lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250615091142.3c9520d9@pumpkin>
Date: Sun, 15 Jun 2025 09:11:42 +0100
From: David Laight <david.laight.linux@...il.com>
To: kernel test robot <lkp@...el.com>
Cc: Ilya Leoshkevich <iii@...ux.ibm.com>, oe-kbuild-all@...ts.linux.dev,
 linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>,
 Linux Memory Management List <linux-mm@...ck.org>, Alexander Potapenko
 <glider@...gle.com>
Subject: Re: mm/kmsan/hooks.c:269:14: sparse: sparse: cast removes address
 space '__user' of expression

On Fri, 13 Jun 2025 12:28:55 +0800

Not directly related but...

....
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  267  	ua_flags = user_access_save();
> f926e9326f3a79 Ilya Leoshkevich    2024-06-21  268  	if (!IS_ENABLED(CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE) ||
> f926e9326f3a79 Ilya Leoshkevich    2024-06-21 @269  	    (u64)to < TASK_SIZE) {
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  270  		/* This is a user memory access, check it. */
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  271  		kmsan_internal_check_memory((void *)from, to_copy - left, to,
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  272  					    REASON_COPY_TO_USER);
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  273  	} else {
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  274  		/* Otherwise this is a kernel memory access. This happens when a
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  275  		 * compat syscall passes an argument allocated on the kernel
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  276  		 * stack to a real syscall.
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  277  		 * Don't check anything, just copy the shadow of the copied
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  278  		 * bytes.
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  279  		 */

Isn't that comment just wrong?
Compat syscalls just don't do that any more.
They might have done it in the past before setfs(KERNEL_DS) got nuked.
So the 'else' clause can never happen and the test nuked.

So anything here is always 'user' (or will have failed access_ok()).
I think that also means the test can be done before the copy_to_user() itself
since, contrary to the earlier comment (trimmed) all of the kernel memory
that might be copied needs to have valid data.

(Unlike copy_from_user() when only the written part need to be marked
as containing valid data.)

	David

> 75cf0290271bf6 Alexander Potapenko 2022-09-15  280  		kmsan_internal_memmove_metadata((void *)to, (void *)from,
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  281  						to_copy - left);
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  282  	}
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  283  	user_access_restore(ua_flags);
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  284  }
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  285  EXPORT_SYMBOL(kmsan_copy_to_user);
> 75cf0290271bf6 Alexander Potapenko 2022-09-15  286  
> 
> :::::: The code at line 269 was first introduced by commit
> :::::: f926e9326f3a79f7e01ac790e2361f44d8ca8320 kmsan: fix kmsan_copy_to_user() on arches with overlapping address spaces
> 
> :::::: TO: Ilya Leoshkevich <iii@...ux.ibm.com>
> :::::: CC: Andrew Morton <akpm@...ux-foundation.org>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ