Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2647992ybl; Mon, 20 Jan 2020 06:53:21 -0800 (PST) X-Google-Smtp-Source: APXvYqzIxfxQPqvvOLLl8vMXTgBCQ/MeR0udA1UnFwZ+b4KkalzxHaKVQ/HIL37ltfgnjATFtz9Q X-Received: by 2002:aca:5144:: with SMTP id f65mr13538412oib.5.1579532001342; Mon, 20 Jan 2020 06:53:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579532001; cv=none; d=google.com; s=arc-20160816; b=VQ+Yx6ISMLICYL3hPoAWPwuJi2JSP0PdgU0l1+3weFmjqaLZ1CeTdYMyizlBEs2QVO T5bXgP1cq0Cxm7AHLRpivstxaMYzqxXyr7rm5V24hMmsT/Fqs+Mcb4HWlwU/0kARCkSZ lY1V+yr3wMNZiyDnb6rNIvv9zJkQep/J+aG9UnNr4QUQ3rc83oSMP7oTbtHUxbZmJyHK kjoy7PpYtKP1Z8K5JnWNL39HF/ZTtH0sFlDuw0i9jdG/swckK8AVLmwGxPFC6nOJFQfs z1KbUcS6gnJCd6+1BcZhLlrhDagVo0amRfdepGE3LMRdd6RH2AfGS2W1BDE3NpgqJVKg WKbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=9r7hLAzJ5XLPlBLlLKXbueYWLmX6BTOI1cJJxqLCq6Q=; b=eIvPMrkk7Or7/cCRvX/VUhwdsiw4UUrg/sB/TYnBFSK9DxZm+8Efhc4vWUfDKAZ+GF 70ItJqYu7yBOyKds/61zju58cz2VJv9c4lNLWHqYFwyhZOoo2G7Vp5qNwyhmFqu/o5x7 gI+xIfFMHJgUs+MnWX58CF88UD1EUKAN/UVhSuqe3NpKYuhOD2GV3H1NXAB+0gNtQQNa G5JGCYX/fccPwqCXItXTyr5Xk6XBgQQMG0FdNzSWcDeq2yZjnBjS5fPfgozLRMpwmnGW ueTlC4oisvr7CCm0gQeXoFMrG63FmwwulZ2s1aWZBP7GE/slWea+o+CKWDANSG2u0LMs YFoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=A33lYU15; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 17si22113882otv.149.2020.01.20.06.53.09; Mon, 20 Jan 2020 06:53:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=A33lYU15; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727573AbgATOwC (ORCPT + 99 others); Mon, 20 Jan 2020 09:52:02 -0500 Received: from mail-qk1-f196.google.com ([209.85.222.196]:44269 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726819AbgATOwC (ORCPT ); Mon, 20 Jan 2020 09:52:02 -0500 Received: by mail-qk1-f196.google.com with SMTP id w127so30283525qkb.11 for ; Mon, 20 Jan 2020 06:52:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9r7hLAzJ5XLPlBLlLKXbueYWLmX6BTOI1cJJxqLCq6Q=; b=A33lYU15woJADc37Yd8l/Tk+tXslqR8+HwmIFXwz+bmidG/q0xW1W06s9peuwaoaVe Ku7yw5P2dKxhNoc5JK1uahdePTnEDQ0VixgGWk+DNN4BNPRqkZlcnCo9ea6Euw/cGlWp n9dZjyhlEYgub2FPZHvW1t99RTH6v8GSpiwEBNldm/gilrDWLHUoSf0tWIbMDwGm19Xs zXrFsS4Tts5l3j0i8gO3bschp7mBiVJwLRIPUj/ujGcly/zsuBtiXvIf0k4NJK9DpUxb NUiEAPTOhpjCe+YNV9KDiF1J6/FEfR3GpAkCbymgh6zbUHZu4FLktrzg+xE57vSuymIR LiPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9r7hLAzJ5XLPlBLlLKXbueYWLmX6BTOI1cJJxqLCq6Q=; b=spuRQkddgNmPrzrEVQyki1Qs9Pe6jXpqZely//qnoLeFBxThuLfX4VQE23yaCXP2ic BHtEpIb31PabjM5SKw/Rtjz803KblCUum7V5S0zOglj/1d1OSwJWXw+wutEEIXibXfiO v2cPD63225u8VmG6AtL1NDUTL7xdfFOff8vsez73OiC+xRlFnT5WBGrHzGmYsbaV+76v J7x2RjE8Dcr6lbMhe69wTfMsmytPzoSzhyNAgCq9ADU2e1GX9ALIoXm4GsHzHN7HMxvA UIXT5qIR7FO0BXxUB7Z/3nfpb1yEZZCXpghfatsuPc4gi7fTYIMVpQDae+ibFmmXvt6B gmmQ== X-Gm-Message-State: APjAAAXXMxl0nnnfrgpBCYEkuOYWYxNrnWktYItOYDQxpk30t2YTNNJU uVOH7cQqtjR4EKJrChB14jHtNlVPrQFC5ldAR6EDGQ== X-Received: by 2002:a37:e312:: with SMTP id y18mr52657374qki.250.1579531920632; Mon, 20 Jan 2020 06:52:00 -0800 (PST) MIME-Version: 1.0 References: <20200120141927.114373-1-elver@google.com> <20200120141927.114373-5-elver@google.com> In-Reply-To: <20200120141927.114373-5-elver@google.com> From: Dmitry Vyukov Date: Mon, 20 Jan 2020 15:51:48 +0100 Message-ID: Subject: Re: [PATCH 5/5] copy_to_user, copy_from_user: Use generic instrumented.h To: Marco Elver Cc: paulmck@kernel.org, Andrey Konovalov , Alexander Potapenko , kasan-dev , LKML , Mark Rutland , Will Deacon , Peter Zijlstra , Boqun Feng , Arnd Bergmann , Al Viro , Christophe Leroy , Daniel Axtens , Michael Ellerman , Steven Rostedt , Masami Hiramatsu , Ingo Molnar , Christian Brauner , Daniel Borkmann , cyphar@cyphar.com, Kees Cook , linux-arch Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 20, 2020 at 3:19 PM Marco Elver wrote: > > This replaces the KASAN instrumentation with generic instrumentation, > implicitly adding KCSAN instrumentation support. > > For KASAN no functional change is intended. > > Suggested-by: Arnd Bergmann > Signed-off-by: Marco Elver > --- > include/linux/uaccess.h | 46 +++++++++++++++++++++++++++++------------ > lib/usercopy.c | 14 ++++++++----- > 2 files changed, 42 insertions(+), 18 deletions(-) > > diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h > index 67f016010aad..d3f2d9a8cae3 100644 > --- a/include/linux/uaccess.h > +++ b/include/linux/uaccess.h > @@ -2,9 +2,9 @@ > #ifndef __LINUX_UACCESS_H__ > #define __LINUX_UACCESS_H__ > > +#include > #include > #include > -#include > > #define uaccess_kernel() segment_eq(get_fs(), KERNEL_DS) > > @@ -58,18 +58,26 @@ > static __always_inline __must_check unsigned long > __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) > { > - kasan_check_write(to, n); > + unsigned long res; > + > check_object_size(to, n, false); > - return raw_copy_from_user(to, from, n); > + instrument_copy_from_user_pre(to, n); > + res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_post(to, n, res); > + return res; > } There is also something called strncpy_from_user() that has kasan instrumentation now: https://elixir.bootlin.com/linux/v5.5-rc6/source/lib/strncpy_from_user.c#L117 > static __always_inline __must_check unsigned long > __copy_from_user(void *to, const void __user *from, unsigned long n) > { > + unsigned long res; > + > might_fault(); > - kasan_check_write(to, n); > check_object_size(to, n, false); > - return raw_copy_from_user(to, from, n); > + instrument_copy_from_user_pre(to, n); > + res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_post(to, n, res); > + return res; > } > > /** > @@ -88,18 +96,26 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) > static __always_inline __must_check unsigned long > __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) > { > - kasan_check_read(from, n); > + unsigned long res; > + > check_object_size(from, n, true); > - return raw_copy_to_user(to, from, n); > + instrument_copy_to_user_pre(from, n); > + res = raw_copy_to_user(to, from, n); > + instrument_copy_to_user_post(from, n, res); > + return res; > } > > static __always_inline __must_check unsigned long > __copy_to_user(void __user *to, const void *from, unsigned long n) > { > + unsigned long res; > + > might_fault(); > - kasan_check_read(from, n); > check_object_size(from, n, true); > - return raw_copy_to_user(to, from, n); > + instrument_copy_to_user_pre(from, n); > + res = raw_copy_to_user(to, from, n); > + instrument_copy_to_user_post(from, n, res); > + return res; > } > > #ifdef INLINE_COPY_FROM_USER > @@ -109,8 +125,9 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) > unsigned long res = n; > might_fault(); > if (likely(access_ok(from, n))) { > - kasan_check_write(to, n); > + instrument_copy_from_user_pre(to, n); > res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_post(to, n, res); > } > if (unlikely(res)) > memset(to + (n - res), 0, res); > @@ -125,12 +142,15 @@ _copy_from_user(void *, const void __user *, unsigned long); > static inline __must_check unsigned long > _copy_to_user(void __user *to, const void *from, unsigned long n) > { > + unsigned long res = n; > + > might_fault(); > if (access_ok(to, n)) { > - kasan_check_read(from, n); > - n = raw_copy_to_user(to, from, n); > + instrument_copy_to_user_pre(from, n); > + res = raw_copy_to_user(to, from, n); > + instrument_copy_to_user_post(from, n, res); > } > - return n; > + return res; > } > #else > extern __must_check unsigned long > diff --git a/lib/usercopy.c b/lib/usercopy.c > index cbb4d9ec00f2..1c20d4423b86 100644 > --- a/lib/usercopy.c > +++ b/lib/usercopy.c > @@ -1,6 +1,7 @@ > // SPDX-License-Identifier: GPL-2.0 > -#include > #include > +#include > +#include > > /* out-of-line parts */ > > @@ -10,8 +11,9 @@ unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n > unsigned long res = n; > might_fault(); > if (likely(access_ok(from, n))) { > - kasan_check_write(to, n); > + instrument_copy_from_user_pre(to, n); > res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_post(to, n, res); > } > if (unlikely(res)) > memset(to + (n - res), 0, res); > @@ -23,12 +25,14 @@ EXPORT_SYMBOL(_copy_from_user); > #ifndef INLINE_COPY_TO_USER > unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) > { > + unsigned long res = n; > might_fault(); > if (likely(access_ok(to, n))) { > - kasan_check_read(from, n); > - n = raw_copy_to_user(to, from, n); > + instrument_copy_to_user_pre(from, n); > + res = raw_copy_to_user(to, from, n); > + instrument_copy_to_user_post(from, n, res); > } > - return n; > + return res; > } > EXPORT_SYMBOL(_copy_to_user); > #endif > -- > 2.25.0.341.g760bfbb309-goog >