Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp141243ybz; Thu, 30 Apr 2020 18:12:01 -0700 (PDT) X-Google-Smtp-Source: APiQypJTn5xH1NGGushXQ19P5G27IWxpPCNor21LoEy3TUXMAcgjL0vnwQu3Dbj6dd0BvrdP+UI5 X-Received: by 2002:a17:906:5601:: with SMTP id f1mr1130250ejq.152.1588295520871; Thu, 30 Apr 2020 18:12:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588295520; cv=none; d=google.com; s=arc-20160816; b=op7l23HRb1t+YUCcsbgWQEiJ7PN4LxuUlHkYqK8LhfgCjEOALYvEgWsnR58XTQZSPh wriDGfD+39UKFpfLIJ1zyEPliZ0JWplVhRZnBUmJ/234jdRc78P3Stl6WhE+PEoTmaph riCa778U4mpkzd13xdqdflJhOfCt0ITpI13Ky5WgjySVLfonRNutwnqJlr/aZkUpK8qZ vZPyXlMkzI3rE3iPgFbIAM7zFflmG3j9Ve4onFCKxaK7EjA3otQ6wGHMZ4AtoXr3D752 tihBZgiAhE6nqd0WdSUfWy2eW/W+b/8uw/ZcJKEFMt3HeO6vvnx4ElDPwBQ3kI+06Zpl YiEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=EU5hMHIDBwanKqUThLEMKgdcgJ0c7t+O7ajiXIHk0no=; b=zSa/VpUlbJocrvJykEuNL6dCnkrDxfXdN9z7dM/9pNyijtoLXMKwW0PjdHBpJ1TZhu ek6YARwuO3mmcyHK5xJ1ItABQC3ssQVVjIxKgRnZFDkO0LjUdNwVqHOWnpQa/OlkJQoy 8/pBJaTUyU6Jhqel2g4rgJ5If7MjQJamGF9TL5wrrn3Nl804I0CagscV+UMj2FTy1scE DobLgEsRsZhko8Qk//PL1v83bDmXcDgXR5a6cgnam08d1s6rMkgeXnMbE7nrevzqm5kt OOwzMajelswgXchMVm1XyEu4pPVFyeZEg5/a73jxGyzw06/AnoVtLKt19liTnYYNLvFp sFoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=S1dhhecU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i8si846249ejf.197.2020.04.30.18.11.37; Thu, 30 Apr 2020 18:12:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=S1dhhecU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728028AbgEABHn (ORCPT + 99 others); Thu, 30 Apr 2020 21:07:43 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:51617 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727114AbgEABHn (ORCPT ); Thu, 30 Apr 2020 21:07:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588295261; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=EU5hMHIDBwanKqUThLEMKgdcgJ0c7t+O7ajiXIHk0no=; b=S1dhhecUMNPTraHhJcdWLHxp5Bar7lLcJzpwis3QdV/P87lCe7qtgsmHsczV90dQd8xLjx Q/7D0j4xE3/sa6nU56P8NzPYwAsDFEXSqZVSHhk09N4o5z53YNRdwnp1SvV4ttkvmTX2HY AnHZ9xhkaoiNscL15fm3PV2hPlqYMCw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-210-fcevY-GHNeeCfOfwUTTktQ-1; Thu, 30 Apr 2020 21:07:38 -0400 X-MC-Unique: fcevY-GHNeeCfOfwUTTktQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3CBA2107ACCA; Fri, 1 May 2020 01:07:37 +0000 (UTC) Received: from treble (ovpn-113-19.rdu2.redhat.com [10.10.113.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F083239E; Fri, 1 May 2020 01:07:35 +0000 (UTC) Date: Thu, 30 Apr 2020 20:07:33 -0500 From: Josh Poimboeuf To: Arnd Bergmann Cc: Peter Zijlstra , the arch/x86 maintainers , Linux Kernel Mailing List Subject: Re: Remaining randconfig objtool warnings, linux-next-20200428 Message-ID: <20200501010733.ptvgzl3nbxybo4rd@treble> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 30, 2020 at 04:05:07PM +0200, Arnd Bergmann wrote: > lib/strncpy_from_user.o: warning: objtool: strncpy_from_user()+0x133: call to do_strncpy_from_user() with UACCESS enabled > lib/strnlen_user.o: warning: objtool: strnlen_user()+0x122: call to do_strnlen_user() with UACCESS enabled Does this fix it? diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index 706020b06617..cb3ae7a093c3 100644 --- a/lib/strncpy_from_user.c +++ b/lib/strncpy_from_user.c @@ -30,6 +30,9 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; unsigned long res = 0; + if (!user_access_begin(src, max)) + return -EFAULT; + if (IS_UNALIGNED(src, dst)) goto byte_at_a_time; @@ -43,7 +46,8 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, if (has_zero(c, &data, &constants)) { data = prep_zero_mask(c, data, &constants); data = create_zero_mask(data); - return res + find_zero(data); + res += find_zero(data); + goto done; } res += sizeof(unsigned long); max -= sizeof(unsigned long); @@ -56,7 +60,7 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, unsafe_get_user(c,src+res, efault); dst[res] = c; if (!c) - return res; + goto done; res++; max--; } @@ -65,14 +69,20 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, * Uhhuh. We hit 'max'. But was that the user-specified maximum * too? If so, that's ok - we got as much as the user asked for. */ - if (res >= count) - return res; + if (res < count) { + /* + * Nope: we hit the address space limit, and we still had more + * characters the caller would have wanted. That's an EFAULT. + */ + goto efault; + } + +done: + user_access_end(); + return res; - /* - * Nope: we hit the address space limit, and we still had more - * characters the caller would have wanted. That's an EFAULT. - */ efault: + user_access_end(); return -EFAULT; } @@ -105,7 +115,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count) src_addr = (unsigned long)untagged_addr(src); if (likely(src_addr < max_addr)) { unsigned long max = max_addr - src_addr; - long retval; /* * Truncate 'max' to the user-specified limit, so that @@ -116,11 +125,7 @@ long strncpy_from_user(char *dst, const char __user *src, long count) kasan_check_write(dst, count); check_object_size(dst, count, false); - if (user_access_begin(src, max)) { - retval = do_strncpy_from_user(dst, src, count, max); - user_access_end(); - return retval; - } + return do_strncpy_from_user(dst, src, count, max); } return -EFAULT; } diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c index 41670d4a5816..f1e9e447bef1 100644 --- a/lib/strnlen_user.c +++ b/lib/strnlen_user.c @@ -26,6 +26,9 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, unsigned long align, res = 0; unsigned long c; + if (!user_access_begin(src, max)) + return 0; + /* * Do everything aligned. But that means that we * need to also expand the maximum.. @@ -39,10 +42,12 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, for (;;) { unsigned long data; + if (has_zero(c, &data, &constants)) { data = prep_zero_mask(c, data, &constants); data = create_zero_mask(data); - return res + find_zero(data) + 1 - align; + res += find_zero(data) + 1 - align; + goto done; } res += sizeof(unsigned long); /* We already handled 'unsigned long' bytes. Did we do it all ? */ @@ -58,13 +63,21 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, * too? If so, return the marker for "too long". */ if (res >= count) - return count+1; + res = count + 1; + else { + /* + * Nope: we hit the address space limit, and we still had more + * characters the caller would have wanted. That's 0. + */ + goto efault; + } + +done: + user_access_end(); + return res; - /* - * Nope: we hit the address space limit, and we still had more - * characters the caller would have wanted. That's 0. - */ efault: + user_access_end(); return 0; } @@ -100,7 +113,6 @@ long strnlen_user(const char __user *str, long count) src_addr = (unsigned long)untagged_addr(str); if (likely(src_addr < max_addr)) { unsigned long max = max_addr - src_addr; - long retval; /* * Truncate 'max' to the user-specified limit, so that @@ -109,11 +121,7 @@ long strnlen_user(const char __user *str, long count) if (max > count) max = count; - if (user_access_begin(str, max)) { - retval = do_strnlen_user(str, count, max); - user_access_end(); - return retval; - } + return do_strnlen_user(str, count, max); } return 0; }