Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp315550lql; Mon, 11 Mar 2024 03:48:13 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUdx3HWHptcQVGFjEEGgNMWYTjS0OmWDwigZfkpV2o4ZIA2d4i6nRsH9j1WKIwtIz4ftPO0ABSSI9w/oIyPcKo1g4cSXrleztrjT3ZWlQ== X-Google-Smtp-Source: AGHT+IFMQnT4HABPVIkzCz4LS04yUySwrb3TDEOjKXTUew6Jc//TlOtgLrz9Kk9GGL37O88pPdSb X-Received: by 2002:a05:622a:1b9f:b0:42f:1428:39db with SMTP id bp31-20020a05622a1b9f00b0042f142839dbmr8573347qtb.47.1710154093356; Mon, 11 Mar 2024 03:48:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710154093; cv=pass; d=google.com; s=arc-20160816; b=RF7/W0dyoF4B36TmyvmZigchx2r6xbRqHU4W1nNbP5paOmPlQr1cBV/EkSlAKQ62RK Xj/nlvfrVZDKEvAfttqjaRTBOd87W+IW5xbsRBTiHMGtG9VaDg+xd89CCI/9yZxNCbh1 lROlE9ip1a7KmDxhwROlBsx2H/MVDAtOjgBLpA8yywN/TNC7Fu/pXKHOUjIu7jWPaXvn lc2dGvYuo8bxp4rdtPyGcbjeK17f6byJ7168RJwusW7GN4QJYzhjzj0Lkj0hB5rB5d00 ZnMIXgBASVxixv4squPoznL2uv+6CHQ/6ieGQSOTMa4BT+WxnlL6oTdOokWBJcXxKALL l2gg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=QK7N3wvRNuxt3Md31RNENpTO88LXLvO1cHfykZ9Cy8A=; fh=guoJRZ+yaWfb04SXeqJ2j/1gasHugeQW07tKdeYniVM=; b=v/A9ekaABE2eNQVOpQOitfmFMPtKgmLodh4OAUbxWSBFxkGRJF1tODL3AzZfUxpALp nzub04aAsD+nv4T7JR8Nc9j6YypgacmeLb3bj3rCoJMI6/XuRCBlXeXZFH4z1QE8fkeq y0FiOhi1hHZrdJpYC+5tG4ZptizfftgzHls7DGloijo3apsCNLIXuZZVIq85k6bPT1sN o1LlzhqBYC9lSl7Qd7YTEs0z1sVfuzBTNXk0/g+pRlR0wkLXBPL7Pw+AlESQeN3FZ4IP f+zP7XK6frrbF2ZnylFZy6cWMzwzzSMR4k1XOPu6agfv9QR/orlgnOYCEcPIXN2L/RdX P6TQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=WL+V9EGM; arc=pass (i=1 spf=pass spfdomain=flex--aliceryhl.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-98717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98717-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id q17-20020a05622a04d100b0042ef99468bfsi5136759qtx.230.2024.03.11.03.48.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 03:48:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-98717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=WL+V9EGM; arc=pass (i=1 spf=pass spfdomain=flex--aliceryhl.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-98717-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98717-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id DFA4F1C21509 for ; Mon, 11 Mar 2024 10:48:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6BF643BB24; Mon, 11 Mar 2024 10:47:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WL+V9EGM" Received: from mail-lj1-f202.google.com (mail-lj1-f202.google.com [209.85.208.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4534374CF for ; Mon, 11 Mar 2024 10:47:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710154050; cv=none; b=jgRXkTjz5ZFoCYYbGTLtOmTJSoiyl9e8uwV/XVOAVCKdhiI5ffQKj34uH6MZSiNzLVwqF8nZjVTV7duVQ9uiaOIlNYk9ZZsRAAfdm3Xf+hBzHkuyM5i41AcYsmgvzrgW5sMySN/XycnqTKCFhU/FnH2344PIvygXaOfPxtbssDQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710154050; c=relaxed/simple; bh=wmuCL83UBR6TYf+x9z8Idn6vDuRVMYiqC4cmyq6jAlM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=eSl0aHT0uFABHF9PMTRKiqzHtTvNvXUEWqTGWrSKsIhpaGb65XjfU/GlR5SpVRECElje6FvLYQMDMTxiH6A/jldagv7eFxpZNelqjw4FD/7aqSM6SPeyI73gQzUv97sRZQ7FFkZdXauAVvIpbU5+Eiw2WQOuxHH1BsFEx3VuCfY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WL+V9EGM; arc=none smtp.client-ip=209.85.208.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com Received: by mail-lj1-f202.google.com with SMTP id 38308e7fff4ca-2d449d2d9bdso498841fa.2 for ; Mon, 11 Mar 2024 03:47:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710154047; x=1710758847; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=QK7N3wvRNuxt3Md31RNENpTO88LXLvO1cHfykZ9Cy8A=; b=WL+V9EGMU/KL9yYMO+1+PKIYBfcTrE01/5EE/XYMx9gbIeBhAFeHKDYfMA7gzDGiKq ljuwQbFMFHhWjbGIFbODyD+x2lxzTz8QQ1M8VkOCYKsrRtLtc5zT22x1uJrt93D19qvF NhgmTnIWNj+88Vbw4xB7YoZX/VEmpot5e2hyPdKF3J9a4naUfLUOZ44RolbvVP3PNRYN sah/JwhSS01gZ6PApT8KvfAeIGPtvyHEdE3SYHh/iUsqW+0gC25tBe2s0zoEcVxvpE/x RTW9iX6wF1vstdDew+XUk7xL1Aj7+eW4IZh5YsJonKVmR9F79GISLooDW0lqVzOMUkln crQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710154047; x=1710758847; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QK7N3wvRNuxt3Md31RNENpTO88LXLvO1cHfykZ9Cy8A=; b=ANgX1+Z3v3V+wqa1Bed802yx1z6pl6NNZ6j89fo7P/YnJ2HdDDOvkrrNtRFtPAExV5 Uz9F2zBx8TsNEBBiRgKAvVk8uiBFpSGrlHELI/KiAk58uC6WlS7MeaS4/3ym2jjA2x9Z yvtjUelwCj7aosYPW/mLJwQhJsC5cU2SZRxff9RheXCe9eN+ANVxQZ/DmVoomhFhy4N4 3/vbTxMDVE2XSfWv4ESrKyCB2Y8Je1QsMcvvzXxJx3OIu80Ba7eX/5T03DbahfZ6mp6Q rCQeoOXkwG2b7isjmF2iDapjtthBOsYByTQ9hehAiclzcJdwmvVv3RZKavmX9Fr7adZM fZGg== X-Forwarded-Encrypted: i=1; AJvYcCXAHmb1lVoimZULPE2JzMHFQDeYJtqfPo8PChOwUtmHGPDlmj2V8PfJz/p4/RK0GJV1/qOTKDvHbZaVCHA29N2MiNb75riG4/I41hfG X-Gm-Message-State: AOJu0YxxSqXyT1M32cGNe2XJzn3R2gLnLD9i0xJkPNukyYIqW2qAlM1j 7HYBhH4ZpglIpqi5iLIwsYFrDTbwcoVBMyDLcW0EMm3jjdHcJS0sov+P4Wx6MFX9uB6S1dvlody dIFaRPwAAFvcDBQ== X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a2e:98d7:0:b0:2d2:39e3:4177 with SMTP id s23-20020a2e98d7000000b002d239e34177mr5921ljj.3.1710154046386; Mon, 11 Mar 2024 03:47:26 -0700 (PDT) Date: Mon, 11 Mar 2024 10:47:14 +0000 In-Reply-To: <20240311-alice-mm-v3-0-cdf7b3a2049c@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240311-alice-mm-v3-0-cdf7b3a2049c@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=5026; i=aliceryhl@google.com; h=from:subject:message-id; bh=pHnbSUxra5e5H6zBKTRnUbpLhZzdUBojHIfp+nyvk+Y=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBl7uE0j1KsTCtMubuFNvEOo6APsxvUwA1hJoBnz QHXFmedNU6JAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZe7hNAAKCRAEWL7uWMY5 Rp+KD/4qOeDNNJqVjqc6H7KB4hwApHbA5wPeaWMEUeFX/cw2NlzyLJPdERRCiqZLQ/cEdsHg7Wz gZUXgev5Z21/0QAeen5iqImCU0oknimN4IowfaMXghclnRg6AI95WZr+YSDOfUTInGLsjVeR5X4 D2yQCZ22UtLTRbmz3aVcRLkUAFDTMyzKjj0uQQysx92PKlM62qwFpJyHgf1VYYl+tU9FOK2prQ4 X5m6OeKp9sz7tZJ64BNvj9wFCrVHbeYZmu3X1gEIPtj0YuUGtylFF3hNNZX4PWb27YBqgTh/jsv uLj1a8kBx+HN66qwceF7EVW40qHUqlJYvF8kByf0Qd6lOo61FxBRRXrfhE+GFkdgK1uRDRenjpJ gfIqSvdgqx9JClXUqQgS6U8txVmMCWErdT3wSkzhop3wNLdA4q0eZlTnTHQVtuofBhbnbjr9NvE BgApEvdQxYtNmjEDWS3zH/GG18kLfHqArvpraRws98F4n0PVY22Dg1RuifPFihc9um3lqpoto0K cdMmSF6mMo4HSZx1wq+r/PURWdB2rlvRbt6q8sLZ5xWK1NorgXqXs8w9gqad76yCV5byjmGMGqC ULKm+giotJR8S6iaAvd0PFjxeKoz5R9iOobOCUZFg4UQsrn890ASHToXImx92uLM1+kCe1HYXEH Pw8yHaDClkwD+iQ== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240311-alice-mm-v3-2-cdf7b3a2049c@google.com> Subject: [PATCH v3 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook Cc: Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , "=?utf-8?q?Bj=C3=B6rn_Roy_Baron?=" , Benno Lossin , Andreas Hindborg , Greg Kroah-Hartman , "=?utf-8?q?Arve_Hj=C3=B8nnev=C3=A5g?=" , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Alice Ryhl , Christian Brauner Content-Type: text/plain; charset="utf-8" From: Arnd Bergmann Rust code needs to be able to access _copy_from_user and _copy_to_user so that it can skip the check_copy_size check in cases where the length is known at compile-time, mirroring the logic for when C code will skip check_copy_size. To do this, we ensure that exported versions of these methods are available when CONFIG_RUST is enabled. Alice has verified that this patch passes the CONFIG_TEST_USER_COPY test on x86 using the Android cuttlefish emulator. Signed-off-by: Arnd Bergmann Tested-by: Alice Ryhl Signed-off-by: Alice Ryhl --- include/linux/uaccess.h | 38 ++++++++++++++++++++++++-------------- lib/usercopy.c | 30 ++++-------------------------- 2 files changed, 28 insertions(+), 40 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 3064314f4832..2ebfce98b5cc 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -5,6 +5,7 @@ #include #include #include +#include #include #include @@ -138,13 +139,18 @@ __copy_to_user(void __user *to, const void *from, unsigned long n) return raw_copy_to_user(to, from, n); } -#ifdef INLINE_COPY_FROM_USER static inline __must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) +_inline_copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { + /* + * Ensure that bad access_ok() speculation will not + * lead to nasty side effects *after* the copy is + * finished: + */ + barrier_nospec(); instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); instrument_copy_from_user_after(to, from, n, res); @@ -153,14 +159,11 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) memset(to + (n - res), 0, res); return res; } -#else extern __must_check unsigned long _copy_from_user(void *, const void __user *, unsigned long); -#endif -#ifdef INLINE_COPY_TO_USER static inline __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned long n) +_inline_copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); if (should_fail_usercopy()) @@ -171,25 +174,32 @@ _copy_to_user(void __user *to, const void *from, unsigned long n) } return n; } -#else extern __must_check unsigned long _copy_to_user(void __user *, const void *, unsigned long); -#endif static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - if (check_copy_size(to, n, false)) - n = _copy_from_user(to, from, n); - return n; + if (!check_copy_size(to, n, false)) + return n; +#ifdef INLINE_COPY_FROM_USER + return _inline_copy_from_user(to, from, n); +#else + return _copy_from_user(to, from, n); +#endif } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - if (check_copy_size(from, n, true)) - n = _copy_to_user(to, from, n); - return n; + if (!check_copy_size(from, n, true)) + return n; + +#ifdef INLINE_COPY_TO_USER + return _inline_copy_to_user(to, from, n); +#else + return _copy_to_user(to, from, n); +#endif } #ifndef copy_mc_to_kernel diff --git a/lib/usercopy.c b/lib/usercopy.c index d29fe29c6849..de7f30618293 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -7,40 +7,18 @@ /* out-of-line parts */ -#ifndef INLINE_COPY_FROM_USER +#if !defined(INLINE_COPY_FROM_USER) || defined(CONFIG_RUST) unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long res = n; - might_fault(); - if (!should_fail_usercopy() && likely(access_ok(from, n))) { - /* - * Ensure that bad access_ok() speculation will not - * lead to nasty side effects *after* the copy is - * finished: - */ - barrier_nospec(); - instrument_copy_from_user_before(to, from, n); - res = raw_copy_from_user(to, from, n); - instrument_copy_from_user_after(to, from, n, res); - } - if (unlikely(res)) - memset(to + (n - res), 0, res); - return res; + return _inline_copy_from_user(to, from, n); } EXPORT_SYMBOL(_copy_from_user); #endif -#ifndef INLINE_COPY_TO_USER +#if !defined(INLINE_COPY_TO_USER) || defined(CONFIG_RUST) unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - might_fault(); - if (should_fail_usercopy()) - return n; - if (likely(access_ok(to, n))) { - instrument_copy_to_user(to, from, n); - n = raw_copy_to_user(to, from, n); - } - return n; + return _inline_copy_to_user(to, from, n); } EXPORT_SYMBOL(_copy_to_user); #endif -- 2.44.0.278.ge034bb2e1d-goog