From patchwork Thu Apr 18 08:59:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13634364 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F3D4C04FF8 for ; Thu, 18 Apr 2024 08:59:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B25396B0093; Thu, 18 Apr 2024 04:59:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AADCB6B0095; Thu, 18 Apr 2024 04:59:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 950586B0096; Thu, 18 Apr 2024 04:59:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 6FB436B0093 for ; Thu, 18 Apr 2024 04:59:39 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 1CAA4A13C6 for ; Thu, 18 Apr 2024 08:59:39 +0000 (UTC) X-FDA: 82022054478.08.5DDA930 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) by imf26.hostedemail.com (Postfix) with ESMTP id 221EA140020 for ; Thu, 18 Apr 2024 08:59:36 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=euQzxGNa; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of 3-OAgZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=3-OAgZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713430777; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MXu0ivdSThjPNuQSvbrqR8EgqUkoc/lgNPsqzGk09fE=; b=SRIL6aV9l/mLV0BKXO3unQCj5Oo0gFs2oDltIE8B3kob6ewwlHktJ1VFxxsj3Qq7LwCrxK m0AzNH8U3Rw6s/Sxnh53+/ykgu6cN262LI8E87pitVtY/Plu0x8g4sxny7EntCWQzdHJXQ ZpdgSxopSwlK2sCbC1RHevY/GWFoaWM= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=euQzxGNa; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of 3-OAgZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=3-OAgZgkKCHUTebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713430777; a=rsa-sha256; cv=none; b=nj6p1mF9JMqTG6e0/TIvD6MwT/RHhVyZOS8sWqKn2gYCd/lY/y7XCT1M8c8RB+9VaiC89f UmQ/44Ctto9pHKXbeaXBNwfgVQk2pkAI1+Ps5yRMLi0AbIs7ibYNAF5Vzf5+zPigzdKUE0 L4Jpwh4eJ6df8gu1Q5aoEn7jk5FBnxo= Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-de3d9eacb57so1306493276.1 for ; Thu, 18 Apr 2024 01:59:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713430776; x=1714035576; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MXu0ivdSThjPNuQSvbrqR8EgqUkoc/lgNPsqzGk09fE=; b=euQzxGNaPCgImCW98qvOYM2VLPimXJYzbUJL0YFOET88K7eG3pJE3f3ZV8XNPQo4yD caifBy/U9XLQoPFbg0xnRBZ0Um8619BEVjgdYHWPyP9VNW6NMYmzgj2RdfN01k11JQ4F SFgshOni/f/GODZ6kSuKalYGb5ld56UziDOyFojfU3KYdU5dTfhiV8j7l4iJpJBGbU/0 pymCkkZYroGmK4sr0rtpmLMgvQRsC1xohPIymNGHwpWICC/rLBiK0ioaRv7ZdblnQl5u 9KO9RBF2Z/PXvRfGm4UuA5r3nkiqUrrR4R1SybnxVIVR8EvQk8GAvCpNnlqYe22lN6bD 9OaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713430776; x=1714035576; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MXu0ivdSThjPNuQSvbrqR8EgqUkoc/lgNPsqzGk09fE=; b=TJ42GIuZkYVT0v68WzJkNNOZUai9DHyOMwE1JS5YK+aiqdd2+ewy58zcJ6a4i8VfZD Ii8dmeQq1ERlqDVqbgwRhAtjRhPCrRNqkr1rIEjx/2glPwLZRpT7VwiDE0g9FKqt+bXY L5wEQ7ah7OpmSrA8DqqI2BoduRi7RCmpc5MEmBYjZALwyUzoVZAjW69u78U5zK0Ey8Ik Rn6TcF77QOIbZtbwNFTXhRTqb5tcTvWGDsG54CN/TpGGtgzg7/8tJddJLE4UfWeW3cdl KiFbca6ljUzSHa7lphgELfk9x2dMySfQOaXB8LEE9LdzoOxcf1XOnP+cnDMY0x1JlXX1 vsxA== X-Forwarded-Encrypted: i=1; AJvYcCXFQDNle3zIbF48F0MpIi9XQ+J74qAQBvp90e74XaQjtgLISGnmgeXy/H4bPw8bntrnL5FZnBxF0NZTiTHzI2fo8bY= X-Gm-Message-State: AOJu0YyOmtRJXJha2zzWxjhub2HsxzEnvJJX2fGWzIWC4xPSbOw4g9qL 9yObjm537TPSCyOpbH+uUA6dGYQ8EcN5zVoA0nJZOlASGcZGv42uY2BFqQBKd9fGyvPlos6u0E+ N95scuSKC6rgZxQ== X-Google-Smtp-Source: AGHT+IGse7NZQ2hEZ3xo8zQMgk9GxHVA8CNqzQiXXjRdYigAwKQOE+Tfaeop+mtM1YJnE9wBINVVlzrjz7ZKuzM= X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a05:6902:1141:b0:dc6:5396:c0d4 with SMTP id p1-20020a056902114100b00dc65396c0d4mr546819ybu.1.1713430776218; Thu, 18 Apr 2024 01:59:36 -0700 (PDT) Date: Thu, 18 Apr 2024 08:59:18 +0000 In-Reply-To: <20240418-alice-mm-v6-0-cb8f3e5d688f@google.com> Mime-Version: 1.0 References: <20240418-alice-mm-v6-0-cb8f3e5d688f@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=5122; i=aliceryhl@google.com; h=from:subject:message-id; bh=x1NaT6C4DcUL7cPQ6UUi0mTx75zJnB9XyZJjsIRI3Ns=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBmIODuRjVdfd6NY/1+Lcn75vkKinRf3CAdt5vul 8uvXQyrNxSJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZiDg7gAKCRAEWL7uWMY5 RsQMD/9U/ASnGmCDYMWUzDaCj6mk7qk2+xp5uBW1ucNBWrMyAEFMHPc5z03wfq4unBKyUtxuda3 cVebYAtbaZbp63wjQikTVnWr0A/vRMMbHK4rrmsUpppJWFebPLU5dwepofmDp1dUe4AsB7b4v44 Jn+7LT1sf4rD/QVa/iBoA1/HkJF3dbe5DL9LlCgW/jjTpTjCZF6vyyTPBonT3KKig+kGVf/mDXW SclM6B4dwaEHWE0iDwimbzGZ8olTZkYgOFHe27YIGru8D0vpepxeUE/iWloev4BSDHBgwwgmQKq LBBbgpJsR9jRU8oDstOfLK8AsYQxwhrvsJ0jeTIETH+3NwaB4KRpj1oMXBoKKLWZub9Kp9t+A5M X1bYRKt82+DXipxSeLK3h6XfUzxER09cfcT8U+Q2yixZ9gATa3U7PDUwp6JuKVlkr6Z1CMWH2Fv iy2Rj3azGJ9KQTkRTM2WpdQzShrIQPxjmkLdeub4Tr8oN+5W0UT/ywuAUF9UDsEn/+0N5N71PpP m+0Dpv35ERh8DmxzzX4Vsoh/qEjJlG2mAloMcUfjjyMt7ooKb3Id971TlasNffkGf6yIaIsBpXl 79SLRmMpdwi7FC/KENaINLCDuv9cayQySDvWxrjE1LMAvl61aKImCYsNgbngS3vnO/CiR+/W2Hv PVWyg3BJIZCYi/A== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240418-alice-mm-v6-2-cb8f3e5d688f@google.com> Subject: [PATCH v6 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook Cc: Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Greg Kroah-Hartman , " =?utf-8?q?Arve_Hj=C3=B8?= =?utf-8?q?nnev=C3=A5g?= " , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , Trevor Gross , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Alice Ryhl , Christian Brauner X-Rspam-User: X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 221EA140020 X-Stat-Signature: xe3kdg5ot9geeme5xc7ct7mj58btio8i X-HE-Tag: 1713430776-955727 X-HE-Meta: U2FsdGVkX1/5xjV0YwD8Mv95aLhzWNWD10Qi2KgGlt7YdMgytWHkO1p4tTYX26iwNgA1mwMgsO6kniXuch1+pJMEjjHatQKhyJ8pr9qiaCFv+mJk/Cqqwf+ZgqilXwagERuE/eEGyqGIqM2uVaASHNZ27OgXtHMj2Gsl9wKMNrog7kXTfaKXEeDpqXSVoXn1qEYtMup4W5Uq1ji/+EdQGWUM+K/sDfYhRikA2Wmh6BjgNGS5Zm7U2h+lTVz1jj79m57GbcD6ar41A49pNXi8M1s3IdeOKY9d+tfte6WogCTD4e4nQN8q/tdU3RkotxC8J8VBhs4VDvdsljCXZkW5VOX4gxfBt91+Es+n3ueWkeWO5xfw0+0XmE1/KkDhXIVzPSuQswtL3jNgORFCm+IROCNP6eHyo/KHef3m2wW3aAf4jBBu7ecFM/Dpt9kEFZL/dRmv8kyKm4qSQen/g4MQ3z7MDxkcQqLVaveT9om9OX6BpTkqGqD/Dumniqy9js4Z+KuWXYFnGAZKzdT7qMKxEdQ6EcadVU4XvO1VWad+RsB3lHijIxrrgTb82WykRHk9SBxMOUrw2bD8fZUcb1tZnicmbIk3KthEtUVhbuO2ip0cY5j3qDkXEpoYoQ+SXt0cW/FvdVcDDp4R28CkZ8gHn1vno3RS746YD5WK6UZiDDO4rBubmq2sSBltJdpEjlsdnqLirNSkQC6vFPYzWYMzIfHRBmo1iB5iBtjDAdBUfK7YDspeTF7NuuD414xbGI+TUa0EIDONE2qL+Ay8FOe1ZFZomN1QAUVcEzD8rvwx/MJAJbmpRaf66O6TpBDcOGhkQJXR9JaboTD+bVHPRmmuWBotiIIzmmQcVNwQNNw8nT6TeSSJAww3ns4xB5DzYGc2w8YTkML2xgCp2LGOsZZjEQYqoFB0U4vCUxgUzpQvjcPHmjhMtn4JgY1HZuBrz+s1y+QnaIhfMLipuqVZRwD zb1ZJo4e 4TbACjLK5U2xfXB/acCPEgRzXH0e6P+rukbbrsSZpskqirwvCfZ9gnAf4LIT/XIEoFv/3gLUWEagHrp84xmfbFr0L1Dl7Vo+osVKuEhsGsUD4DuqK+t/qIFQtkXTaikl2h4eC+DigY/w1zKBxbKoBq1SLuqDxlAHdbI5zaO6gjqgE5WWd4rOGi3/m9b3as1CaYqUywEDYnsFya2UsNCxpNoD+mmTbUdx87cuSw4o/owF3a81Niaz3ivzRqBIIpFnKPHMTmKmDE62Fns5/TOGWWFzd/tnKeqNK/4Jzel1Lp70CoOkpKYM88Z49zzni0VRWpuZdHhA6kw70yI9aqUsmoLrtFBB4MHV0Nc+DPCLX9ui8BFV612PYV9cPODgJoU6e6Q0VdAjg3Rwt0aSwRVzGJ9ooMBHvSBcggWvXaIFywKpyHgNFKU5bi5YQtHsmDb7fnw/MfQNJjX6pY6DLJnhl7VFGMm3+ChMlyvNX67eTNuUDsgpzf6DinKa2BgldZX65if44vK2p6r/ZpFkudVLrPC2OprHLzeAQXbUapPR8LvLXkanp8ahWXZEb+GM/Xk6OE/F7B62kH4d+TBIVVI61sthYX4h+xOFsBlJFv0rENo9SpXRhPhqL1c/ty1ZC6+wpINgKQWMXbTBndas4FVcd2TAO/hKLfINB/xcQO6lkHhmgKZS+NvVONeq23Zp9AyGaY3uLP5XO/pveLDkblBoM0KhEKjw9btEoKp4Ca8MC6muyt/v4EPSHkCPGLRbblGECYgU5WNosF6ano0XqC8sZlDR3eOTlvl/ruELZ90cIVA8DlxWfDsB3Knoq+bFeN+tXlY7paR4joaITpgk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Arnd Bergmann Rust code needs to be able to access _copy_from_user and _copy_to_user so that it can skip the check_copy_size check in cases where the length is known at compile-time, mirroring the logic for when C code will skip check_copy_size. To do this, we ensure that exported versions of these methods are available when CONFIG_RUST is enabled. Alice has verified that this patch passes the CONFIG_TEST_USER_COPY test on x86 using the Android cuttlefish emulator. Signed-off-by: Arnd Bergmann Tested-by: Alice Ryhl Reviewed-by: Boqun Feng Reviewed-by: Kees Cook Signed-off-by: Alice Ryhl --- include/linux/uaccess.h | 38 ++++++++++++++++++++++++-------------- lib/usercopy.c | 30 ++++-------------------------- 2 files changed, 28 insertions(+), 40 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 3064314f4832..2ebfce98b5cc 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -5,6 +5,7 @@ #include #include #include +#include #include #include @@ -138,13 +139,18 @@ __copy_to_user(void __user *to, const void *from, unsigned long n) return raw_copy_to_user(to, from, n); } -#ifdef INLINE_COPY_FROM_USER static inline __must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) +_inline_copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { + /* + * Ensure that bad access_ok() speculation will not + * lead to nasty side effects *after* the copy is + * finished: + */ + barrier_nospec(); instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); instrument_copy_from_user_after(to, from, n, res); @@ -153,14 +159,11 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) memset(to + (n - res), 0, res); return res; } -#else extern __must_check unsigned long _copy_from_user(void *, const void __user *, unsigned long); -#endif -#ifdef INLINE_COPY_TO_USER static inline __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned long n) +_inline_copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); if (should_fail_usercopy()) @@ -171,25 +174,32 @@ _copy_to_user(void __user *to, const void *from, unsigned long n) } return n; } -#else extern __must_check unsigned long _copy_to_user(void __user *, const void *, unsigned long); -#endif static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - if (check_copy_size(to, n, false)) - n = _copy_from_user(to, from, n); - return n; + if (!check_copy_size(to, n, false)) + return n; +#ifdef INLINE_COPY_FROM_USER + return _inline_copy_from_user(to, from, n); +#else + return _copy_from_user(to, from, n); +#endif } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - if (check_copy_size(from, n, true)) - n = _copy_to_user(to, from, n); - return n; + if (!check_copy_size(from, n, true)) + return n; + +#ifdef INLINE_COPY_TO_USER + return _inline_copy_to_user(to, from, n); +#else + return _copy_to_user(to, from, n); +#endif } #ifndef copy_mc_to_kernel diff --git a/lib/usercopy.c b/lib/usercopy.c index d29fe29c6849..de7f30618293 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -7,40 +7,18 @@ /* out-of-line parts */ -#ifndef INLINE_COPY_FROM_USER +#if !defined(INLINE_COPY_FROM_USER) || defined(CONFIG_RUST) unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long res = n; - might_fault(); - if (!should_fail_usercopy() && likely(access_ok(from, n))) { - /* - * Ensure that bad access_ok() speculation will not - * lead to nasty side effects *after* the copy is - * finished: - */ - barrier_nospec(); - instrument_copy_from_user_before(to, from, n); - res = raw_copy_from_user(to, from, n); - instrument_copy_from_user_after(to, from, n, res); - } - if (unlikely(res)) - memset(to + (n - res), 0, res); - return res; + return _inline_copy_from_user(to, from, n); } EXPORT_SYMBOL(_copy_from_user); #endif -#ifndef INLINE_COPY_TO_USER +#if !defined(INLINE_COPY_TO_USER) || defined(CONFIG_RUST) unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - might_fault(); - if (should_fail_usercopy()) - return n; - if (likely(access_ok(to, n))) { - instrument_copy_to_user(to, from, n); - n = raw_copy_to_user(to, from, n); - } - return n; + return _inline_copy_to_user(to, from, n); } EXPORT_SYMBOL(_copy_to_user); #endif