Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp7438772ybn;
        Mon, 30 Sep 2019 13:59:15 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx1vIHV4hO1PHoT7xv7jKICzQmcxY65T398XY+353/vIAZje2uNgnsBRcqdX+p8vqTd1B30
X-Received: by 2002:a50:d903:: with SMTP id t3mr21348427edj.117.1569877155169;
        Mon, 30 Sep 2019 13:59:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569877155; cv=none;
        d=google.com; s=arc-20160816;
        b=fo/1NB0PIgs+YxOcH4jfDx2O5ubNSD8vswO7R1U8rKzIEVpf5/WpPnFB9etXP9rPHV
         Bwfj64anm1Mp+a+4ungs7fmWd2Q5EhKLDzNCt87AmGTNZgKPtv+0+XCri8yVWGyeBE0U
         R+YgcOuiB+fZzxi7tyanSGnxqf6DsNnLaBlcZBukdwa0fmi6dKo+u9evpDGnXK1AjQNq
         DgguJLz880rqF0dSdZu3N40AM2ed9KWlelcHwQOD2EnmBLmogbJUMoM8GzyDTWwgm7tb
         NxgZZBcotCD3oq9ExNqtHqrFXur+xFYd7T5DlhNFlmeccxRtpXx7yf9LPA/RRZ4ZKM15
         LtiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=IfJNljovg+2urNNRtlWIEngymLFKNbIkmMeg2nRlluU=;
        b=RSSRsB50X0pKsvBSgHqxjftY9C1gsNVmOXC/gX2v2dQg27xsSoaJcNbf4HcbhJNzf1
         tXqPoXbcZQCGveV5QV77CxRT3Qu4iKLgT2uqqXbtO0rmP7W+86IRHy81umm62fzx04+A
         FRqP+90RhNKvML0wce8VF2dMN6kYG/v3FMe7O3gH3QgSxfXBt2QivZeU32tSPgDENxR1
         Ru2JxDPBfU9QMSWXjnzhR0iai9UNz8Juqw00tthEYvYW0y++9EDqo2Wns4J9b5IEJ0KY
         pHiVETvTSVg/3gUzmWe5y9VNeG3BOkTKJ+fxEVjp3Zv3/fwn+5nA6u9+AbU6IKeWMv9b
         o9Gw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v10si8227448edc.224.2019.09.30.13.58.50;
        Mon, 30 Sep 2019 13:59:15 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731923AbfI3U6S (ORCPT <rfc822;7819ynot@gmail.com> + 99 others);
        Mon, 30 Sep 2019 16:58:18 -0400
Received: from mx2.mailbox.org ([80.241.60.215]:54492 "EHLO mx2.mailbox.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727720AbfI3U6P (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 30 Sep 2019 16:58:15 -0400
Received: from smtp2.mailbox.org (smtp1.mailbox.org [80.241.60.240])
        (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
        (No client certificate requested)
        by mx2.mailbox.org (Postfix) with ESMTPS id 9BD9BA19E0;
        Mon, 30 Sep 2019 20:29:01 +0200 (CEST)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp2.mailbox.org ([80.241.60.240])
        by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de [80.241.56.122]) (amavisd-new, port 10030)
        with ESMTP id WwW3ga-GIaWF; Mon, 30 Sep 2019 20:28:58 +0200 (CEST)
From:   Aleksa Sarai <cyphar@cyphar.com>
To:     Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Alexander Shishkin <alexander.shishkin@linux.intel.com>,
        Jiri Olsa <jolsa@redhat.com>,
        Namhyung Kim <namhyung@kernel.org>,
        Christian Brauner <christian@brauner.io>,
        Kees Cook <keescook@chromium.org>
Cc:     Aleksa Sarai <cyphar@cyphar.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        libc-alpha@sourceware.org, linux-api@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH v3 3/4] sched_setattr: switch to copy_struct_from_user()
Date:   Tue,  1 Oct 2019 04:28:09 +1000
Message-Id: <20190930182810.6090-4-cyphar@cyphar.com>
In-Reply-To: <20190930182810.6090-1-cyphar@cyphar.com>
References: <20190930182810.6090-1-cyphar@cyphar.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The change is very straightforward, and helps unify the syscall
interface for struct-from-userspace syscalls. Ideally we could also
unify sched_getattr(2)-style syscalls as well, but unfortunately the
correct semantics for such syscalls are much less clear (see [1] for
more detail). In future we could come up with a more sane idea for how
the syscall interface should look.

[1]: commit 1251201c0d34 ("sched/core: Fix uclamp ABI bug, clean up and
     robustify sched_read_attr() ABI logic and code")

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 kernel/sched/core.c | 43 +++++++------------------------------------
 1 file changed, 7 insertions(+), 36 deletions(-)

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 7880f4f64d0e..dd05a378631a 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -5106,9 +5106,6 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a
 	u32 size;
 	int ret;
 
-	if (!access_ok(uattr, SCHED_ATTR_SIZE_VER0))
-		return -EFAULT;
-
 	/* Zero the full structure, so that a short copy will be nice: */
 	memset(attr, 0, sizeof(*attr));
 
@@ -5116,45 +5113,19 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a
 	if (ret)
 		return ret;
 
-	/* Bail out on silly large: */
-	if (size > PAGE_SIZE)
-		goto err_size;
-
 	/* ABI compatibility quirk: */
 	if (!size)
 		size = SCHED_ATTR_SIZE_VER0;
-
-	if (size < SCHED_ATTR_SIZE_VER0)
+	if (size < SCHED_ATTR_SIZE_VER0 || size > PAGE_SIZE)
 		goto err_size;
 
-	/*
-	 * If we're handed a bigger struct than we know of,
-	 * ensure all the unknown bits are 0 - i.e. new
-	 * user-space does not rely on any kernel feature
-	 * extensions we dont know about yet.
-	 */
-	if (size > sizeof(*attr)) {
-		unsigned char __user *addr;
-		unsigned char __user *end;
-		unsigned char val;
-
-		addr = (void __user *)uattr + sizeof(*attr);
-		end  = (void __user *)uattr + size;
-
-		for (; addr < end; addr++) {
-			ret = get_user(val, addr);
-			if (ret)
-				return ret;
-			if (val)
-				goto err_size;
-		}
-		size = sizeof(*attr);
+	ret = copy_struct_from_user(attr, sizeof(*attr), uattr, size);
+	if (ret) {
+		if (ret == -E2BIG)
+			goto err_size;
+		return ret;
 	}
 
-	ret = copy_from_user(attr, uattr, size);
-	if (ret)
-		return -EFAULT;
-
 	if ((attr->sched_flags & SCHED_FLAG_UTIL_CLAMP) &&
 	    size < SCHED_ATTR_SIZE_VER1)
 		return -EINVAL;
@@ -5354,7 +5325,7 @@ sched_attr_copy_to_user(struct sched_attr __user *uattr,
  * sys_sched_getattr - similar to sched_getparam, but with sched_attr
  * @pid: the pid in question.
  * @uattr: structure containing the extended parameters.
- * @usize: sizeof(attr) that user-space knows about, for forwards and backwards compatibility.
+ * @usize: sizeof(attr) for fwd/bwd comp.
  * @flags: for future extension.
  */
 SYSCALL_DEFINE4(sched_getattr, pid_t, pid, struct sched_attr __user *, uattr,
-- 
2.23.0