LXoPLQgwFT0kHLuV cxDK5URGudbt6qPq0fRwkUsulpPAXwMkD56eTs9r+Q79s2pEkiU+3F5da2siQhtBvuP7 6CKajqTsuzaIIls8WDNI76XEkUV2doDw4WL3cXU1C3Oy2TFFPGZNS3zmCe41xHz4/Mr/ yPhenVzIha8j9LT9qlwcZ9Kj4j/3GVw+v4M9nd0NCQPYQtZvtfO3iFnyTyM+fZnCXRZ1 djQQw0E+9PoWsD6Q6uWBALM0uuzctUCCRMziDqKUbwb2bWMgpFpvlGzPe7xvg4ADp+GU HOYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=XgMyhLCB3/0/URBCc/C1h2ku/+GkDrib3gJYGs9zt7Q=; b=kpygY4kWi4mMUhAZVe4mV81zObhsu0drLN36L6Dg7KJmQ7qT5pySJXEdPNyfZMoPKf fwl/09JYynVyXNOeADTfCnCnR+pq2XXoNWHQfgUHKhwAIPdKyCi+RsC2ipS4wBSzZzRQ 0MC02groCfLq6BowHsurs/rJLrcZMXIdOLgmIUNSkYg+MRVyHi6bhhHas83Th18W6BQg gIcno1h+PJM+hSA+vgF4dU1zyizgq0C19gsi0dd2TnbVEjDdCkkCBtOh4RveVl/K5X9T 8ov+Y+iiOLq7tSUDQPTC7bxItRhWJo6qLY5WEuP2dQyXnWqcBJyOEcQo5Sr/cLC/g7lx 1lRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Wb3tv2Cc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id qn24si1077850ejb.200.2019.09.26.07.11.10; Thu, 26 Sep 2019 07:11:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Wb3tv2Cc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727076AbfIZOIw (ORCPT + 99 others); Thu, 26 Sep 2019 10:08:52 -0400 Received: from mail.skyhub.de ([5.9.137.197]:34502 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726094AbfIZOIw (ORCPT ); Thu, 26 Sep 2019 10:08:52 -0400 Received: from zn.tnic (p200300EC2F0C9800AD9F87A1CF14B2BF.dip0.t-ipconnect.de [IPv6:2003:ec:2f0c:9800:ad9f:87a1:cf14:b2bf]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id AFE911EC064F; Thu, 26 Sep 2019 16:08:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1569506930; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=XgMyhLCB3/0/URBCc/C1h2ku/+GkDrib3gJYGs9zt7Q=; b=Wb3tv2Cc8ExZ4mxRfqD0cFE6c4eSdRZE/Ldngch/EaP1yIunzhCZsLKV9DNjzmbCg+L27Q 3UPsj7iYNdptJnH7y6+oznwWl3ETCjOFmrcXvBreoq8j1jXrvUFlDihyBbmDk9e+M+Ggll 5j1un+P+AhR9oIn5yVKElRzoRhGGa6s= Date: Thu, 26 Sep 2019 16:08:50 +0200 From: Borislav Petkov To: Andy Lutomirski Cc: Thomas Gleixner , Al Viro , Arthur Gautier , Jann Horn , the arch/x86 maintainers , Ingo Molnar , kernel list , Pascal Bouchareine Subject: Re: [PATCH] x86: uaccess: fix regression in unsafe_get_user Message-ID: <20190926140850.GC18383@zn.tnic> References: <20190215235901.23541-1-baloo@gandi.net> <4F2693EA-1553-4F09-9475-781305540DBC@amacapital.net> <20190216234702.GP2217@ZenIV.linux.org.uk> <20190217034121.bs3q3sgevexmdt3d@khany> <20190217042201.GU2217@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 18, 2019 at 11:15:44AM -0800, Andy Lutomirski wrote: > diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c > index 58eacd41526c..709d6efe0d42 100644 > --- a/lib/strncpy_from_user.c > +++ b/lib/strncpy_from_user.c > @@ -10,12 +10,7 @@ > #include > #include > > -#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS > -#define IS_UNALIGNED(src, dst) 0 > -#else > -#define IS_UNALIGNED(src, dst) \ > - (((long) dst | (long) src) & (sizeof(long) - 1)) > -#endif > +#define IS_UNALIGNED(addr) (((long)(addr)) & (sizeof(long) - 1)) > > /* > * Do a strncpy, return length of string without final '\0'. > @@ -35,14 +30,39 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, long > if (max > count) > max = count; > > - if (IS_UNALIGNED(src, dst)) > + /* > + * First handle any unaligned prefix of src. > + */ > + while (max && IS_UNALIGNED(src+res)) { put spaces around the '+', below too. > + char c; > + > + unsafe_get_user(c, src+res, efault); > + dst[res] = c; > + if (!c) > + return res; > + res++; > + max--; > + } > + > + /* > + * Now we know that src + res is aligned. If dst is unaligned and > + * we don't have efficient unaligned access, then keep going one > + * byte at a time. (This could be optimized, but it would make > + * the code more complicated. > + */ > +#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS > + if (IS_UNALIGNED(dst + res)) > goto byte_at_a_time; > +#endif > > while (max >= sizeof(unsigned long)) { > + /* > + * src + res is aligned, so the reads in this loop will > + * not cross a page boundary. > + */ > unsigned long c, data; > > - /* Fall back to byte-at-a-time if we get a page fault */ > - unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time); > + unsafe_get_user(c, (unsigned long __user *)(src+res), efault); > > *(unsigned long *)(dst+res) = c; > if (has_zero(c, &data, &constants)) { > @@ -54,7 +74,9 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, long > max -= sizeof(unsigned long); > } > > -byte_at_a_time: You can't remove that label - the ifndef above. > + /* > + * Finish the job one byte at a time. > + */ > while (max) { > char c; -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette