| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190509091408.GA90202@gmail.com>
Date: Thu, 9 May 2019 11:14:08 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Masami Hiramatsu <mhiramat@...nel.org>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Shuah Khan <shuah@...nel.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
linux-kernel@...r.kernel.org,
Andy Lutomirski <luto@...capital.net>,
Andrew Morton <akpm@...ux-foundation.org>,
Changbin Du <changbin.du@...il.com>,
Jann Horn <jannh@...gle.com>,
Kees Cook <keescook@...omium.org>,
Andy Lutomirski <luto@...nel.org>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
Nadav Amit <namit@...are.com>,
Joel Fernandes <joel@...lfernandes.org>, yhs@...com
Subject: Re: [PATCH v7 2/6] uaccess: Add non-pagefault user-space read
functions
* Masami Hiramatsu <mhiramat@...nel.org> wrote:
> +static __always_inline long
> +probe_read_common(void *dst, const void __user *src, size_t size)
> +{
> + long ret;
> +
> + pagefault_disable();
> + ret = __copy_from_user_inatomic(dst, src, size);
> + pagefault_enable();
> +
> + return ret ? -EFAULT : 0;
> +}
Empty line before return statement: good.
> +long __weak probe_user_read(void *dst, const void __user *src, size_t size)
> + __attribute__((alias("__probe_user_read")));
> +
> +long __probe_user_read(void *dst, const void __user *src, size_t size)
> +{
> + long ret = -EFAULT;
> + mm_segment_t old_fs = get_fs();
> +
> + set_fs(USER_DS);
> + if (access_ok(src, size))
> + ret = probe_read_common(dst, src, size);
> + set_fs(old_fs);
> + return ret;
> +}
> +EXPORT_SYMBOL_GPL(probe_user_read);
No empty line before return statement: not good.
> +long strncpy_from_unsafe_user(char *dst, const void __user *unsafe_addr,
> + long count)
> +{
> + mm_segment_t old_fs = get_fs();
> + long ret;
> +
> + if (unlikely(count <= 0))
> + return 0;
> +
> + set_fs(USER_DS);
> + pagefault_disable();
> + ret = strncpy_from_user(dst, unsafe_addr, count);
> + pagefault_enable();
> + set_fs(old_fs);
> + if (ret >= count) {
> + ret = count;
> + dst[ret - 1] = '\0';
> + } else if (ret > 0)
> + ret++;
> + return ret;
> +}
Ditto. Also unbalanced curly braces.
> +
> +/**
> + * strnlen_unsafe_user: - Get the size of a user string INCLUDING final NUL.
> + * @unsafe_addr: The string to measure.
> + * @count: Maximum count (including NUL character)
> + *
> + * Get the size of a NUL-terminated string in user space without pagefault.
> + *
> + * Returns the size of the string INCLUDING the terminating NUL.
These phrases exist:
'Terminating NULL'
'NULL character'
And we also sometimes talk about 'nil' - but I don't think there's such
thing as a 'NUL character'?
I realize that this was probably cloned from existing lib/strnlen_user.c
code, but still. ;-)
> + *
> + * If the string is too long, returns a number larger than @count. User
> + * has to check the return value against "> count".
> + * On exception (or invalid count), returns 0.
> + *
> + * Unlike strnlen_user, this can be used from IRQ handler etc. because
> + * it disables pagefaults.
'can be used from IRQ handlers'
> + */
> +long strnlen_unsafe_user(const void __user *unsafe_addr, long count)
> +{
> + mm_segment_t old_fs = get_fs();
> + int ret;
> +
> + set_fs(USER_DS);
> + pagefault_disable();
> + ret = strnlen_user(unsafe_addr, count);
> + pagefault_enable();
> + set_fs(old_fs);
> + return ret;
> +}
Same problem as before.
Thanks,
Ingo
Powered by blists - more mailing lists