| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Dec 2017 13:40:40 -0800
From: Alexander Kappner <agk@...king.net>
To: linux-kernel@...r.kernel.org
Cc: viro@...iv.linux.org.uk, torvalds@...uxfoundation.org
Subject: uaccess.h: implement unsafe_copy_{to,from}_user()?
Commit 5b24a7a2aa2040c8c50c3b71122901d01661ff78 introduced the
unsafe_get_user and unsafe_put_user replacement functions for batched calls
to put_user and get_user. I'm trying to make the kernel smaller and reduce
stac/clac overhead on x86 by substituting the new functions for such
batched calls. But there's no corresponding unsafe_copy_to_user()
or unsafe_copy_from_user() functions to copy an arbitrary-sized buffer to
and from userspace without calling access_ok and __uaccess_begin/end.
I know that the matter of replacing these uaccess functions has been
discussed at length (see https://lkml.org/lkml/2017/5/13/134), so before I
started hacking away implementing new unsafe_copy_{to,from}_user functions,
I wanted to ask if a solution to this is already being worked on or if
there's some way of accomplishing this goal without new functions.
To illustrate, here's a batched function call (from fs/fat/dir.c):
if (put_user(0, d2->d_name) ||
put_user(0, &d2->d_reclen) ||
copy_to_user(d1->d_name, name, name_len) ||
// etc...
goto efault;
This should read:
if (!access_ok(VERIFY_WRITE, d1, 2*sizeof(*infop))
goto efault;
user_access_begin();
unsafe_put_user(0, d2->d_name, efault)
unsafe_put_user(0, &d2->d_reclen, efault)
unsafe_copy_to_user(d1->d_name, name, name_len, efault); // we don't have
// this function
// etc...
user_access_end();
Thanks.
Powered by blists - more mailing lists