| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2715792c-eb10-eeb8-3d49-24486abe953b@csgroup.eu>
Date: Fri, 3 Sep 2021 10:56:14 +0200
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>,
linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH v2 3/5] signal: Add unsafe_copy_siginfo_to_user()
Le 02/09/2021 à 20:43, Eric W. Biederman a écrit :
> Christophe Leroy <christophe.leroy@...roup.eu> writes:
>
>> In the same spirit as commit fb05121fd6a2 ("signal: Add
>> unsafe_get_compat_sigset()"), implement an 'unsafe' version of
>> copy_siginfo_to_user() in order to use it within user access blocks.
>>
>> For that, also add an 'unsafe' version of clear_user().
>
> Looking at your use cases you need the 32bit compat version of this
> as well.
>
> The 32bit compat version is too complicated to become a macro, so I
> don't think you can make this work correctly for the 32bit compat case.
When looking into patch 5/5 that you nacked, I think you missed the fact that we keep using
copy_siginfo_to_user32() as it for the 32 bit compat case.
>
> Probably-Not-by: "Eric W. Biederman" <ebiederm@...ssion.com>
>
> Eric
>
>> Signed-off-by: Christophe Leroy <christophe.leroy@...roup.eu>
>> ---
>> include/linux/signal.h | 15 +++++++++++++++
>> include/linux/uaccess.h | 1 +
>> kernel/signal.c | 5 -----
>> 3 files changed, 16 insertions(+), 5 deletions(-)
>>
>> diff --git a/include/linux/signal.h b/include/linux/signal.h
>> index 3454c7ff0778..659bd43daf10 100644
>> --- a/include/linux/signal.h
>> +++ b/include/linux/signal.h
>> @@ -35,6 +35,21 @@ static inline void copy_siginfo_to_external(siginfo_t *to,
>> int copy_siginfo_to_user(siginfo_t __user *to, const kernel_siginfo_t *from);
>> int copy_siginfo_from_user(kernel_siginfo_t *to, const siginfo_t __user *from);
>>
>> +static __always_inline char __user *si_expansion(const siginfo_t __user *info)
>> +{
>> + return ((char __user *)info) + sizeof(struct kernel_siginfo);
>> +}
>> +
>> +#define unsafe_copy_siginfo_to_user(to, from, label) do { \
>> + siginfo_t __user *__ucs_to = to; \
>> + const kernel_siginfo_t *__ucs_from = from; \
>> + char __user *__ucs_expansion = si_expansion(__ucs_to); \
>> + \
>> + unsafe_copy_to_user(__ucs_to, __ucs_from, \
>> + sizeof(struct kernel_siginfo), label); \
>> + unsafe_clear_user(__ucs_expansion, SI_EXPANSION_SIZE, label); \
>> +} while (0)
>> +
>> enum siginfo_layout {
>> SIL_KILL,
>> SIL_TIMER,
>> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
>> index c05e903cef02..37073caac474 100644
>> --- a/include/linux/uaccess.h
>> +++ b/include/linux/uaccess.h
>> @@ -398,6 +398,7 @@ long strnlen_user_nofault(const void __user *unsafe_addr, long count);
>> #define unsafe_put_user(x,p,e) unsafe_op_wrap(__put_user(x,p),e)
>> #define unsafe_copy_to_user(d,s,l,e) unsafe_op_wrap(__copy_to_user(d,s,l),e)
>> #define unsafe_copy_from_user(d,s,l,e) unsafe_op_wrap(__copy_from_user(d,s,l),e)
>> +#define unsafe_clear_user(d, l, e) unsafe_op_wrap(__clear_user(d, l), e)
>> static inline unsigned long user_access_save(void) { return 0UL; }
>> static inline void user_access_restore(unsigned long flags) { }
>> #endif
>> diff --git a/kernel/signal.c b/kernel/signal.c
>> index a3229add4455..83b5971e4304 100644
>> --- a/kernel/signal.c
>> +++ b/kernel/signal.c
>> @@ -3261,11 +3261,6 @@ enum siginfo_layout siginfo_layout(unsigned sig, int si_code)
>> return layout;
>> }
>>
>> -static inline char __user *si_expansion(const siginfo_t __user *info)
>> -{
>> - return ((char __user *)info) + sizeof(struct kernel_siginfo);
>> -}
>> -
>> int copy_siginfo_to_user(siginfo_t __user *to, const kernel_siginfo_t *from)
>> {
>> char __user *expansion = si_expansion(to);
Powered by blists - more mailing lists