Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp408099ybl; Thu, 23 Jan 2020 00:35:27 -0800 (PST) X-Google-Smtp-Source: APXvYqx3LTw3UlxBnDZV841eji0jtSpQeH90My+kPikPRe84pfcdWoqhHaP+XqXxnL0e408QGXWb X-Received: by 2002:aca:5bd6:: with SMTP id p205mr9989853oib.132.1579768527146; Thu, 23 Jan 2020 00:35:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579768527; cv=none; d=google.com; s=arc-20160816; b=yEQcd/i2bD+k3rUL8AN7uvyySOhADcv0UrBdQjFZBuI/iQEs3EeGKEIOpe7XzAIIYc eVnC1IdAkmC8ARZT1YatKvmfdv6AU3F0f4Jvis+ENXLW/GRfn7NDDhglfMpocj/t5Oah OWBX7Xba/4uK9+cqybzXFnGHAyVFNPOFn/unQYEe+zcAbazsKLnRFeLik24AQdBPuaVg 3dmGRPKqUzCXWN6FJnmHAz2yJoSqw2sAiCsr8SRZb6Rq7iPISqlaWuXk6yXdv6KHm4rv +syb/r5G0apXGT32AqlL0e79Guk3HN/2YJhaPkeuDzYWOb2rgPgEuRPvmF13wQzh+Iy9 Pg+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:date:cc:to:subject:from:message-id :dkim-signature; bh=SuuyRp8TxqDqTDz2CmZWzJ4P0VFf/WdzfLFxbafuqSc=; b=jc/d7rR/lEgBI4xGs+v0HKNj7bPlmYIpC0wJioF8FgwJqTQ5eLa+jwgGjSCL5SAFG5 TxvHO9LXUOLEL3qgWaOR7NsqDX9WnTw4Pzo6je7KwNZX4ejTXCHtlAv+/LF4SLUJb4E6 5/51l8dYleqaVVZ5mXBYwLeIDnlL+s0eerPS9pA8+FffkJR97tSNmMnz0VbpPRB5uKOi xvW4GHB+KScDnoNzHz/sg+SE7e8DrMyqr7Sej0VYUdQo65wP5Vg+BCJuHZ+hgWh37Go3 /MAQjHeuOEw70pOTxP1kEj2bUC2ofaQC//Idd/GEKnTVztlh9aTDOQ/xi0jDXYiLHXXN YXUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=VJhyd7m5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d17si552671oij.136.2020.01.23.00.35.15; Thu, 23 Jan 2020 00:35:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=VJhyd7m5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726621AbgAWIeV (ORCPT + 99 others); Thu, 23 Jan 2020 03:34:21 -0500 Received: from pegase1.c-s.fr ([93.17.236.30]:53508 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726061AbgAWIeU (ORCPT ); Thu, 23 Jan 2020 03:34:20 -0500 Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 483Ftd6YcJz9v0nG; Thu, 23 Jan 2020 09:34:17 +0100 (CET) Authentication-Results: localhost; dkim=pass reason="1024-bit key; insecure key" header.d=c-s.fr header.i=@c-s.fr header.b=VJhyd7m5; dkim-adsp=pass; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id s6kfSvP7omNZ; Thu, 23 Jan 2020 09:34:17 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 483Ftd5RRQz9v0nF; Thu, 23 Jan 2020 09:34:17 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail; t=1579768457; bh=SuuyRp8TxqDqTDz2CmZWzJ4P0VFf/WdzfLFxbafuqSc=; h=From:Subject:To:Cc:Date:From; b=VJhyd7m5N4qWSzYQzHc1PrEAr5TH3GI5PWyfsh0XvauwD0uXus55aoTicNodSsj8Z q14mPYXU30StB2z61t/g7mgYd5eA976ybqFGYwrck0m/etWJiJXMJH6AVXkIa2Ituj FMgJssGQhUAOYxdEfmiskGw9rJzsrpU8OelGHq6M= Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 987788B81C; Thu, 23 Jan 2020 09:34:18 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id c3No3HiXxe0b; Thu, 23 Jan 2020 09:34:18 +0100 (CET) Received: from po14934vm.idsi0.si.c-s.fr (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 62DC68B75B; Thu, 23 Jan 2020 09:34:18 +0100 (CET) Received: by po14934vm.idsi0.si.c-s.fr (Postfix, from userid 0) id 1FA976380D; Thu, 23 Jan 2020 08:34:17 +0000 (UTC) Message-Id: <70f99f7474826883877e84f93224e937d9c974de.1579767339.git.christophe.leroy@c-s.fr> From: Christophe Leroy Subject: [PATCH] lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() To: Linus Torvalds , Andrew Morton Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org Date: Thu, 23 Jan 2020 08:34:18 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The range passed to user_access_begin() by strncpy_from_user() and strnlen_user() starts at 'src' and goes up to the limit of userspace allthough reads will be limited by the 'count' param. On 32 bits powerpc (book3s/32) access has to be granted for each 256Mbytes segment and the cost increases with the number of segments to unlock. Limit the range with 'count' param. Fixes: 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'") Signed-off-by: Christophe Leroy --- lib/strncpy_from_user.c | 14 +++++++------- lib/strnlen_user.c | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index dccb95af6003..706020b06617 100644 --- a/lib/strncpy_from_user.c +++ b/lib/strncpy_from_user.c @@ -30,13 +30,6 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; unsigned long res = 0; - /* - * Truncate 'max' to the user-specified limit, so that - * we only have one limit we need to check in the loop - */ - if (max > count) - max = count; - if (IS_UNALIGNED(src, dst)) goto byte_at_a_time; @@ -114,6 +107,13 @@ long strncpy_from_user(char *dst, const char __user *src, long count) unsigned long max = max_addr - src_addr; long retval; + /* + * Truncate 'max' to the user-specified limit, so that + * we only have one limit we need to check in the loop + */ + if (max > count) + max = count; + kasan_check_write(dst, count); check_object_size(dst, count, false); if (user_access_begin(src, max)) { diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c index 6c0005d5dd5c..41670d4a5816 100644 --- a/lib/strnlen_user.c +++ b/lib/strnlen_user.c @@ -26,13 +26,6 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, unsigned long align, res = 0; unsigned long c; - /* - * Truncate 'max' to the user-specified limit, so that - * we only have one limit we need to check in the loop - */ - if (max > count) - max = count; - /* * Do everything aligned. But that means that we * need to also expand the maximum.. @@ -109,6 +102,13 @@ long strnlen_user(const char __user *str, long count) unsigned long max = max_addr - src_addr; long retval; + /* + * Truncate 'max' to the user-specified limit, so that + * we only have one limit we need to check in the loop + */ + if (max > count) + max = count; + if (user_access_begin(str, max)) { retval = do_strnlen_user(str, count, max); user_access_end(); -- 2.25.0