From patchwork Wed Dec 8 04:48:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Collingbourne X-Patchwork-Id: 12695279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CE1FEC433F5 for ; Wed, 8 Dec 2021 04:50:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=LIpbf4xks1263c1W+VIAbLKOVR+PSQmQg5mefW+J7qY=; b=BYWinhVhmzN5jD13eyEe7HUxlf siptltlo/j0KYN806LaNUr+j7H2eK0FrAESglg7h68970hCmg4TqjVGnr9Z/lDyYGaKtiMishFKz1 AgCYJAZt5nOY0CA9SIgrtks+E9Ud/xv5gM5ZeW0NNQYvdplbnlAGf0zQyKNC4hjjlbvU4KLyZWV9m D+kOQ5/Q5/MBgQcHHpCgIY8LGwWBMQxleh52mHMjAwZlHz5Bxl6Gly3rN7RjX+4/eaGrJfXA2TROs yDna/DV2aJOgtp5mfMPXFux7vtHrL+2S1neAsZsDlCqjLuGrVeAZlHtxw15JpRIzHPRuPbS3Q4HpC r1C3mrCw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1muot2-00BEbX-HO; Wed, 08 Dec 2021 04:49:00 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1muosT-00BEOC-Rp for linux-arm-kernel@lists.infradead.org; Wed, 08 Dec 2021 04:48:27 +0000 Received: by mail-yb1-xb49.google.com with SMTP id l28-20020a25b31c000000b005c27dd4987bso2459565ybj.18 for ; Tue, 07 Dec 2021 20:48:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=lvYZWOMBGv2NvliGw5NO73inoVaqmyrZ+UqoCCa0Q2o=; b=LcAaZtOXvzkNd9sVH2yLm+/LCfc50ZjsZQfoXUZn7U+OT7GnL1XVyB0o+cD51g1mak Atu4LFmhQbZyDYeWpivY/cKuxNwGA8Jh/O7LpaMl/n1cfe2dZkr+atqOCbOeszYfTebI GC+jxXlemcn9ha4kKrirxAiOx89J4pv6tgTH17jY1GS/bmFafsxIDdDGbhzbX+ARJjCL G1Vq1kN0jk63LtGyolqjlQ/LUi0i9ZuCv6Qa8sNIMOPIlPGzgln1AjOoe2RdvLL8u+Ld pnAKV5yKSrxy6nzTPsR77c04HAKapfoXuyNLG7p2cKRJLtjzi8rUA0NXs5ToyAv17gH+ MfFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=lvYZWOMBGv2NvliGw5NO73inoVaqmyrZ+UqoCCa0Q2o=; b=Ab3q/KNHeftPZONSvIhZIlMf0HZQJVEhUbLZWmUOfhXMy0v48ytKiR1p/R9q6dpKNb qIgevPouEc+f0JVI/f83QlhekSxPNgxvfomi/PeA8/zrqWgpVgiP/gR7xdB77my9VI6f 0x1yOILmUDJUQiQhHQktw2kLgo6YqGpn+SRFMo0EglrYOSz+NbK8OojEmqPWIurmcExp gf0UagS2jFFy5imwtwW8y66ahho7M557vZ+KG7eZKnZDg7XB8M/mN07xLjxt5amRQhi5 Q6XNCZVvqMU+daNtdebA0xPFxlg3h3ZAUfVkQefNJIGYm8+9nNs6A7M3Q2eDYsTsc5Ku 7t5A== X-Gm-Message-State: AOAM533DMowEkZAY6ISIQWyPqWeW5tODYQYu1yQuOWMiTVWTzTXGclzg 5LFmbhzjZ7UtVI3l/I4Ic06i7S4= X-Google-Smtp-Source: ABdhPJwdKv4aEZBt18+APFTl37LHZZmJKCQ2bWdhzhqziL4e4O+qlZtepaGeVotGWLHKGp3ZB5en6oU= X-Received: from pcc-desktop.svl.corp.google.com ([2620:15c:2ce:200:be2d:924d:844b:d2fa]) (user=pcc job=sendgmr) by 2002:a25:5cf:: with SMTP id 198mr52498659ybf.742.1638938904301; Tue, 07 Dec 2021 20:48:24 -0800 (PST) Date: Tue, 7 Dec 2021 20:48:05 -0800 In-Reply-To: <20211208044808.872554-1-pcc@google.com> Message-Id: <20211208044808.872554-4-pcc@google.com> Mime-Version: 1.0 References: <20211208044808.872554-1-pcc@google.com> X-Mailer: git-send-email 2.34.1.173.g76aa8bc2d0-goog Subject: [PATCH v3 3/6] fs: use copy_from_user_nolog() to copy mount() data From: Peter Collingbourne To: Catalin Marinas , Will Deacon , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Thomas Gleixner , Andy Lutomirski , Kees Cook , Andrew Morton , Masahiro Yamada , Sami Tolvanen , YiFei Zhu , Mark Rutland , Frederic Weisbecker , Viresh Kumar , Andrey Konovalov , Peter Collingbourne , Gabriel Krisman Bertazi , Chris Hyser , Daniel Vetter , Chris Wilson , Arnd Bergmann , Dmitry Vyukov , Christian Brauner , "Eric W. Biederman" , Alexey Gladkov , Ran Xiaokai , David Hildenbrand , Xiaofeng Cao , Cyrill Gorcunov , Thomas Cedeno , Marco Elver , Alexander Potapenko Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Evgenii Stepanov X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211207_204825_969911_7AA4E9B0 X-CRM114-Status: GOOD ( 18.92 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With uaccess logging the contract is that the kernel must not report accessing more data than necessary, as this can lead to false positive reports in downstream consumers. This generally works out of the box when instrumenting copy_{from,to}_user(), but with the data argument to mount() we use copy_from_user() to copy PAGE_SIZE bytes (or as much as we can, if the PAGE_SIZE sized access failed) and figure out later how much we actually need. To prevent this from leading to a false positive report, use copy_from_user_nolog(), which will prevent the access from being logged. Recall that it is valid for the kernel to report accessing less data than it actually accessed, as uaccess logging is a best-effort mechanism for reporting uaccesses. Link: https://linux-review.googlesource.com/id/I5629b92a725c817acd9a861288338dd605cafee6 Signed-off-by: Peter Collingbourne --- fs/namespace.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/namespace.c b/fs/namespace.c index 659a8f39c61a..8f5f2aaca64e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "pnode.h" #include "internal.h" @@ -3197,7 +3198,12 @@ static void *copy_mount_options(const void __user * data) if (!copy) return ERR_PTR(-ENOMEM); - left = copy_from_user(copy, data, PAGE_SIZE); + /* + * Use copy_from_user_nolog to avoid reporting overly large accesses in + * the uaccess buffer, as this can lead to false positive reports in + * downstream consumers. + */ + left = copy_from_user_nolog(copy, data, PAGE_SIZE); /* * Not all architectures have an exact copy_from_user(). Resort to