Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4400064imw; Tue, 12 Jul 2022 07:20:44 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vGMTmtcyDFb64opS68WnddrVOJc+0dC0kiWH4CNWGkC7IAvUM28V731Wnva+KkHvVJsg/R X-Received: by 2002:a17:907:3d89:b0:72b:4d89:9c7a with SMTP id he9-20020a1709073d8900b0072b4d899c7amr12443118ejc.50.1657635644065; Tue, 12 Jul 2022 07:20:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657635644; cv=none; d=google.com; s=arc-20160816; b=vg8IaWGI1vKb3r7QjpHAOH1zEcd4wok67al/pQ/fUQiLQmf/Z9+5HMmQ4yy1WEvJ/F 5iop9BbmaDB9Qbe8zmxCmKmC6z1Q/z+QEfb3igwHRDMcwQ0+YtEVpT/CrhtlTSzUANIg zoM8brd/UzaGhwsGW+WNNXhzoQD/R0WQ18fflkKo5gEz9AheU5TAbvr27p/QNjmY4eBp 61HTxpFYKiemeNl3lksZ874sURTInNdpVUU3lIdhqcKWWlrcg6+fTVzeY6uh5Yh9onRy GEGKTP3Aj2tpIqZz1DtufQ1U1SEPWAHZPePIAXMjr9WMdp0jma0nhVbN5ldOG5PSFyVW iEvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Buzecpksdj/ppXJ2ucKEbyUfR5ZsYfyO7TYuavzyvD0=; b=uk7fCLs+J+mO8NmxGD2b8jq0s3l5ReSBEh3G+yr76Rgx+VTwDdaYlP2oDx3uhS+EzM nYY8l0quonZQi5LlVpx3OhO+gJvZqB0CNS7vdS8W9WttZLROlPvKgR33FMphkttx8L7Q nstV3JwDVaDOlQNPrxf2ZSLgNpTTxXu+Zx04CQJ3j1SlFHNJpYZXqrq6h43mXtiltc7U KHJfQniphyF6HNh0MsjyLy/mRg+lAloJysmQABlMeUNjheGmBcBHiOMATaRrddWZwSpR yk5oZfLUY+xYGE1XclcSbiyag7jR/JZOyATOUC2lTrQ+/wqXG4HjQrcxhwMFLX/BUNfo OK6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=sQLMjweS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 23-20020a508e57000000b0043af0991f76si1970336edx.595.2022.07.12.07.20.15; Tue, 12 Jul 2022 07:20:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=sQLMjweS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233059AbiGLOSI (ORCPT + 99 others); Tue, 12 Jul 2022 10:18:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33456 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233471AbiGLORn (ORCPT ); Tue, 12 Jul 2022 10:17:43 -0400 Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA945B419B for ; Tue, 12 Jul 2022 07:17:41 -0700 (PDT) Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-2ef5380669cso82277467b3.9 for ; Tue, 12 Jul 2022 07:17:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Buzecpksdj/ppXJ2ucKEbyUfR5ZsYfyO7TYuavzyvD0=; b=sQLMjweS32iCJFRlAoNOwdDK8hnBFO21q9/QR3QMg+i6jTMQ0w5pdtuSrvaKE3yi1V OENAnF+nSsSdc8ihCvsjb0GrX8iBDz0tilJIYC098s3na4ze2AwlI7ZXPJuZWBZimbPa zc6VD+EG5cnRr7pN0NFncsyRnk7xvvcAJUzQVgXEpkMvlCbSNGhzBey0ah2rAG7JEeXa zKxam8P3oasK+CS9Z5A7Zgy04dV+iFfm10EG9KvV0M4B4K8hGOijSVFbtyjWIngqOlCG o9DhTuPPVrwBZrP43BRgcahv5z27In46n7Ln6OyxARYJeytEEIwCEvWNt3MsP0FHLEK2 rZ7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Buzecpksdj/ppXJ2ucKEbyUfR5ZsYfyO7TYuavzyvD0=; b=xSGOeCF5xNi0bTEmZLpem5yMo7wYtJpoKEJ4eBa8sbrY4Igm5B8+Cf14PCpmlMN/tj f+f+jsYDamwqh/WH/+ary55CCR1FIqmscc/Khhr7cShjQhPLAHlg9k3aR/BDOPrTCac3 uzM5tPEyt2LfNfY1Xdvx19B79GTNwMrs0f8q1OgeLEhMbAWnUi+wUfC76/qUOlcYjj7Z sEr0kiYjE45eXd1VRxLAUgD5baUuAAjh/sqjpfFPu8irIFCOe9z2KQZsVqbCUyN+ZjZe LEIa+KZqeru1x4jG2MNyIzd1JKmePY3e3pVduLjxGwnIRQPOFg+pJ5E+Na0196RyxFm8 aJPQ== X-Gm-Message-State: AJIora/qebabuScktRmcme5bzvkXJhmvX8T/XkEoTMOG93WyJsMJukBl RP8VXaZ8jf5UNu5jS8lykt/EQfqrglla/qI2+DAAFA== X-Received: by 2002:a0d:e60d:0:b0:31c:8046:8ff with SMTP id p13-20020a0de60d000000b0031c804608ffmr25882367ywe.412.1657635461215; Tue, 12 Jul 2022 07:17:41 -0700 (PDT) MIME-Version: 1.0 References: <20220701142310.2188015-1-glider@google.com> <20220701142310.2188015-4-glider@google.com> In-Reply-To: <20220701142310.2188015-4-glider@google.com> From: Marco Elver Date: Tue, 12 Jul 2022 16:17:05 +0200 Message-ID: Subject: Re: [PATCH v4 03/45] instrumented.h: allow instrumenting both sides of copy_from_user() To: Alexander Potapenko Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 1 Jul 2022 at 16:23, Alexander Potapenko wrote: > > Introduce instrument_copy_from_user_before() and > instrument_copy_from_user_after() hooks to be invoked before and after > the call to copy_from_user(). > > KASAN and KCSAN will be only using instrument_copy_from_user_before(), > but for KMSAN we'll need to insert code after copy_from_user(). > > Signed-off-by: Alexander Potapenko Reviewed-by: Marco Elver > --- > v4: > -- fix _copy_from_user_key() in arch/s390/lib/uaccess.c (Reported-by: > kernel test robot ) > > Link: https://linux-review.googlesource.com/id/I855034578f0b0f126734cbd734fb4ae1d3a6af99 > --- > arch/s390/lib/uaccess.c | 3 ++- > include/linux/instrumented.h | 21 +++++++++++++++++++-- > include/linux/uaccess.h | 19 ++++++++++++++----- > lib/iov_iter.c | 9 ++++++--- > lib/usercopy.c | 3 ++- > 5 files changed, 43 insertions(+), 12 deletions(-) > > diff --git a/arch/s390/lib/uaccess.c b/arch/s390/lib/uaccess.c > index d7b3b193d1088..58033dfcb6d45 100644 > --- a/arch/s390/lib/uaccess.c > +++ b/arch/s390/lib/uaccess.c > @@ -81,8 +81,9 @@ unsigned long _copy_from_user_key(void *to, const void __user *from, > > might_fault(); > if (!should_fail_usercopy()) { > - instrument_copy_from_user(to, from, n); > + instrument_copy_from_user_before(to, from, n); > res = raw_copy_from_user_key(to, from, n, key); > + instrument_copy_from_user_after(to, from, n, res); > } > if (unlikely(res)) > memset(to + (n - res), 0, res); > diff --git a/include/linux/instrumented.h b/include/linux/instrumented.h > index 42faebbaa202a..ee8f7d17d34f5 100644 > --- a/include/linux/instrumented.h > +++ b/include/linux/instrumented.h > @@ -120,7 +120,7 @@ instrument_copy_to_user(void __user *to, const void *from, unsigned long n) > } > > /** > - * instrument_copy_from_user - instrument writes of copy_from_user > + * instrument_copy_from_user_before - add instrumentation before copy_from_user > * > * Instrument writes to kernel memory, that are due to copy_from_user (and > * variants). The instrumentation should be inserted before the accesses. > @@ -130,10 +130,27 @@ instrument_copy_to_user(void __user *to, const void *from, unsigned long n) > * @n number of bytes to copy > */ > static __always_inline void > -instrument_copy_from_user(const void *to, const void __user *from, unsigned long n) > +instrument_copy_from_user_before(const void *to, const void __user *from, unsigned long n) > { > kasan_check_write(to, n); > kcsan_check_write(to, n); > } > > +/** > + * instrument_copy_from_user_after - add instrumentation after copy_from_user > + * > + * Instrument writes to kernel memory, that are due to copy_from_user (and > + * variants). The instrumentation should be inserted after the accesses. > + * > + * @to destination address > + * @from source address > + * @n number of bytes to copy > + * @left number of bytes not copied (as returned by copy_from_user) > + */ > +static __always_inline void > +instrument_copy_from_user_after(const void *to, const void __user *from, > + unsigned long n, unsigned long left) > +{ > +} > + > #endif /* _LINUX_INSTRUMENTED_H */ > diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h > index 5a328cf02b75e..da16e96680cf1 100644 > --- a/include/linux/uaccess.h > +++ b/include/linux/uaccess.h > @@ -58,20 +58,28 @@ > static __always_inline __must_check unsigned long > __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) > { > - instrument_copy_from_user(to, from, n); > + unsigned long res; > + > + instrument_copy_from_user_before(to, from, n); > check_object_size(to, n, false); > - return raw_copy_from_user(to, from, n); > + res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_after(to, from, n, res); > + return res; > } > > static __always_inline __must_check unsigned long > __copy_from_user(void *to, const void __user *from, unsigned long n) > { > + unsigned long res; > + > might_fault(); > + instrument_copy_from_user_before(to, from, n); > if (should_fail_usercopy()) > return n; > - instrument_copy_from_user(to, from, n); > check_object_size(to, n, false); > - return raw_copy_from_user(to, from, n); > + res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_after(to, from, n, res); > + return res; > } > > /** > @@ -115,8 +123,9 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) > unsigned long res = n; > might_fault(); > if (!should_fail_usercopy() && likely(access_ok(from, n))) { > - instrument_copy_from_user(to, from, n); > + instrument_copy_from_user_before(to, from, n); > res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_after(to, from, n, res); > } > if (unlikely(res)) > memset(to + (n - res), 0, res); > diff --git a/lib/iov_iter.c b/lib/iov_iter.c > index 0b64695ab632f..fe5d169314dbf 100644 > --- a/lib/iov_iter.c > +++ b/lib/iov_iter.c > @@ -159,13 +159,16 @@ static int copyout(void __user *to, const void *from, size_t n) > > static int copyin(void *to, const void __user *from, size_t n) > { > + size_t res = n; > + > if (should_fail_usercopy()) > return n; > if (access_ok(from, n)) { > - instrument_copy_from_user(to, from, n); > - n = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_before(to, from, n); > + res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_after(to, from, n, res); > } > - return n; > + return res; > } > > static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes, > diff --git a/lib/usercopy.c b/lib/usercopy.c > index 7413dd300516e..1505a52f23a01 100644 > --- a/lib/usercopy.c > +++ b/lib/usercopy.c > @@ -12,8 +12,9 @@ unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n > unsigned long res = n; > might_fault(); > if (!should_fail_usercopy() && likely(access_ok(from, n))) { > - instrument_copy_from_user(to, from, n); > + instrument_copy_from_user_before(to, from, n); > res = raw_copy_from_user(to, from, n); > + instrument_copy_from_user_after(to, from, n, res); > } > if (unlikely(res)) > memset(to + (n - res), 0, res); > -- > 2.37.0.rc0.161.g10f37bed90-goog >