Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4674847ybl; Mon, 3 Feb 2020 23:40:26 -0800 (PST) X-Google-Smtp-Source: APXvYqyTpOdU6gdIwGAZ23fpKKMD/Hyu5SuGkq7oW8BWf2IwV3hy0IqAbtblygVqo7DJxaJ8NRIg X-Received: by 2002:a05:6830:612:: with SMTP id w18mr21567720oti.160.1580802026751; Mon, 03 Feb 2020 23:40:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580802026; cv=none; d=google.com; s=arc-20160816; b=hS4/aTaajHUcsAKEXCWBvCeAhj/5r11PpBylDqPyjdU2f+UFfneZB04ZRlYWilUoMl xWNNwKB/hVssEpmsdbs5RHxMWe7TEXqmsl3dhlC/YQZVAh0HWQ1qLYqVW7G1dWtXXSGG Gqc6fOnSghv+6qE8dN7VJB14mDoUwkAgDLn3qua3yEOWEO/Uk2CDwpTBlRuVnIymafCY rw4x1AaTeOzhf2rxqK7F7k3eVJ6pLbYe6InyxM1gl7ste80Tnj0ga2IcJK6l5d0utW8u 7IEeosdnQL6jPgQNBLlNYQL7QzOcH2ozumzm4UFidP63K8FodlIZmYMAyt0GHAYCIZlF tZaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:date:cc:to:subject:from:message-id :dkim-signature; bh=2rd8qlLlpkX1BdaONPB2UupCXZuKoBgAK38pBszsWNk=; b=U2JP18gzmxfzsviAspPfyLOgNWkT+7DjnU1feN+/++42HJt5yUjz1vtlyiJ5YQPOvs 7cL4hf4H88XXxvlIA+YuFVrX/+zBMfGzhNi3wNcHeF1MspnGjPT6l7D5tZvQpHASuecQ KkRm3hd6kiIxlL4kmRDDHuRV0s+vjTgrnlx71mDmzZ/+MPWy6P1meR1EX3wfiVV7WQzB Ya3cmPiB84YQAnGJ6EMHD18m70BLRr6CMN9PLHPAxf6LtRZXRJbuw9tooMQ0rO/AHUNF 1IcmKo5q2QzW94ToL9FOIfpUngAgPACzv0dAcbQpSgr+cS8k+dnVZp7cYhcTHatgj/VS KFJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=YJvzz9xk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 194si10003789oii.2.2020.02.03.23.40.14; Mon, 03 Feb 2020 23:40:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=YJvzz9xk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727084AbgBDHhz (ORCPT + 99 others); Tue, 4 Feb 2020 02:37:55 -0500 Received: from pegase1.c-s.fr ([93.17.236.30]:55499 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725834AbgBDHhz (ORCPT ); Tue, 4 Feb 2020 02:37:55 -0500 Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 48Bc404254z9vC1Z; Tue, 4 Feb 2020 08:37:52 +0100 (CET) Authentication-Results: localhost; dkim=pass reason="1024-bit key; insecure key" header.d=c-s.fr header.i=@c-s.fr header.b=YJvzz9xk; dkim-adsp=pass; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id 36ijhWjZF_9L; Tue, 4 Feb 2020 08:37:52 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 48Bc402ltrz9vC1c; Tue, 4 Feb 2020 08:37:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail; t=1580801872; bh=2rd8qlLlpkX1BdaONPB2UupCXZuKoBgAK38pBszsWNk=; h=From:Subject:To:Cc:Date:From; b=YJvzz9xkMOFYsr6EVEph5R1Myd4IiyaKhRFL67S2BQUsqvlgCqfz66/3auiBINhmM mJ3yt6dXJV6UpkZeUFB3+XRdJKyi/L2WgqMUqbdqxn41K4F2kSN3j02BFZ8M4bonOg AouTrITGEKao7/tBHhmeuoRrUk5oCB94TXvcyfQA= Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 51D8C8B7B6; Tue, 4 Feb 2020 08:37:53 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id T9QVY0qwbEkJ; Tue, 4 Feb 2020 08:37:53 +0100 (CET) Received: from po14934vm.idsi0.si.c-s.fr (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 0ABF68B755; Tue, 4 Feb 2020 08:37:53 +0100 (CET) Received: by po14934vm.idsi0.si.c-s.fr (Postfix, from userid 0) id 8AEA7652B3; Tue, 4 Feb 2020 07:37:52 +0000 (UTC) Message-Id: From: Christophe Leroy Subject: [PATCH 1/4] uaccess: Add user_read_access_begin/end and user_write_access_begin/end To: Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Date: Tue, 4 Feb 2020 07:37:52 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Some architectures like powerpc64 have the capability to separate read access and write access protection. For get_user() and copy_from_user(), powerpc64 only open read access. For put_user() and copy_to_user(), powerpc64 only open write access. But when using unsafe_get_user() or unsafe_put_user(), user_access_begin open both read and write. In order to avoid any risk based of hacking some variable parameters passed to user_access_begin/end that would allow hacking and leaving user access open or opening too much, it is preferable to use dedicated static functions that can't be overridden. Add a user_read_access_begin and user_read_access_end to only open read access. Add a user_write_access_begin and user_write_access_end to only open write access. By default, when undefined, those new access helpers default on the existing user_access_begin and user_access_end. Signed-off-by: Christophe Leroy --- include/linux/uaccess.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 67f016010aad..9861c89f93be 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -378,6 +378,14 @@ extern long strnlen_unsafe_user(const void __user *unsafe_addr, long count); static inline unsigned long user_access_save(void) { return 0UL; } static inline void user_access_restore(unsigned long flags) { } #endif +#ifndef user_write_access_begin +#define user_write_access_begin user_access_begin +#define user_write_access_end user_access_end +#endif +#ifndef user_read_access_begin +#define user_read_access_begin user_access_begin +#define user_read_access_end user_access_end +#endif #ifdef CONFIG_HARDENED_USERCOPY void usercopy_warn(const char *name, const char *detail, bool to_user, -- 2.25.0