Received: by 2002:ab2:7a55:0:b0:1f4:4a7d:290d with SMTP id u21csp2022lqp; Thu, 4 Apr 2024 05:41:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW1n0CYbNtkvH+wKNLkYQj96eHM8hFWm1R1aAU3Lqg1qGgujlHX+fCg6/91WPTBd2SIiqdf64GPBc7sCsMaGAxI+pvwZ3eR3guhPbCQDQ== X-Google-Smtp-Source: AGHT+IGAb24dIBavNwoakWCa+ffuRrC9BdhNo4+9HP9/vXtRTX1MiBa62se8ecIys7XDeLkNnmuu X-Received: by 2002:a05:6a20:9681:b0:1a3:6364:bd10 with SMTP id hp1-20020a056a20968100b001a36364bd10mr2101495pzc.49.1712234487340; Thu, 04 Apr 2024 05:41:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712234487; cv=pass; d=google.com; s=arc-20160816; b=eUU8C7PnezE51/vM0ow37wyLWJyBZJBGwoCKA+tgj9n2FvmoqtdPhaBfSinAOABchO UPgG73WWXpMOKn5VLGpkRIknjJB22UAeWV1dHA4R5jLLPpR3KYRLXch/BvxYlXM1k3t1 gQLfgglSys9POtQfcO1+YbvfdDKvqg8TVtL8bT59CXK7v5KRgSx/gMZXBy6DxbBa5b5V 4pIXqntr6uOIn93Ahnk4+/f2aoMe5d1gUTEuh9raUn1wz59FNzQI597HnMnXWFg3JcOm gYqLLyHwxvsX9aQd8wnDHAr13E+0F3mqMJ8eI+hMMtDo9ewL0cUroLIGUPm1dO2+ov2g vRJw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=XerkH2ynkf1vxp+fsqJ0qN8AZG46ak50/ECqEN32U0w=; fh=UMmOv+HPp+0WXaGnrOM7W1DWllHM1FaXzNzmm8gGfJ0=; b=K5VRBqStn+aQ7yAqONQ/NG5nPvo3QgQTsr4/yD1v7qPeVQ1iVNng1U0Ua5kXu+URae XX8GJJFtKq/6+NS6t+H58L2yWq38/tGnFCQqkwFVsja+pWUYTQg0Ni2u2PdZoYP5eMwx AJl+YxlScElTqJlG8mbKD0lNMUlSQV2xbFS6PBQQenJ+kRkZeGnRIgSG0OtjvJQUsvzF D60vjQA4IfiYyqmErbfoPR8H2P7sE8qa14/OcYQIjlSqg45TerEYVQWSXursPnaWcUYY hPYEyWJuYmy62L40GodZts6+3PK6wtsr+qQE853VFg3tgnjxK6Jcl1Y519135mISAVFs cBLQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qLRtS9i+; arc=pass (i=1 spf=pass spfdomain=flex--aliceryhl.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-131438-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131438-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id a1-20020a63e841000000b005e84426a174si14970839pgk.397.2024.04.04.05.41.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 05:41:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-131438-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=qLRtS9i+; arc=pass (i=1 spf=pass spfdomain=flex--aliceryhl.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-131438-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131438-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 927FA291BB2 for ; Thu, 4 Apr 2024 12:36:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D4358129A99; Thu, 4 Apr 2024 12:32:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qLRtS9i+" Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1FCE9128832 for ; Thu, 4 Apr 2024 12:32:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712233930; cv=none; b=U6EEQeleFWsmSMQ2CcwMKaOchxQvZFBwcdxIag67dRdWBHyhdwbqci1FgyA3uHE9BAbWsg41rQyYcryG3iTJDAaPRn+0dupKMKHd6qh+x0PkAWCHAxFE1z8XSFJAJnP06Y+aH9F2uPydtSdcCiHpLIy25ESFoxl/k4WF6qobEgk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712233930; c=relaxed/simple; bh=LCmFZdYF/+l0SVNHm/nDN6l6wTxTp1jhws0CkfXtePw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FfTlwvZCC+5S2izSjHZNyoU+c++KslnQYpbwAxOMskfS4Q1k1IF1KBI1OdNrGy378Cy9BvIaBiwVKndsZJjXIEpH4ckeQJDYG1n27hbBC4bsF8xvNHJWSD74yU5aJzwSRt9KhtuzlIYSlJKpwdLw7pQ5CvZlQpVjuQVZk3EWMoQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qLRtS9i+; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-60cbba6f571so15540257b3.1 for ; Thu, 04 Apr 2024 05:32:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712233928; x=1712838728; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XerkH2ynkf1vxp+fsqJ0qN8AZG46ak50/ECqEN32U0w=; b=qLRtS9i+Hpp3AoAJ9P2S6a9WNwWXQK5PdQigQeMkN8KusBsDj7EcoA9T0YPt2lp8QU jXUMmkHlLAIcYLgE7rEDbZh9unUgPCdg/G40G6rOIRVm9RlLbhri7HOgPuh0ByLmC1kX 75tSZjjLwVztrhqlm5U08SlCVJMPRR7ffS65xhGEWxxLHYzTjonFCsYEn9Hbmg3gvFPT s8FAYEFgyw5kJkeK3MVDp/dhe9tJ0MOpaCUwliqVR2oWjo131F80d3b69XPYRkE4ISSd uswnYKPaBpNdBxRk+clQUa7OdmtEvMOet8obX3s5SHB4Ak83PKmonXnw2md4+XFr1aDB TwVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712233928; x=1712838728; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XerkH2ynkf1vxp+fsqJ0qN8AZG46ak50/ECqEN32U0w=; b=pY+VvhStpGxtTRjVTphL5lhFZun/AhqFCYXjSDBm6rd0/0wKchR6Nk0M8Zh0OhJXbA 9gmVqkxRWDQgqGzq4YxgAUFkeW2znENTo5c1riO7xhyxZy9Rt3xx3E0emN4WBQ+fSTV0 PH4/fa+c4U51F3FlukAnB4ZIF8C16/r2YpHqR3yjQtgmK/kh+HifwhDNen0xH/+9+67y 9m6EmEUT8FQF0TI9Zjnwff9YlXOGTX0/SUvaPEmMe+p4DW4u2580qL4JWx1j74RT4FmJ jy0yAoon6PbJPXeq4NBlvw2pWRhAGbjozOSxYLP3WFjvuvV6b/9ab7wV/9R6/McHViO4 y3SQ== X-Forwarded-Encrypted: i=1; AJvYcCWmRokNquwOZ+RsEYHapoGFCPlBOOup/tYDNn805ThwpTTCPp2hJ6LmvP0yBlV9Pi3vAnqQy1BuQZUFUzBGTL+321xZ/D2onRaRrWQ0 X-Gm-Message-State: AOJu0YylARL9XdsPoFPUO7dpHBwjqRATKj/OLcg54Dkz017A/lASPPVu Xx9Z4YABEXv8pLGL9lkTk7R6qC3KJ9JaDb1VmwFvGP892ZkaLbv8ey7hlb4opML2EIOHwZeSYQ7 WMJizIvWxT6PsXQ== X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:6902:124a:b0:dc2:1f34:fac4 with SMTP id t10-20020a056902124a00b00dc21f34fac4mr708607ybu.2.1712233928129; Thu, 04 Apr 2024 05:32:08 -0700 (PDT) Date: Thu, 04 Apr 2024 12:31:40 +0000 In-Reply-To: <20240404-alice-mm-v4-0-49a84242cf02@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240404-alice-mm-v4-0-49a84242cf02@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=5074; i=aliceryhl@google.com; h=from:subject:message-id; bh=fSgHfw/zkWrxiL7qQcuIRBGXo9AsMjuelkCO78cyAIg=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBmDp2+8k+koOL0GcIB850DW3ouuJxGlPR2MopoO q15ulz7hZOJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZg6dvgAKCRAEWL7uWMY5 RgjkEACUB3R7Sn1Mx7xhemoU2eWMaNTf+LDF5Kpe7cqJ9xnqMJgUM7WKETGwNBOqbI3f/iZTFjx aiQywDbimWtwIc1Drme1GlbihXwW0ut7WIvv+XyiIlfzJ6zyEg43G6KnkHgFJrDQNJUJasQnF1U rZ8fqDaarX/EyfixSMWxDOy5iBCJUUB9TejXbUP3TN8pM+eeWUcDj2Ri75ZLBBRyj0ZFHmNT+Rk CsyqnI08i6aYsXalL/ZbGJcbr5ZzMh9FHkY7WbwlX9kViCto4ryG5uD/OT/XqJhjfDSeoroEtpF 0Pow3pGanpm1TogMELV6Al/8AYQxB2Ohtkto9Sraez/KsIwnHLWZUn7wy/Fy1122vwqDEDshM+a 9ZnHdbaYeepLUl07i5fbfQJF+vspuYl4Vlw0Vy6wKf92sanv7LX0Ea51dK3p9t5ISZSCj+fu2po UKW8atf6Zd61GG+mkP56/s6RoAmb8FkFETpVa1TJr5E2AK08IaccRyTuge6riMTD3pco/tngGqK gUbxYKsknZcq6egCRWt2fr/ghJggswWqRlYTMwQfkqZbRxngZACZ4spgLjMfBhj/czoN1673bJ4 GtDQCFA/FKvHXtKYpNaZPEbk0+O9ra4aNzGotNcsoVvFItYdR848PwQRYv2eh1kDTlnl46aFWAM NDdJ1cG5xmBxfGw== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240404-alice-mm-v4-2-49a84242cf02@google.com> Subject: [PATCH v4 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook Cc: Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , "=?utf-8?q?Bj=C3=B6rn_Roy_Baron?=" , Benno Lossin , Andreas Hindborg , Greg Kroah-Hartman , "=?utf-8?q?Arve_Hj=C3=B8nnev=C3=A5g?=" , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Alice Ryhl , Christian Brauner Content-Type: text/plain; charset="utf-8" From: Arnd Bergmann Rust code needs to be able to access _copy_from_user and _copy_to_user so that it can skip the check_copy_size check in cases where the length is known at compile-time, mirroring the logic for when C code will skip check_copy_size. To do this, we ensure that exported versions of these methods are available when CONFIG_RUST is enabled. Alice has verified that this patch passes the CONFIG_TEST_USER_COPY test on x86 using the Android cuttlefish emulator. Signed-off-by: Arnd Bergmann Tested-by: Alice Ryhl Reviewed-by: Boqun Feng Signed-off-by: Alice Ryhl --- include/linux/uaccess.h | 38 ++++++++++++++++++++++++-------------- lib/usercopy.c | 30 ++++-------------------------- 2 files changed, 28 insertions(+), 40 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 3064314f4832..2ebfce98b5cc 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -5,6 +5,7 @@ #include #include #include +#include #include #include @@ -138,13 +139,18 @@ __copy_to_user(void __user *to, const void *from, unsigned long n) return raw_copy_to_user(to, from, n); } -#ifdef INLINE_COPY_FROM_USER static inline __must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) +_inline_copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { + /* + * Ensure that bad access_ok() speculation will not + * lead to nasty side effects *after* the copy is + * finished: + */ + barrier_nospec(); instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); instrument_copy_from_user_after(to, from, n, res); @@ -153,14 +159,11 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) memset(to + (n - res), 0, res); return res; } -#else extern __must_check unsigned long _copy_from_user(void *, const void __user *, unsigned long); -#endif -#ifdef INLINE_COPY_TO_USER static inline __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned long n) +_inline_copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); if (should_fail_usercopy()) @@ -171,25 +174,32 @@ _copy_to_user(void __user *to, const void *from, unsigned long n) } return n; } -#else extern __must_check unsigned long _copy_to_user(void __user *, const void *, unsigned long); -#endif static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - if (check_copy_size(to, n, false)) - n = _copy_from_user(to, from, n); - return n; + if (!check_copy_size(to, n, false)) + return n; +#ifdef INLINE_COPY_FROM_USER + return _inline_copy_from_user(to, from, n); +#else + return _copy_from_user(to, from, n); +#endif } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - if (check_copy_size(from, n, true)) - n = _copy_to_user(to, from, n); - return n; + if (!check_copy_size(from, n, true)) + return n; + +#ifdef INLINE_COPY_TO_USER + return _inline_copy_to_user(to, from, n); +#else + return _copy_to_user(to, from, n); +#endif } #ifndef copy_mc_to_kernel diff --git a/lib/usercopy.c b/lib/usercopy.c index d29fe29c6849..de7f30618293 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -7,40 +7,18 @@ /* out-of-line parts */ -#ifndef INLINE_COPY_FROM_USER +#if !defined(INLINE_COPY_FROM_USER) || defined(CONFIG_RUST) unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long res = n; - might_fault(); - if (!should_fail_usercopy() && likely(access_ok(from, n))) { - /* - * Ensure that bad access_ok() speculation will not - * lead to nasty side effects *after* the copy is - * finished: - */ - barrier_nospec(); - instrument_copy_from_user_before(to, from, n); - res = raw_copy_from_user(to, from, n); - instrument_copy_from_user_after(to, from, n, res); - } - if (unlikely(res)) - memset(to + (n - res), 0, res); - return res; + return _inline_copy_from_user(to, from, n); } EXPORT_SYMBOL(_copy_from_user); #endif -#ifndef INLINE_COPY_TO_USER +#if !defined(INLINE_COPY_TO_USER) || defined(CONFIG_RUST) unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - might_fault(); - if (should_fail_usercopy()) - return n; - if (likely(access_ok(to, n))) { - instrument_copy_to_user(to, from, n); - n = raw_copy_to_user(to, from, n); - } - return n; + return _inline_copy_to_user(to, from, n); } EXPORT_SYMBOL(_copy_to_user); #endif -- 2.44.0.478.gd926399ef9-goog