Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp946003ybm; Fri, 29 May 2020 16:30:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUPBw1ZWRieYWy2xAmpWdaHKODz7gZ/6EnCdh6+VRTXl7cDp3BkEvckVWZUrc7phoBXwa3 X-Received: by 2002:aa7:c790:: with SMTP id n16mr1020915eds.54.1590795018154; Fri, 29 May 2020 16:30:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590795018; cv=none; d=google.com; s=arc-20160816; b=GCjrmHqIg5HyS7YWv0mHI73rDr97RU8dT3DlQskV1A5mSili6Vc3Dl9wzjqHxCY2vR CdAqa/Hm4P8/U1/QAEMJCIgpXl4JsoLSckSIncuYanr1NYthNllieqA7zlQfDRszpxIk iCB/WX5gJOyCMEZYpmdyO5dURiZjXpANvtEj57PG8hbN2Y/bRsHy1qM0zXBUA0I8tDU3 YOFeEUv8H3G3tpiNTgaoEisW+8tJg1r5ICm7Ft9kxgJGjNHsj3l8Hv2CY1H9NnOlOOy4 YskhXFjaDG+/S6WFGrwJBpT95OovPNC5B83ZsPcFmj3Dd5nx7jLeGiY55ABInq4fhIGI m+Ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=fgTa+7NSxbc/0qbdnXaVoxpyMI6yn8jmZQoQDZU87vw=; b=xV2vphDBgM7qxoQVktJ+sTHdj5PvcxNq5+LS8X9pfp2o411si3JWd9n0ilL9/Yv/Ur GAwNSmEDITLpeQz20jET25NRQltsDDDtJbOd1nz8WM5ZJqbeMw/7I+MGd8u6bocDcURn VPPz4g4g2tXXtTtG0kQotNYUELGqkwrU2qBzhFJwA2cVsCnWx09vI4Jyp+Vm1LwrRqSE Kzpfa6KkeTMzilCKti+avwy5jzAL+0nKoWODnQoq3H9bFNLObEm0bb3u8ksKgldD04fa 6SxXHxOY0w880Aj+oJ65ojxGL41HnHoDyK0oCIbOfvo8yDyF4mWA+/xe4EaNp7FxiysQ HG9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u9si6631335edp.338.2020.05.29.16.29.55; Fri, 29 May 2020 16:30:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728657AbgE2X1t (ORCPT + 99 others); Fri, 29 May 2020 19:27:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728493AbgE2X1Z (ORCPT ); Fri, 29 May 2020 19:27:25 -0400 Received: from ZenIV.linux.org.uk (zeniv.linux.org.uk [IPv6:2002:c35c:fd02::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E252C03E969; Fri, 29 May 2020 16:27:25 -0700 (PDT) Received: from viro by ZenIV.linux.org.uk with local (Exim 4.93 #3 (Red Hat Linux)) id 1jeoPL-000Bhs-TE; Fri, 29 May 2020 23:27:23 +0000 From: Al Viro To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 5/9] x86: switch cp_stat64() to unsafe_put_user() Date: Sat, 30 May 2020 00:27:20 +0100 Message-Id: <20200529232723.44942-5-viro@ZenIV.linux.org.uk> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200529232723.44942-1-viro@ZenIV.linux.org.uk> References: <20200528234025.GT23230@ZenIV.linux.org.uk> <20200529232723.44942-1-viro@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Al Viro Signed-off-by: Al Viro --- arch/x86/kernel/sys_ia32.c | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/arch/x86/kernel/sys_ia32.c b/arch/x86/kernel/sys_ia32.c index ab03fede1422..f8d65c99feb8 100644 --- a/arch/x86/kernel/sys_ia32.c +++ b/arch/x86/kernel/sys_ia32.c @@ -135,26 +135,30 @@ static int cp_stat64(struct stat64 __user *ubuf, struct kstat *stat) typeof(ubuf->st_gid) gid = 0; SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid)); SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid)); - if (!access_ok(ubuf, sizeof(struct stat64)) || - __put_user(huge_encode_dev(stat->dev), &ubuf->st_dev) || - __put_user(stat->ino, &ubuf->__st_ino) || - __put_user(stat->ino, &ubuf->st_ino) || - __put_user(stat->mode, &ubuf->st_mode) || - __put_user(stat->nlink, &ubuf->st_nlink) || - __put_user(uid, &ubuf->st_uid) || - __put_user(gid, &ubuf->st_gid) || - __put_user(huge_encode_dev(stat->rdev), &ubuf->st_rdev) || - __put_user(stat->size, &ubuf->st_size) || - __put_user(stat->atime.tv_sec, &ubuf->st_atime) || - __put_user(stat->atime.tv_nsec, &ubuf->st_atime_nsec) || - __put_user(stat->mtime.tv_sec, &ubuf->st_mtime) || - __put_user(stat->mtime.tv_nsec, &ubuf->st_mtime_nsec) || - __put_user(stat->ctime.tv_sec, &ubuf->st_ctime) || - __put_user(stat->ctime.tv_nsec, &ubuf->st_ctime_nsec) || - __put_user(stat->blksize, &ubuf->st_blksize) || - __put_user(stat->blocks, &ubuf->st_blocks)) + if (!user_write_access_begin(ubuf, sizeof(struct stat64))) return -EFAULT; + unsafe_put_user(huge_encode_dev(stat->dev), &ubuf->st_dev, Efault); + unsafe_put_user(stat->ino, &ubuf->__st_ino, Efault); + unsafe_put_user(stat->ino, &ubuf->st_ino, Efault); + unsafe_put_user(stat->mode, &ubuf->st_mode, Efault); + unsafe_put_user(stat->nlink, &ubuf->st_nlink, Efault); + unsafe_put_user(uid, &ubuf->st_uid, Efault); + unsafe_put_user(gid, &ubuf->st_gid, Efault); + unsafe_put_user(huge_encode_dev(stat->rdev), &ubuf->st_rdev, Efault); + unsafe_put_user(stat->size, &ubuf->st_size, Efault); + unsafe_put_user(stat->atime.tv_sec, &ubuf->st_atime, Efault); + unsafe_put_user(stat->atime.tv_nsec, &ubuf->st_atime_nsec, Efault); + unsafe_put_user(stat->mtime.tv_sec, &ubuf->st_mtime, Efault); + unsafe_put_user(stat->mtime.tv_nsec, &ubuf->st_mtime_nsec, Efault); + unsafe_put_user(stat->ctime.tv_sec, &ubuf->st_ctime, Efault); + unsafe_put_user(stat->ctime.tv_nsec, &ubuf->st_ctime_nsec, Efault); + unsafe_put_user(stat->blksize, &ubuf->st_blksize, Efault); + unsafe_put_user(stat->blocks, &ubuf->st_blocks, Efault); + user_access_end(); return 0; +Efault: + user_write_access_end(); + return -EFAULT; } COMPAT_SYSCALL_DEFINE2(ia32_stat64, const char __user *, filename, -- 2.11.0