From patchwork Thu Dec 9 22:15:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Collingbourne X-Patchwork-Id: 12695540 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 16A24C433EF for ; Thu, 9 Dec 2021 22:19:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=LIpbf4xks1263c1W+VIAbLKOVR+PSQmQg5mefW+J7qY=; b=EQwSkdzXy627X+eaC7ptJKkyr6 Ec2S5AaqkrojTsSSoK/0u7PpexfQQeu+GL04J3gRJKoGrHMK+D0vvTC/ppdsRvCHpUcp4Ag9uoDA9 u3OvkHysYTaReJnnpT18f3Y6LAoqwpphd86ntnUq/Eb/ZuWEqg3fuoQLg6v30uUkM0JC1QmSLoQiK Fze3V1m3EHqPRAIsyMJ0OQ24i0PL6VG1EFHAFmbvNGYn0UTZgxMteUvgvbGK/3dyBoDGpuf2bXUVX UjphOjtwZzeN6BxDEJMyk/jRvT96COUbCKgD34FdW7v6FCqBfOenxzXwiZQxjjIzfL4tWQLZectz+ pXj/Xdzg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mvRjc-000CxZ-49; Thu, 09 Dec 2021 22:17:53 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mvRho-000CEI-UM for linux-arm-kernel@lists.infradead.org; Thu, 09 Dec 2021 22:16:03 +0000 Received: by mail-yb1-xb49.google.com with SMTP id t184-20020a2546c1000000b006008b13c80bso13101390yba.1 for ; Thu, 09 Dec 2021 14:16:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=lvYZWOMBGv2NvliGw5NO73inoVaqmyrZ+UqoCCa0Q2o=; b=RBkhEsB+TbqqkjEQx0sTwY/WeLY8qK5nIYs2MlLm587GOQtU6tH2jLBjfNSfmQygGx zlM08TUHCXig93/AlPkh86J8IU121WX91ikxAxAifMyCadcKe0qGkYAbMIraB7cMQJBl D73vY9NfXIJtTiBSDX918WyqpNAoRMfYSdcgsLrU0RBCeAsVlYe+UswtS0v7Qi3WCRuW LbeH1movF+a4mvzT00Q5OX7RQj9p0XtpeqTSrezLTlmbwdIbIbH5P4pfB13mZyu/ndoB oSm6FL54nBMhmxUN5vKhXoBExhbQQL7Tg7G358TrSDJnLZVC4KKeI3rqw4rnp9W+oqKD H0cQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=lvYZWOMBGv2NvliGw5NO73inoVaqmyrZ+UqoCCa0Q2o=; b=lxeIiiEBCoEu0qcWTmOIl89VPmP6MypRW2k7esB6V/UONh8xl2zHV+1hz3xeNpYy2R z9fsUsWb6HoHUig+Y2iu9SAvu0s1N4Lx9zocJL450kHQ1+y9fVvPpHqtTmTUu9r5At86 w/PZ3f+rwzxCiCrsGwETpwLK6Dxk0RFIhcwGduDIqlbBrubE1E9pBQ/5Mfky2h3XdL4Q KyijJI5DuoTj0Eiy3Q3MyQomClyj8MjG1798l2jb0DM+ScpGlszI3CamhViscx1BptKZ SWg0SYt8pf6F+3poln1NsBISKuMggrNZk61YZ2m7KRegRS3iD1cgbNjbzkhLpSUj0z7p EAaA== X-Gm-Message-State: AOAM530zQEDhuJYtXpxJGUWE9JwWDAOsW6OCOjBSQ+APn51uyOLbk/hE n11lefeFUpkrg2FDXByiQySPMec= X-Google-Smtp-Source: ABdhPJx7kPyMgfW98vbLG5bioLn4OfDFvxhzabv0RoREjBxyeXyYuIbfyTNmHSJpFQm+bDPS9Vkfirk= X-Received: from pcc-desktop.svl.corp.google.com ([2620:15c:2ce:200:f233:e324:8aa0:f65c]) (user=pcc job=sendgmr) by 2002:a25:b2a6:: with SMTP id k38mr10316854ybj.122.1639088159255; Thu, 09 Dec 2021 14:15:59 -0800 (PST) Date: Thu, 9 Dec 2021 14:15:40 -0800 In-Reply-To: <20211209221545.2333249-1-pcc@google.com> Message-Id: <20211209221545.2333249-4-pcc@google.com> Mime-Version: 1.0 References: <20211209221545.2333249-1-pcc@google.com> X-Mailer: git-send-email 2.34.1.173.g76aa8bc2d0-goog Subject: [PATCH v4 3/7] fs: use copy_from_user_nolog() to copy mount() data From: Peter Collingbourne To: Catalin Marinas , Will Deacon , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Thomas Gleixner , Andy Lutomirski , Kees Cook , Andrew Morton , Masahiro Yamada , Sami Tolvanen , YiFei Zhu , Mark Rutland , Frederic Weisbecker , Viresh Kumar , Andrey Konovalov , Peter Collingbourne , Gabriel Krisman Bertazi , Chris Hyser , Daniel Vetter , Chris Wilson , Arnd Bergmann , Dmitry Vyukov , Christian Brauner , "Eric W. Biederman" , Alexey Gladkov , Ran Xiaokai , David Hildenbrand , Xiaofeng Cao , Cyrill Gorcunov , Thomas Cedeno , Marco Elver , Alexander Potapenko Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Evgenii Stepanov X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211209_141601_022433_D6419FFF X-CRM114-Status: GOOD ( 18.76 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With uaccess logging the contract is that the kernel must not report accessing more data than necessary, as this can lead to false positive reports in downstream consumers. This generally works out of the box when instrumenting copy_{from,to}_user(), but with the data argument to mount() we use copy_from_user() to copy PAGE_SIZE bytes (or as much as we can, if the PAGE_SIZE sized access failed) and figure out later how much we actually need. To prevent this from leading to a false positive report, use copy_from_user_nolog(), which will prevent the access from being logged. Recall that it is valid for the kernel to report accessing less data than it actually accessed, as uaccess logging is a best-effort mechanism for reporting uaccesses. Link: https://linux-review.googlesource.com/id/I5629b92a725c817acd9a861288338dd605cafee6 Signed-off-by: Peter Collingbourne --- fs/namespace.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/namespace.c b/fs/namespace.c index 659a8f39c61a..8f5f2aaca64e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "pnode.h" #include "internal.h" @@ -3197,7 +3198,12 @@ static void *copy_mount_options(const void __user * data) if (!copy) return ERR_PTR(-ENOMEM); - left = copy_from_user(copy, data, PAGE_SIZE); + /* + * Use copy_from_user_nolog to avoid reporting overly large accesses in + * the uaccess buffer, as this can lead to false positive reports in + * downstream consumers. + */ + left = copy_from_user_nolog(copy, data, PAGE_SIZE); /* * Not all architectures have an exact copy_from_user(). Resort to