From patchwork Mon Apr 15 07:13:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13629528 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA84AC4345F for ; Mon, 15 Apr 2024 07:14:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7A5AB6B0093; Mon, 15 Apr 2024 03:14:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 77CB36B0095; Mon, 15 Apr 2024 03:14:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5CF776B0096; Mon, 15 Apr 2024 03:14:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 3F9F76B0093 for ; Mon, 15 Apr 2024 03:14:24 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id F136FA14E2 for ; Mon, 15 Apr 2024 07:14:23 +0000 (UTC) X-FDA: 82010902806.18.00E99BA Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) by imf24.hostedemail.com (Postfix) with ESMTP id 23639180015 for ; Mon, 15 Apr 2024 07:14:21 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=RtPxz53i; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of 3zdMcZgkKCCA6HE8ANUDHCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--aliceryhl.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3zdMcZgkKCCA6HE8ANUDHCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713165262; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=622yrrnqj1BqCsmBBgHjaeo0syiJ1Yu6xB3lMWoaVgY=; b=ze+T3A4IOK54gN1fipRT3HrGpQL0WJ1KVRDiVQGJG2GvKnxgbAGRphjVN4O20zW/308KEa spS3davkMVaEEPQj+fiMGCQvt68rQzgc85uIb7ksDCZ8UnkFmG7U5syfJBc+08/IRObXkJ ewiyGwXIrdHBZ36UBT3sOpZlKNuoziI= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=RtPxz53i; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of 3zdMcZgkKCCA6HE8ANUDHCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--aliceryhl.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3zdMcZgkKCCA6HE8ANUDHCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--aliceryhl.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713165262; a=rsa-sha256; cv=none; b=Xney3EVhbdYGRoTJuYzRBQcghgEoJq2L2LTWzXojk3ZFWdhzvXNMxQst7J1gX/kWMLpAUD SWjudqTFmGRAGXrE8zTAxvVErf/i+9np7Mnw0m/26jTDiEPriWkL22vPjjsU0MfcjahG9w 5qwMLYQUGvs4llDsDsgtnUrpGgCCcz0= Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-615138794f5so49928317b3.2 for ; Mon, 15 Apr 2024 00:14:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713165261; x=1713770061; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=622yrrnqj1BqCsmBBgHjaeo0syiJ1Yu6xB3lMWoaVgY=; b=RtPxz53iCAE2o9PiDTx7g1DdLlJ5xbYs7wmYZDzQ3XOKzcREG2zz6cjUOsa2m9pQM0 hR6CeVwDviA9YDdclV9vBuW84hT11j6K5j4zSRaNQjCY3eYz52FYRdevyYTEhOiHWPC4 wj3ADhDcg0oQq3NyHA+0ucW1Eiz2Qxi/wF006ltWU3Vd8PUorqUVQ8Xv0h7ao78F8Ebx HPnxkNxZoQIvkREfisDqxRlCigl85HOD07XeAv2SqGI8cqbdO8tYcfqDyi/VKrMXNwbv hdIeAs/basqaZWgs9TqKjuMfuZiol1k37/4mXYLAFLmHFl68POQyFoElRf9KLED2PZ6A 0HkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713165261; x=1713770061; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=622yrrnqj1BqCsmBBgHjaeo0syiJ1Yu6xB3lMWoaVgY=; b=fWywmObZtj4DGLJIPsh5s7AvsoH31a16jY6/JtTaukwmcvfleA6zsVZxGrja2Fu5Qs UiyVgRmKA7R9BXrpdXv8hSKDpT2SfvvLv4WhiPWx6TAfZh874p05DZ+7HclF9vTu1kA0 ORcd1T0vnFf9NxEBYdN4Sdlg6FsCHJQicC1fPt/gO2bG8vCfSb//IUajMZom2onq1Mun G4+RlymPnfgrgTT97mw+Gplmz/FpzhYgT/t3ImwY11hGwi+u5+WCmRaNK0JQ7JyunLDz Bdz/6PdDFXM1Fjk+ZBOhuFBrWw1TSnV+jTBlextdDZFX8xlY9ZV4SCsVk3zvedbh4xyN KAOA== X-Forwarded-Encrypted: i=1; AJvYcCXAHVk88KxsE9TELAo5l4C/r+VMJM9yX1966xIB2qRv8UXUwjxpy3oNEZ5KtioUscBaXBj9P8fpckixjR/1nt3faJU= X-Gm-Message-State: AOJu0YzVaMua1rSHy409BI8OLTprXhsufnoEepcOp4RJLklktVqZCLij ntYGZ81oVELCuvZDXica3j+xX/uaRX9TfNYlTzqZBujZbmqRCtLpML+PxcSR+1/ClPoCi6yGQwB 9FtkKBVOrqktHDQ== X-Google-Smtp-Source: AGHT+IEDy2cmxpL9gABLPqVzqQohAjhb5CWGb1j6O1qtcixaXYYFz1PV+vHzyNZSAuog3D6lnXz1u9jyr1ONoMc= X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:690c:380e:b0:61a:bdb1:896e with SMTP id jx14-20020a05690c380e00b0061abdb1896emr905088ywb.5.1713165261254; Mon, 15 Apr 2024 00:14:21 -0700 (PDT) Date: Mon, 15 Apr 2024 07:13:54 +0000 In-Reply-To: <20240415-alice-mm-v5-0-6f55e4d8ef51@google.com> Mime-Version: 1.0 References: <20240415-alice-mm-v5-0-6f55e4d8ef51@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=5074; i=aliceryhl@google.com; h=from:subject:message-id; bh=AYyTAq6TYaErSLcGReltlD/lrWoe0YO/q7GJueIPc/E=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBmHNPCMZ5vFU68UUZuEzeqiEIJzbZO38/o+JL+b QhoXSkxAV+JAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZhzTwgAKCRAEWL7uWMY5 RgEND/44B8JnNUin8lR9qqAELaIcTM4HHQAqgjQcaq5vFiabeNWQXj3yhNBDx3J6cwMFPgUmzsW F0ScjCrdPGfcNsrfowQWRKjm+fd4/OFEPByQecQrQ5MycDypNU3HBGA5lzfFMXIe7TErrFcRTNO +IkzkcixhueU/LQRUXNOZ/sHvLEmrnRqDFo5VrJ4fK+ksJ0PrC4xaP3KP/Yogc8Q6XYcDW8RYAG UyMLchf7IioeYhbNjPx0wiQRLhmAYaRoXRAjOLHABj0iPL3DKwTZyAmqxf7oWPFBX9BDtBfzZMA BfmaVVex3kI1vFaEzf6Xk77iSatVYVGBKegP8YvulcitWEMufwN/GQtNj0Ju4KBZqwNWIbz2gEj ukZ2coclsr6Ri+4Uqi1LJGwc5T9c+iLDcX8oyFLm8fyk74r+831KbSMSbiyczG/OvEyhG9DvgkH aNaQJHbYzDbT0dUcBKStl/Tx6FwnQoOmoXdFk2zEW1b1CKVbpRvNnJAQonqojW6N+ztBawG2N4R zu57ZDq9xIxB+dOXYzak1KI4q+Ijk9rgfji34kQR49kdRzXfadYHU51Z74+tvdaLaaTtb27p/mk 8E9/wQjavMJvqcABCML87U94lfB9agMkUrrLIF0pCulOMbJZEC4zHUHtRArxAdAQUeONiFwELOb sM3yhdquYvASE7w== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240415-alice-mm-v5-2-6f55e4d8ef51@google.com> Subject: [PATCH v5 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook Cc: Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Greg Kroah-Hartman , " =?utf-8?q?Arve_Hj=C3=B8?= =?utf-8?q?nnev=C3=A5g?= " , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Alice Ryhl , Christian Brauner X-Rspam-User: X-Stat-Signature: ptdd1ja81ymn7ppdw1tb5jdyi9mh1m3a X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 23639180015 X-HE-Tag: 1713165261-608695 X-HE-Meta: U2FsdGVkX1/ChgH1eztD/dxmquNcEEUumuPGvLf60TtsR7rrbxKrWRazbOZrz/GGLLPsH6cPp9swDAt8xaanBOn048hLcEu/qJU6Gx1U9ndNhJnpHchulND1MtubgadkoMMO6xaCtc+KeW043z0J5CJL0g4pxaXM4YuttBnPHn+NlcR52/z/4q68dSXfK1ec6PQPwsXZe+hU4xhye6JDSsxe67sJ8InJZdc9F5XId1PGFmFvGUp64oyYD2j+CvJwv1EITZHIVwthzvJUdR0ZiTa2Zj+QmXcr7s6j/ze3N67QAK7O7ziJ2iFF00jcfVKbTgrXOrgeXZnpSRIZ/9iMMHYDdMOFXfHKwZwbUJ/YuCRQDyuIqEu4IrVLH3/ltscHB0PXVpOuWLIlkwTaiast55Odp5lSjMsHAZoQ9SSlYCL9g5CrOnPGMkBeDDWp47c+/GW+3NktwnM4d8afkra7eCpzkFyRQyJFyrO3AjYVqYfG8a2e+fQXm2ooQcbAYg+clu1lWx9rbHyulKQ5YSQun9bZeOcp58wt+CeJSzY4G9vrlQGgsD/p3gxu2locedYsAEFVZtZTAX2EssENuOE8VJ0FOfoxhGtslhd+Fe8R/K9wwsPEOHnQ4y/V3fGnvam/OISN6hiUBwHZluho+4K54xseiDJ8C1MJwO4STUoFHOggIVtm+JdCegLYpDAlPm5y4X9EyUzH6Y+U6q3Cwqps6u4DRq1pi2KWsaf/C3iWBwmhQIvL0Glih12Xkit8IvtTk1W19iSrsxMlJIZjy0l7ZlVa22eAdFO8mXERwKE1o4klAItjB0uLbuSqNOvCm+J/RrJoo2PbSkEBadlFaxyUI2lqsT+wLNzPuPnHYz8h9CafIQiO37dap/1rGC/nLerDep51bqgz8N8v+34Rbam/XgoijAz0t2JA8Iq/3IPfbtMFw/ByRCHFp8gMxPMQuyKHCRvn/63UgfG9RxGFk5K VRXt8hny 52aO+1SW7dC6hQUEL2r2gNphX8UPNV4fcRyCeKvWSKOL9fn86/u2YvgbQzOcSamHZnld6f/KMImzz82nn1XTmEOMjXtr4FUTcr/qJ1CTz3ClVeviNjJDPIyfV8iVhEjJxx9kqOOaMe3Ku3sWObzNmcRNlGb0FYgbUK4Z9FXVXg2C58f8kNQd3JafilymPrGje46BgVUK2RKZmxPwEY9y6GdguENygVeOgvTCIGuWhuSw1vVuKlSOCXdGwwRJ1aHJE7FTsIjdBpX7V4zbxjFbiKowV6+1/IOx+T2TWaQXKhfP7lWmPRCGgHsnZTDucbQr9EAm9gH7tl2y61ND9sAu1sFgkLk7SSzLgzaLsV3KtwAF54iRscxcyQLg9eqmnLqWo4dXxTt+g/v85whEmsaj4QJmdGxLnhgdqJWu5XVn3YEhzpA7B6sJadyBfWjYjhfubKqlbrOhKPL0Z2/rBiiC0JDGF5K+i/8zX43fHzbCBYvooc6YA/NrLycgy1oSKMo2W3wiVdiI/BjyVeZ8yMgajOU2bhWhqFF6u91PdREv9Y231jnSMObx8s6LpaDV386PucZxUEqqNhfQOdn7mp0KP0doYNcESsG8TiSbrubPERXbbqv8Tlqxb+N4/VvBcVAiamwopH4aEwfc3vJjiESN0mU9dUfO0aj6RVdOq+qorlTX/1y1Rw7eiLbsiAl3PMLXwolJUxv7tlGEmcM7VAFn4HhD/obo/Zq+8Udn5e5dJf7dtW1yOinhknackrJT7CfLUlGPKb1Our1RD9MKV2U8j5UNfiw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Arnd Bergmann Rust code needs to be able to access _copy_from_user and _copy_to_user so that it can skip the check_copy_size check in cases where the length is known at compile-time, mirroring the logic for when C code will skip check_copy_size. To do this, we ensure that exported versions of these methods are available when CONFIG_RUST is enabled. Alice has verified that this patch passes the CONFIG_TEST_USER_COPY test on x86 using the Android cuttlefish emulator. Signed-off-by: Arnd Bergmann Tested-by: Alice Ryhl Reviewed-by: Boqun Feng Signed-off-by: Alice Ryhl Reviewed-by: Kees Cook --- include/linux/uaccess.h | 38 ++++++++++++++++++++++++-------------- lib/usercopy.c | 30 ++++-------------------------- 2 files changed, 28 insertions(+), 40 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 3064314f4832..2ebfce98b5cc 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -5,6 +5,7 @@ #include #include #include +#include #include #include @@ -138,13 +139,18 @@ __copy_to_user(void __user *to, const void *from, unsigned long n) return raw_copy_to_user(to, from, n); } -#ifdef INLINE_COPY_FROM_USER static inline __must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) +_inline_copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { + /* + * Ensure that bad access_ok() speculation will not + * lead to nasty side effects *after* the copy is + * finished: + */ + barrier_nospec(); instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); instrument_copy_from_user_after(to, from, n, res); @@ -153,14 +159,11 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) memset(to + (n - res), 0, res); return res; } -#else extern __must_check unsigned long _copy_from_user(void *, const void __user *, unsigned long); -#endif -#ifdef INLINE_COPY_TO_USER static inline __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned long n) +_inline_copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); if (should_fail_usercopy()) @@ -171,25 +174,32 @@ _copy_to_user(void __user *to, const void *from, unsigned long n) } return n; } -#else extern __must_check unsigned long _copy_to_user(void __user *, const void *, unsigned long); -#endif static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - if (check_copy_size(to, n, false)) - n = _copy_from_user(to, from, n); - return n; + if (!check_copy_size(to, n, false)) + return n; +#ifdef INLINE_COPY_FROM_USER + return _inline_copy_from_user(to, from, n); +#else + return _copy_from_user(to, from, n); +#endif } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - if (check_copy_size(from, n, true)) - n = _copy_to_user(to, from, n); - return n; + if (!check_copy_size(from, n, true)) + return n; + +#ifdef INLINE_COPY_TO_USER + return _inline_copy_to_user(to, from, n); +#else + return _copy_to_user(to, from, n); +#endif } #ifndef copy_mc_to_kernel diff --git a/lib/usercopy.c b/lib/usercopy.c index d29fe29c6849..de7f30618293 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -7,40 +7,18 @@ /* out-of-line parts */ -#ifndef INLINE_COPY_FROM_USER +#if !defined(INLINE_COPY_FROM_USER) || defined(CONFIG_RUST) unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long res = n; - might_fault(); - if (!should_fail_usercopy() && likely(access_ok(from, n))) { - /* - * Ensure that bad access_ok() speculation will not - * lead to nasty side effects *after* the copy is - * finished: - */ - barrier_nospec(); - instrument_copy_from_user_before(to, from, n); - res = raw_copy_from_user(to, from, n); - instrument_copy_from_user_after(to, from, n, res); - } - if (unlikely(res)) - memset(to + (n - res), 0, res); - return res; + return _inline_copy_from_user(to, from, n); } EXPORT_SYMBOL(_copy_from_user); #endif -#ifndef INLINE_COPY_TO_USER +#if !defined(INLINE_COPY_TO_USER) || defined(CONFIG_RUST) unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - might_fault(); - if (should_fail_usercopy()) - return n; - if (likely(access_ok(to, n))) { - instrument_copy_to_user(to, from, n); - n = raw_copy_to_user(to, from, n); - } - return n; + return _inline_copy_to_user(to, from, n); } EXPORT_SYMBOL(_copy_to_user); #endif