Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp7106857rdb; Fri, 15 Dec 2023 19:38:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IFQzk5TJHU/aWkAEwYisvvNgA7xsvig2MuMTmYLVX702tyeP0O44eqAg4Lp8Q68M6BkeJ9k X-Received: by 2002:a05:6808:2f0a:b0:3b5:9724:9687 with SMTP id gu10-20020a0568082f0a00b003b597249687mr21254275oib.1.1702697934462; Fri, 15 Dec 2023 19:38:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702697934; cv=none; d=google.com; s=arc-20160816; b=zUnoSxijNRRJka3XFxsAxgHJEu6YnPlP2OyMOtnbJHDFwtMKwHOfI5kRjGRVF2fysm WNKvk8ZkuTx/+yLldn239LDlOp3uvWoct92d4wUFV56iAHsrMw5+/oxgorOqDAz2agn4 VcC+mzmzuBYamEsIW6pcqZzLqsL4wh07v6rJOPDflyeY2R9y8ZtEDnwqWRn1TzLrFcSV S8qNZf9VAMMyHOfgFhKDkb03hkixaKffCPKflqRO+ICh73pNO94GQodKMTL6ihFt8oLV XK55Hu97SUT11r11Bdsh3t3zs3lUD/daq8drqhC0OUgrlit+l1LlUUvubk+TdQqjYwMl 08ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=vu1t9phxzTSXpH+NH5TjLwnssQckaKv/rd6AdxtJ6QU=; fh=vHhjxHftTECn/hRvIWNlq1eDzDsn74Roqz0kmRcPgcE=; b=US9A2caNKaXOjc8Q/d8NxXM0X23cmVjwzikovXvSlRN0PAYZKuzEsD7s9cPhRSdnal R2FOUDN8ZSBZ5qT+yXACdUFsS2Yn4ZSYVdmjVMNmpbxiovMFcEiDYV2DdFP4g86Z/1An is2qt/2wrKJhFqOwtOMNv5MeSie78GVBEAAX6zj85g/kVvOK0VIh3Dxyh0kWBdF9DlqF E/k5W5wwxvdwXVAz7RLXUjObkgmqVCu0/RBhodFrnE9vAdFovIXsvGXfbGyHWAQbbuw+ FEzN6v+5SXGCYoYzA5pcfyeDksUmjvjcrIFkGmQLrgiQ4KScES63vTzx2KwhwSzISN1G MHNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=k2LqHjje; spf=pass (google.com: domain of linux-kernel+bounces-2026-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2026-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id a17-20020a656411000000b005c692162984si13935884pgv.666.2023.12.15.19.38.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Dec 2023 19:38:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-2026-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=k2LqHjje; spf=pass (google.com: domain of linux-kernel+bounces-2026-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2026-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 190E1287B94 for ; Sat, 16 Dec 2023 03:38:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1AFA812E4D; Sat, 16 Dec 2023 03:36:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="k2LqHjje" X-Original-To: linux-kernel@vger.kernel.org Received: from out-181.mta1.migadu.com (out-181.mta1.migadu.com [95.215.58.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2168ED532 for ; Sat, 16 Dec 2023 03:36:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1702697769; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vu1t9phxzTSXpH+NH5TjLwnssQckaKv/rd6AdxtJ6QU=; b=k2LqHjjeXyWQcZtEDT3qPwqJuVwSn31XJPGOmS7I+9BpmD0M3wsbYtMoHVlHz4TYub/KKS DPM8Vz6e/Sk8rDIrenfyToVzwzlhXYIAl5YUo7wyNEGYRA0OZmX/Ixpt2NvbKJDE+mxSRw Xhh1YWwCbg1cSQ6BMyxwdiNZZiGXZS4= From: Kent Overstreet To: linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org Cc: Kent Overstreet , tglx@linutronix.de, x86@kernel.org, tj@kernel.org, peterz@infradead.org, mathieu.desnoyers@efficios.com, paulmck@kernel.org, keescook@chromium.org, dave.hansen@linux.intel.com, mingo@redhat.com, will@kernel.org, longman@redhat.com, boqun.feng@gmail.com, brauner@kernel.org Subject: [PATCH 47/50] thread_info, uaccess.h: Move HARDENED_USERCOPY to better location Date: Fri, 15 Dec 2023 22:35:48 -0500 Message-ID: <20231216033552.3553579-4-kent.overstreet@linux.dev> In-Reply-To: <20231216033552.3553579-1-kent.overstreet@linux.dev> References: <20231216024834.3510073-1-kent.overstreet@linux.dev> <20231216033552.3553579-1-kent.overstreet@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT thread_info.h is needed by sched.h, and we're trying to slim down dependencies there - bug.h is a big one. And the HARDENED_USERCOPY stuff is used in uaccess.h, so it makes more sense there anyways. Signed-off-by: Kent Overstreet --- include/linux/thread_info.h | 49 ------------------------------------- include/linux/uaccess.h | 49 +++++++++++++++++++++++++++++++++++++ include/linux/uio.h | 2 +- 3 files changed, 50 insertions(+), 50 deletions(-) diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index 9ea0b28068f4..85d99c556cb5 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -10,7 +10,6 @@ #include #include -#include #include #include @@ -204,54 +203,6 @@ static inline int arch_within_stack_frames(const void * const stack, } #endif -#ifdef CONFIG_HARDENED_USERCOPY -extern void __check_object_size(const void *ptr, unsigned long n, - bool to_user); - -static __always_inline void check_object_size(const void *ptr, unsigned long n, - bool to_user) -{ - if (!__builtin_constant_p(n)) - __check_object_size(ptr, n, to_user); -} -#else -static inline void check_object_size(const void *ptr, unsigned long n, - bool to_user) -{ } -#endif /* CONFIG_HARDENED_USERCOPY */ - -extern void __compiletime_error("copy source size is too small") -__bad_copy_from(void); -extern void __compiletime_error("copy destination size is too small") -__bad_copy_to(void); - -void __copy_overflow(int size, unsigned long count); - -static inline void copy_overflow(int size, unsigned long count) -{ - if (IS_ENABLED(CONFIG_BUG)) - __copy_overflow(size, count); -} - -static __always_inline __must_check bool -check_copy_size(const void *addr, size_t bytes, bool is_source) -{ - int sz = __builtin_object_size(addr, 0); - if (unlikely(sz >= 0 && sz < bytes)) { - if (!__builtin_constant_p(bytes)) - copy_overflow(sz, bytes); - else if (is_source) - __bad_copy_from(); - else - __bad_copy_to(); - return false; - } - if (WARN_ON_ONCE(bytes > INT_MAX)) - return false; - check_object_size(addr, bytes, is_source); - return true; -} - #ifndef arch_setup_new_exec static inline void arch_setup_new_exec(void) { } #endif diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 3064314f4832..3e93ee64d6f8 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -2,6 +2,7 @@ #ifndef __LINUX_UACCESS_H__ #define __LINUX_UACCESS_H__ +#include #include #include #include @@ -32,6 +33,54 @@ }) #endif +#ifdef CONFIG_HARDENED_USERCOPY +extern void __check_object_size(const void *ptr, unsigned long n, + bool to_user); + +static __always_inline void check_object_size(const void *ptr, unsigned long n, + bool to_user) +{ + if (!__builtin_constant_p(n)) + __check_object_size(ptr, n, to_user); +} +#else +static inline void check_object_size(const void *ptr, unsigned long n, + bool to_user) +{ } +#endif /* CONFIG_HARDENED_USERCOPY */ + +extern void __compiletime_error("copy source size is too small") +__bad_copy_from(void); +extern void __compiletime_error("copy destination size is too small") +__bad_copy_to(void); + +void __copy_overflow(int size, unsigned long count); + +static inline void copy_overflow(int size, unsigned long count) +{ + if (IS_ENABLED(CONFIG_BUG)) + __copy_overflow(size, count); +} + +static __always_inline __must_check bool +check_copy_size(const void *addr, size_t bytes, bool is_source) +{ + int sz = __builtin_object_size(addr, 0); + if (unlikely(sz >= 0 && sz < bytes)) { + if (!__builtin_constant_p(bytes)) + copy_overflow(sz, bytes); + else if (is_source) + __bad_copy_from(); + else + __bad_copy_to(); + return false; + } + if (WARN_ON_ONCE(bytes > INT_MAX)) + return false; + check_object_size(addr, bytes, is_source); + return true; +} + /* * Architectures should provide two primitives (raw_copy_{to,from}_user()) * and get rid of their private instances of copy_{to,from}_user() and diff --git a/include/linux/uio.h b/include/linux/uio.h index b6214cbf2a43..084262b68106 100644 --- a/include/linux/uio.h +++ b/include/linux/uio.h @@ -6,7 +6,7 @@ #define __LINUX_UIO_H #include -#include +#include #include #include -- 2.43.0