Received: by 2002:ac0:c50a:0:0:0:0:0 with SMTP id y10csp1332150imi; Fri, 1 Jul 2022 07:39:52 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vMpR94A1FJrryOKyYratLd1kh1TbLrSeVyUEucjwOyoo9ANuZK+BU+f1o4IrOhcvL8DrzX X-Received: by 2002:a17:90b:3842:b0:1ed:16aa:def6 with SMTP id nl2-20020a17090b384200b001ed16aadef6mr19282904pjb.130.1656686392540; Fri, 01 Jul 2022 07:39:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656686392; cv=none; d=google.com; s=arc-20160816; b=OIbY2CmBwqOLo3bJQ29pcy1mBfx74rQiY/+guQaEIcSDWOlbo9X69oIAAvEZKtg/as P2u90fqe8cLfshNlwyflTqAsvSLaqdzWwcph7ysAD4KHieIIpV6kjAkjtd0JmH08Z6U1 cCE76uzb/bvp19L+vqqLfTXpFeNw7jidE57OPQORHzNBuModBP08wb6rwXpWvejBbLop lK5ExjF4LcHBRuGrWhYma39ecnGS6mlzLwjSBv+fYwOa9Ni5BtwR8D4KtuizUSb6kvtJ L7xqoETCt3zXWHU/dOplEJtvSG+Yvj8K4AudWuooIVciVu74wkRIQNCNHrOo9z19fthZ Flbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=DM2lItfZBVLN/C7PGBgjPtkXFa/DP0+N1ALBTGezmzM=; b=L9zGsP3IaO6r2XzE7W10bXsGBB+qOOPVzoNnEtETFmhvZGlSGxRm/qidEx0ZccfFEa Mx5i+sZsG/fEkwTONcE/F5W22TrwndZBZxG2Rj8Cd+ZzASyEtEr2fmaXThjgeb0PXd78 s+f3aNMo5kP3KAQJlKYYgdXcHxn5iukCsb4YLloEiy4HvsULqQ6Nq/qxAgWT0c1Y/+Bz MybHDO9W2HUhWWAaMfyicMkKxkGqZ0lECJ618KprUxmks4j9SMFkalLM2rROY0ptyitN WNSkgV95BrBRWGg/Sa00Xou5uwiJutkInC5Mc88XyRaANskIHtUp9dGZWbUsn78HYyqF pyEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BrwjnieB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i2-20020a63d442000000b003db8bb45f56si30004248pgj.104.2022.07.01.07.39.41; Fri, 01 Jul 2022 07:39:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BrwjnieB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231359AbiGAOXq (ORCPT + 99 others); Fri, 1 Jul 2022 10:23:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231166AbiGAOXf (ORCPT ); Fri, 1 Jul 2022 10:23:35 -0400 Received: from mail-ed1-x549.google.com (mail-ed1-x549.google.com [IPv6:2a00:1450:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B613A17E04 for ; Fri, 1 Jul 2022 07:23:25 -0700 (PDT) Received: by mail-ed1-x549.google.com with SMTP id f13-20020a0564021e8d00b00437a2acb543so1881886edf.7 for ; Fri, 01 Jul 2022 07:23:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=DM2lItfZBVLN/C7PGBgjPtkXFa/DP0+N1ALBTGezmzM=; b=BrwjnieB1ihiMJjhT7I5u//E7HjI1WLLjlXBmbnDhgMb7SpTYsEuazuBiSutpdswxC 5pvB8SRUOYAiKuMPD3S9k8yYpGxtgwA4cZZf6JHUocr1/F0k13itXtMMpFzSqF04Alsp chy+0E2s4SsndfHwLVSyYJzYMcaxAhoa6oqKJOe11TNjTNr10CeQHAcSf+2V5GU9ne2/ XLFDmkZaS+nan9HDxgfTnVYnCoqy44FIEOMq2nA0ViTNF2vno2mvx43ZLEeDlEnkJ1qy mGeEtfCFTEFHfRnQWwnwzmz9FeJeVkjle7Ho0tF4WBjphb+reY+Lt6qdvhMZ0CVbxkQi c7Yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=DM2lItfZBVLN/C7PGBgjPtkXFa/DP0+N1ALBTGezmzM=; b=Hww5YNXwnRWidm4HJnzoiqsTDKa2OTjxQg0e5AFeaxFXyCEDsvE2QUtR8ipF9Ff7S8 1lAIAS3AyVZCrA1oxqwI+y82Q8WMkvZrl47ZHBF+928yCKEuur3T6p5di+GU6gvP2Vte +4wR++671+ENGKstzhg0x++DlzUL4R+PgAZN233e1qUPeRd4EqkKHmmHWLbErWYJo+iw Yrgq6mLEVAA/pQuTIH3FCAC1fHHBomT07tl5Sj5F0PFvG9wDwF2WCRwWnJ5lG/4+TCjb M+N/T24eaZ52yWda3GR0DsIk3TK6oavr9RMFYF5cQQUr5lT16I//dxyhQPJnAAdVbpH+ Kfaw== X-Gm-Message-State: AJIora9aR/G6GUdMmUt4Q0/nN7NWrR0yOYNCeH+oWvgX/4JrgDsqpRU5 kPxwWk53n7ZXeIidalox48t5V60Pl/Q= X-Received: from glider.muc.corp.google.com ([2a00:79e0:9c:201:a6f5:f713:759c:abb6]) (user=glider job=sendgmr) by 2002:aa7:c2cf:0:b0:435:6576:b7c0 with SMTP id m15-20020aa7c2cf000000b004356576b7c0mr19716710edp.18.1656685404238; Fri, 01 Jul 2022 07:23:24 -0700 (PDT) Date: Fri, 1 Jul 2022 16:22:28 +0200 In-Reply-To: <20220701142310.2188015-1-glider@google.com> Message-Id: <20220701142310.2188015-4-glider@google.com> Mime-Version: 1.0 References: <20220701142310.2188015-1-glider@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v4 03/45] instrumented.h: allow instrumenting both sides of copy_from_user() From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Introduce instrument_copy_from_user_before() and instrument_copy_from_user_after() hooks to be invoked before and after the call to copy_from_user(). KASAN and KCSAN will be only using instrument_copy_from_user_before(), but for KMSAN we'll need to insert code after copy_from_user(). Signed-off-by: Alexander Potapenko --- v4: -- fix _copy_from_user_key() in arch/s390/lib/uaccess.c (Reported-by: kernel test robot ) Link: https://linux-review.googlesource.com/id/I855034578f0b0f126734cbd734fb4ae1d3a6af99 --- arch/s390/lib/uaccess.c | 3 ++- include/linux/instrumented.h | 21 +++++++++++++++++++-- include/linux/uaccess.h | 19 ++++++++++++++----- lib/iov_iter.c | 9 ++++++--- lib/usercopy.c | 3 ++- 5 files changed, 43 insertions(+), 12 deletions(-) diff --git a/arch/s390/lib/uaccess.c b/arch/s390/lib/uaccess.c index d7b3b193d1088..58033dfcb6d45 100644 --- a/arch/s390/lib/uaccess.c +++ b/arch/s390/lib/uaccess.c @@ -81,8 +81,9 @@ unsigned long _copy_from_user_key(void *to, const void __user *from, might_fault(); if (!should_fail_usercopy()) { - instrument_copy_from_user(to, from, n); + instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user_key(to, from, n, key); + instrument_copy_from_user_after(to, from, n, res); } if (unlikely(res)) memset(to + (n - res), 0, res); diff --git a/include/linux/instrumented.h b/include/linux/instrumented.h index 42faebbaa202a..ee8f7d17d34f5 100644 --- a/include/linux/instrumented.h +++ b/include/linux/instrumented.h @@ -120,7 +120,7 @@ instrument_copy_to_user(void __user *to, const void *from, unsigned long n) } /** - * instrument_copy_from_user - instrument writes of copy_from_user + * instrument_copy_from_user_before - add instrumentation before copy_from_user * * Instrument writes to kernel memory, that are due to copy_from_user (and * variants). The instrumentation should be inserted before the accesses. @@ -130,10 +130,27 @@ instrument_copy_to_user(void __user *to, const void *from, unsigned long n) * @n number of bytes to copy */ static __always_inline void -instrument_copy_from_user(const void *to, const void __user *from, unsigned long n) +instrument_copy_from_user_before(const void *to, const void __user *from, unsigned long n) { kasan_check_write(to, n); kcsan_check_write(to, n); } +/** + * instrument_copy_from_user_after - add instrumentation after copy_from_user + * + * Instrument writes to kernel memory, that are due to copy_from_user (and + * variants). The instrumentation should be inserted after the accesses. + * + * @to destination address + * @from source address + * @n number of bytes to copy + * @left number of bytes not copied (as returned by copy_from_user) + */ +static __always_inline void +instrument_copy_from_user_after(const void *to, const void __user *from, + unsigned long n, unsigned long left) +{ +} + #endif /* _LINUX_INSTRUMENTED_H */ diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 5a328cf02b75e..da16e96680cf1 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -58,20 +58,28 @@ static __always_inline __must_check unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { - instrument_copy_from_user(to, from, n); + unsigned long res; + + instrument_copy_from_user_before(to, from, n); check_object_size(to, n, false); - return raw_copy_from_user(to, from, n); + res = raw_copy_from_user(to, from, n); + instrument_copy_from_user_after(to, from, n, res); + return res; } static __always_inline __must_check unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { + unsigned long res; + might_fault(); + instrument_copy_from_user_before(to, from, n); if (should_fail_usercopy()) return n; - instrument_copy_from_user(to, from, n); check_object_size(to, n, false); - return raw_copy_from_user(to, from, n); + res = raw_copy_from_user(to, from, n); + instrument_copy_from_user_after(to, from, n, res); + return res; } /** @@ -115,8 +123,9 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { - instrument_copy_from_user(to, from, n); + instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); + instrument_copy_from_user_after(to, from, n, res); } if (unlikely(res)) memset(to + (n - res), 0, res); diff --git a/lib/iov_iter.c b/lib/iov_iter.c index 0b64695ab632f..fe5d169314dbf 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -159,13 +159,16 @@ static int copyout(void __user *to, const void *from, size_t n) static int copyin(void *to, const void __user *from, size_t n) { + size_t res = n; + if (should_fail_usercopy()) return n; if (access_ok(from, n)) { - instrument_copy_from_user(to, from, n); - n = raw_copy_from_user(to, from, n); + instrument_copy_from_user_before(to, from, n); + res = raw_copy_from_user(to, from, n); + instrument_copy_from_user_after(to, from, n, res); } - return n; + return res; } static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes, diff --git a/lib/usercopy.c b/lib/usercopy.c index 7413dd300516e..1505a52f23a01 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -12,8 +12,9 @@ unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { - instrument_copy_from_user(to, from, n); + instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); + instrument_copy_from_user_after(to, from, n, res); } if (unlikely(res)) memset(to + (n - res), 0, res); -- 2.37.0.rc0.161.g10f37bed90-goog