Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1764242pxf; Fri, 26 Mar 2021 14:25:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxV5UiLj9VI9pDYcJIXSHMepHWZXbzFAoEXZLF3FrbDDfJp/0EcccjM4jh/4u53ShdvMxsa X-Received: by 2002:a17:906:2dc1:: with SMTP id h1mr17617636eji.460.1616793917103; Fri, 26 Mar 2021 14:25:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616793917; cv=none; d=google.com; s=arc-20160816; b=arsjH6+CFH3tTGZle6CGp5AvP8ZotWG8SAcGy0aNEMMKNGCKpj7lbnxs2chOfm205p aYHZ4ZDp2E1AzSdfxCRpHOEi0qnqXNCU5mh8YYKI6JqkCDYY70gsniCB50gAnWUF4GRx BPZM9GlIFztBUfbriLfzXcle72e3q6IDGpEIiOlGxPcuizvo2lLIkXTOxkuWjBS04nfq uqCGNoXU+xo9M5Mf2EZizBJ89SMKZk+Ac+RTQS48FZ5XKqKG6mjUcpQEVREGYEqjNFkD lkLMs9yznlLxMQDIBmESCDDaa5C5qh1u2HrERimdWjuxkmRkK/w3zPLzlve2FCRIx6tg 3bvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:mime-version:user-agent:message-id :in-reply-to:date:references:cc:to:from; bh=VxIkHzX5QItwwHLQlDIa3Gs9lK4rdr12Y3xCIbnlkbo=; b=f80ZZvW4McuQuEaxy8lYmm9YqWyoiL7SYesVLrsVIZd/aC14zXowWUbg+r7gf4KSjW hRknn/n5aSMKcCoVEOsFiblEgiwbA4wX/tm4t+zgiMcWo3MqGudfXA6AAkYGx+FM14Ap AT10OaYLz51X6boZ1dun9LEIDh4txnPxRzKKCEBWG9paCmXinlVSvc5btoMY5VJ1Np2y JSSVD4osj6NcBbOVueiSeTrlwvVFuG5FD67EMwJjWGQgI++RxuLhs5ngr/Z8JH2eYiS1 +70VP49ZI/m0xnefOupPjl8fC4LVA3VSYUPiwq0WE4mKdRh0WfQ0bLQE83HLCijpe9ca RdQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gs37si7933034ejc.198.2021.03.26.14.24.55; Fri, 26 Mar 2021 14:25:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230170AbhCZVXz (ORCPT + 99 others); Fri, 26 Mar 2021 17:23:55 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:35548 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230026AbhCZVXj (ORCPT ); Fri, 26 Mar 2021 17:23:39 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1lPtvb-000SOd-No; Fri, 26 Mar 2021 15:23:35 -0600 Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=fess.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1lPtva-00074S-1a; Fri, 26 Mar 2021 15:23:35 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Christoph Hellwig Cc: Al Viro , Arnd Bergmann , Brian Gerst , Luis Chamberlain , linux-arm-kernel@lists.infradead.org, x86@kernel.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org References: <20210326143831.1550030-1-hch@lst.de> <20210326143831.1550030-4-hch@lst.de> Date: Fri, 26 Mar 2021 16:22:33 -0500 In-Reply-To: <20210326143831.1550030-4-hch@lst.de> (Christoph Hellwig's message of "Fri, 26 Mar 2021 15:38:30 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1lPtva-00074S-1a;;;mid=;;;hst=in01.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX18JI1x3OTuGSmP1SAxwgJUKnILVVDmHpGw= X-SA-Exim-Connect-IP: 68.227.160.95 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa07.xmission.com X-Spam-Level: X-Spam-Status: No, score=0.5 required=8.0 tests=ALL_TRUSTED,BAYES_40, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG,XMNoVowels autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * -0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40% * [score: 0.3879] * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Christoph Hellwig X-Spam-Relay-Country: X-Spam-Timing: total 1205 ms - load_scoreonly_sql: 0.07 (0.0%), signal_user_changed: 12 (1.0%), b_tie_ro: 10 (0.8%), parse: 1.10 (0.1%), extract_message_metadata: 13 (1.1%), get_uri_detail_list: 1.37 (0.1%), tests_pri_-1000: 7 (0.6%), tests_pri_-950: 1.65 (0.1%), tests_pri_-900: 1.23 (0.1%), tests_pri_-90: 84 (7.0%), check_bayes: 83 (6.9%), b_tokenize: 10 (0.9%), b_tok_get_all: 7 (0.6%), b_comp_prob: 2.3 (0.2%), b_tok_touch_all: 59 (4.9%), b_finish: 1.20 (0.1%), tests_pri_0: 252 (20.9%), check_dkim_signature: 0.55 (0.0%), check_dkim_adsp: 2.8 (0.2%), poll_dns_idle: 803 (66.7%), tests_pri_10: 2.3 (0.2%), tests_pri_500: 826 (68.5%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH 3/4] exec: simplify the compat syscall handling X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Christoph Hellwig writes: > diff --git a/fs/exec.c b/fs/exec.c > index 06e07278b456fa..b34c1eb9e7ad8e 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -391,47 +391,34 @@ static int bprm_mm_init(struct linux_binprm *bprm) > return err; > } > > -struct user_arg_ptr { > -#ifdef CONFIG_COMPAT > - bool is_compat; > -#endif > - union { > - const char __user *const __user *native; > -#ifdef CONFIG_COMPAT > - const compat_uptr_t __user *compat; > -#endif > - } ptr; > -}; > - > -static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) > +static const char __user * > +get_user_arg_ptr(const char __user *const __user *argv, int nr) > { > - const char __user *native; > - > -#ifdef CONFIG_COMPAT > - if (unlikely(argv.is_compat)) { > + if (in_compat_syscall()) { > + const compat_uptr_t __user *compat_argv = > + compat_ptr((unsigned long)argv); Ouch! Passing a pointer around as the wrong type through the kernel! Perhaps we should reduce everything to do_execveat and do_execveat_compat. Then there would be no need for anything to do anything odd with the pointer types. I think the big change would be to factor out a copy_string out of copy_strings, that performs all of the work once we know the proper pointer value. Casting pointers from one type to another scares me as one mistake means we are doing something wrong and probably exploitable. Eric > compat_uptr_t compat; > > - if (get_user(compat, argv.ptr.compat + nr)) > + if (get_user(compat, compat_argv + nr)) > return ERR_PTR(-EFAULT); > - > return compat_ptr(compat); > - } > -#endif > - > - if (get_user(native, argv.ptr.native + nr)) > - return ERR_PTR(-EFAULT); > + } else { > + const char __user *native; > > - return native; > + if (get_user(native, argv + nr)) > + return ERR_PTR(-EFAULT); > + return native; > + } > } >