From patchwork Thu Apr 4 12:31:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13617771 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1FCECD1284 for ; Thu, 4 Apr 2024 12:32:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 818F16B0099; Thu, 4 Apr 2024 08:32:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 79B946B009A; Thu, 4 Apr 2024 08:32:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5EE766B009B; Thu, 4 Apr 2024 08:32:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 3B9B16B0099 for ; Thu, 4 Apr 2024 08:32:11 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id E9C50C0AF0 for ; Thu, 4 Apr 2024 12:32:10 +0000 (UTC) X-FDA: 81971786820.25.AF098D5 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf02.hostedemail.com (Postfix) with ESMTP id EE57A8001D for ; Thu, 4 Apr 2024 12:32:08 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=qBcLtrcb; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf02.hostedemail.com: domain of 3yJ0OZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3yJ0OZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1712233929; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XerkH2ynkf1vxp+fsqJ0qN8AZG46ak50/ECqEN32U0w=; b=HS514mN0QDZIkk3K75vYVJorJFLEJbQX6CAb6tLcV5pQMJ1gAsrIs5iVjeveynApAbjr+U bM0wSL9vo/KxyxY4CBJU9sN2BP8pMcdzQyog6S3GRDBY2v6QMVHPmrbbFhUT700CIIZfeM WGO/8bKjHPaPBXLe/NaSbHYRbXY/fvQ= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=qBcLtrcb; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf02.hostedemail.com: domain of 3yJ0OZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3yJ0OZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1712233929; a=rsa-sha256; cv=none; b=Lwu8UVKPodkC3aJ4PBX9sxL5wA2WGxX81EjjqNEPwAR+TIKiP775oVkIQFU38BHe40fuJr NqQ3jc8EopzerGPvVHaYtiGyTFndPyNsX3+1NY9LygzB6Bi634Ls7VaFddVUx0Uz0VFjPb xUFx2bVfyPob7CbLBcJWEkjlkCjYIm4= Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-610b96c8ca2so15778447b3.2 for ; Thu, 04 Apr 2024 05:32:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712233928; x=1712838728; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XerkH2ynkf1vxp+fsqJ0qN8AZG46ak50/ECqEN32U0w=; b=qBcLtrcbU8xwNLqyB27HuE7Q+D0az8ySN+ri0lVbUH/sfM3EUHzj3+6bCpz8td+zSP f3weBmAelrX4NcY7aU9/STd10cUxSMV4PfC5cTBTFT1eYk2gJITzQ1s/wWxFpQtyD71O 3FuFwjeH9FE9pW63UhyectFC1ard+R15GHRTAs8CPdjIB38jDleUFQLjRPYrku3VBivH dndVX5ngtf8n87H030zXQYWOTuxoNxe/n17LTzyqPdV6Lxkj+fB3Bu975rMZtqJ3COZ+ LMb0CwxiQzuRvdziGxtxj8Q4GANxvsMsVyhFY8/c3ORc3zcvn6enNROCS6jYuo8oX7vK 9mFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712233928; x=1712838728; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XerkH2ynkf1vxp+fsqJ0qN8AZG46ak50/ECqEN32U0w=; b=L+cDnuyt8SdYI8VMo0gOrfBK48kAPjlYrI+d+xP59nwwISBVLEKA4ab+h604Mt2wJQ /LOaMCqbMznWh0L/fm9AvPJor4TS9xPNQ92UsnC/Hjc3lKKLUVhR4xwggl9YoyUfJ27i aKUnesH8FbvB/sCcQjYTLCddaMmXoi17kZd78XEyQ8TyoAtfUbDlsRSANTNdm3BodBgQ dcuG/1yPUQ7uRMbT/O3zrnsjRDwtvfl+5ju8ViKVi+z1jgObsZ0Lg4LyXBGV7mzmMPih 0BXV8fB0SQimxCpt3Q6SZz+gdSZntcK/UdScsFQfAIjC72yT7dUi6GKr+x6j2fzsBtET /TGg== X-Forwarded-Encrypted: i=1; AJvYcCXZpEeE8TWTwtFsg16XI5QN2IsDATrqhgGIERJ8uGiT4Vw8MBnzxkppMlDdOY7NNZuq6rlf2NxQ4+yna4MTrdzzxa8= X-Gm-Message-State: AOJu0Yz9mDoFajkRxtFCfilhCgFDy09jZhC6S/bGWSnz+t61vdAh9UdF m8o9e2lPxnQnH1aWeJWSeRsJ//kLo+JWEMu4W2V1ZS6krG2Uj2WxZjAbSKEfGhCUsnq3Yr10KmQ cuWgtgVrloJBgbw== X-Google-Smtp-Source: AGHT+IG0Bsq2KxhVPOQpSkN7RapTzL57jEs123Iy4spqtUcqzx174FkXstUUKG35PgzUW7U2kryjNQK8BX3zoew= X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:6902:124a:b0:dc2:1f34:fac4 with SMTP id t10-20020a056902124a00b00dc21f34fac4mr708607ybu.2.1712233928129; Thu, 04 Apr 2024 05:32:08 -0700 (PDT) Date: Thu, 04 Apr 2024 12:31:40 +0000 In-Reply-To: <20240404-alice-mm-v4-0-49a84242cf02@google.com> Mime-Version: 1.0 References: <20240404-alice-mm-v4-0-49a84242cf02@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=5074; i=aliceryhl@google.com; h=from:subject:message-id; bh=fSgHfw/zkWrxiL7qQcuIRBGXo9AsMjuelkCO78cyAIg=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBmDp2+8k+koOL0GcIB850DW3ouuJxGlPR2MopoO q15ulz7hZOJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZg6dvgAKCRAEWL7uWMY5 RgjkEACUB3R7Sn1Mx7xhemoU2eWMaNTf+LDF5Kpe7cqJ9xnqMJgUM7WKETGwNBOqbI3f/iZTFjx aiQywDbimWtwIc1Drme1GlbihXwW0ut7WIvv+XyiIlfzJ6zyEg43G6KnkHgFJrDQNJUJasQnF1U rZ8fqDaarX/EyfixSMWxDOy5iBCJUUB9TejXbUP3TN8pM+eeWUcDj2Ri75ZLBBRyj0ZFHmNT+Rk CsyqnI08i6aYsXalL/ZbGJcbr5ZzMh9FHkY7WbwlX9kViCto4ryG5uD/OT/XqJhjfDSeoroEtpF 0Pow3pGanpm1TogMELV6Al/8AYQxB2Ohtkto9Sraez/KsIwnHLWZUn7wy/Fy1122vwqDEDshM+a 9ZnHdbaYeepLUl07i5fbfQJF+vspuYl4Vlw0Vy6wKf92sanv7LX0Ea51dK3p9t5ISZSCj+fu2po UKW8atf6Zd61GG+mkP56/s6RoAmb8FkFETpVa1TJr5E2AK08IaccRyTuge6riMTD3pco/tngGqK gUbxYKsknZcq6egCRWt2fr/ghJggswWqRlYTMwQfkqZbRxngZACZ4spgLjMfBhj/czoN1673bJ4 GtDQCFA/FKvHXtKYpNaZPEbk0+O9ra4aNzGotNcsoVvFItYdR848PwQRYv2eh1kDTlnl46aFWAM NDdJ1cG5xmBxfGw== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240404-alice-mm-v4-2-49a84242cf02@google.com> Subject: [PATCH v4 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook Cc: Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Greg Kroah-Hartman , " =?utf-8?q?Arve_Hj=C3=B8?= =?utf-8?q?nnev=C3=A5g?= " , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Alice Ryhl , Christian Brauner X-Rspamd-Queue-Id: EE57A8001D X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: skj7xsh6o7dh8to6onc6jj3ppc895scm X-HE-Tag: 1712233928-480138 X-HE-Meta: U2FsdGVkX1+wfIGWiG4iz6Erf1c6HPVcIePSbTkOTUTN48T2JGgvwVnox6QmqiGRjBaSld5uu2zv0z9HtmefifmH93jAKAbnUWuzcTku+kbS2qUhZ24+/WHLei0sfzdPnywB4w8AqnfdSNx7Q059cu1EwkQaZ0OUUlB63eTipODPiAhQDDh4SEG2CqrCq7mtWyfnu1Ped7z7ag3Vm+l8cUFij3vGiyW57cswR4TEdmuXEd521AgqZOw+F9QBba3mLcO5E1murmecjNoIJ4C4fypHvJ8QYlWta2ol09MRNg0Ns4yCzRBacjKjudbXHuijTYABIYNXoTpWIGJ7+QEZgoYNSKUwJAn/NYjipETgyeCYwhsJOECqzotjW49sq8g7yUbA33t+4gSnN2xJQCLnBuIT+BqA5U1ZlB2Kkpis8BTkkYlOa1wotjjk/aI0MINx6h1nSbajzCbFTH8CiEnHXbyHsgVaTeZke0ugHjsrR/6PwnbYvWwLLyKW1iuzWgODUgm2jdTyRZUJhAhKDyCpM6H5lteyqlTEP9wxRgGHlK5aFYPXCGrk0ojJ+O2/9SwNTsq6qPyU+4jLBC2ZPQX0/jWDj/6voibfIKJ1x48yt5EPedLBcTe7aHZ25l8U3pg4BOXP2WHN1RImkPjRcV5AQVy2r+BiKBUjPELAQWvlE2Bdf/g6BaQJNoBcd5fh0haVveV8skof9e6yjAhjtDipNifc+hgwyv+a5MxFgGoh0eL7c8yYYN3NipmitggoLlYlcDiR9jsxUBZwjyUEVxWZci7tEndaqZVcxEhI13yfXSoui8oetFUQTIjhq2coV0JW4zW0M8Jyb5KNCYCZd+jX1iNX3KqK35j4pbTAcLaLph+BZkbz/2O5NvuYEsutnOabA+zp1uDgyHeTjOIa9plJHsPifKQwv+3NchcxPcBFiI5AHIM56MYQUFZ7q45Zq+gnVqI1Dz2awfhb8uo8lFg rcv33ec2 yakB8eaI4ndT8g9+0IBI+A+J/p70dbro5PSFGenpuddqXkw3Ibv1LnmzYXH33SFXEabmJYwQLTDIrDxEFAZQtlLESii6aIVPruQzJdLEiXdPj2F2zwf7sbpV83j6qYimMjdhuP1dfGfuMRg4Z7TXp59T9Nsq/eAAMVVUQJGFSBtYkKYh9JZmvwsnVRS7adSY8asw270trtQaVIltecUyI7vSVOIO0GX6Jbvi/Xj13krMNzXnHDNyoB8ub6nnfTw2SG/aTpGeZ44UhzimtAbBiADQVRPUbmEtltzlyA8kdd5BW7OO4jgiqzrZNL8hXODCbUhQbCCAAtft3N1rlyJjq/CiTxDyOOaanVeSpD9ptZoWEkQ/k3VBkKfu53bKbbY5axzm8rgbrZ1L7x9pDsoMIeRAS++hwD8auGKzO4fM4YA/Rv0vEWDKKIdCp6y33lrFrawrxxEHDl0+X3qWPnoHkocgRrwDtQ9c9ND9ElmKBk2ei1o+3UXaaKIa4hIDZIIzpFdXF+ONC6HJHgg2/7xQKhnaUaJ68Mo/7wCgv2OniHKbaw/lbY8EWrTpFADd6Y5gQVkDvY8seRWxv2IEf0y3Hl5WNiVvdwSvMbuVPM7Xl5rmR20sXSt8oKw76rzOjZZTGth+hT0WO7kYkbHZYKAG4EZ16MkBVy8Zzri4l9HoqGV4r3h3dCh/Iy8DJD9JRwO8H+sAK9cv+L815ZGjjBNT9RhPb9hMtZ4HWxFmZB68FkXsFA+dr2vqV7gNFPa8BY3ekQ+TgsZfw6eDd3sj9VqkUuljr/w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Arnd Bergmann Rust code needs to be able to access _copy_from_user and _copy_to_user so that it can skip the check_copy_size check in cases where the length is known at compile-time, mirroring the logic for when C code will skip check_copy_size. To do this, we ensure that exported versions of these methods are available when CONFIG_RUST is enabled. Alice has verified that this patch passes the CONFIG_TEST_USER_COPY test on x86 using the Android cuttlefish emulator. Signed-off-by: Arnd Bergmann Tested-by: Alice Ryhl Reviewed-by: Boqun Feng Signed-off-by: Alice Ryhl --- include/linux/uaccess.h | 38 ++++++++++++++++++++++++-------------- lib/usercopy.c | 30 ++++-------------------------- 2 files changed, 28 insertions(+), 40 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 3064314f4832..2ebfce98b5cc 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -5,6 +5,7 @@ #include #include #include +#include #include #include @@ -138,13 +139,18 @@ __copy_to_user(void __user *to, const void *from, unsigned long n) return raw_copy_to_user(to, from, n); } -#ifdef INLINE_COPY_FROM_USER static inline __must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) +_inline_copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { + /* + * Ensure that bad access_ok() speculation will not + * lead to nasty side effects *after* the copy is + * finished: + */ + barrier_nospec(); instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); instrument_copy_from_user_after(to, from, n, res); @@ -153,14 +159,11 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) memset(to + (n - res), 0, res); return res; } -#else extern __must_check unsigned long _copy_from_user(void *, const void __user *, unsigned long); -#endif -#ifdef INLINE_COPY_TO_USER static inline __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned long n) +_inline_copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); if (should_fail_usercopy()) @@ -171,25 +174,32 @@ _copy_to_user(void __user *to, const void *from, unsigned long n) } return n; } -#else extern __must_check unsigned long _copy_to_user(void __user *, const void *, unsigned long); -#endif static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - if (check_copy_size(to, n, false)) - n = _copy_from_user(to, from, n); - return n; + if (!check_copy_size(to, n, false)) + return n; +#ifdef INLINE_COPY_FROM_USER + return _inline_copy_from_user(to, from, n); +#else + return _copy_from_user(to, from, n); +#endif } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - if (check_copy_size(from, n, true)) - n = _copy_to_user(to, from, n); - return n; + if (!check_copy_size(from, n, true)) + return n; + +#ifdef INLINE_COPY_TO_USER + return _inline_copy_to_user(to, from, n); +#else + return _copy_to_user(to, from, n); +#endif } #ifndef copy_mc_to_kernel diff --git a/lib/usercopy.c b/lib/usercopy.c index d29fe29c6849..de7f30618293 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -7,40 +7,18 @@ /* out-of-line parts */ -#ifndef INLINE_COPY_FROM_USER +#if !defined(INLINE_COPY_FROM_USER) || defined(CONFIG_RUST) unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long res = n; - might_fault(); - if (!should_fail_usercopy() && likely(access_ok(from, n))) { - /* - * Ensure that bad access_ok() speculation will not - * lead to nasty side effects *after* the copy is - * finished: - */ - barrier_nospec(); - instrument_copy_from_user_before(to, from, n); - res = raw_copy_from_user(to, from, n); - instrument_copy_from_user_after(to, from, n, res); - } - if (unlikely(res)) - memset(to + (n - res), 0, res); - return res; + return _inline_copy_from_user(to, from, n); } EXPORT_SYMBOL(_copy_from_user); #endif -#ifndef INLINE_COPY_TO_USER +#if !defined(INLINE_COPY_TO_USER) || defined(CONFIG_RUST) unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - might_fault(); - if (should_fail_usercopy()) - return n; - if (likely(access_ok(to, n))) { - instrument_copy_to_user(to, from, n); - n = raw_copy_to_user(to, from, n); - } - return n; + return _inline_copy_to_user(to, from, n); } EXPORT_SYMBOL(_copy_to_user); #endif