| Message ID | 1614670097-28536-1-git-send-email-yangtiezhu@loongson.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | riscv: Return -EFAULT if copy_to_user() failed in signal.c | expand |
On 02/03/2021 07:28, Tiezhu Yang wrote: > copy_to_user() returns the amount left to copy, it should return -EFAULT > if copy to user failed. This looks technically correct, but the caller (only one) will check for non-zero and will covert that to -EFAULT in setup_rt_frame(). I expect if this change is done, it also needs to be done for the callers too and there's a few others than assume !=0 is an error. I think it would be easier to define save_fp_state() to return non-zero on error and note it does not return an error code. It may be worth exiting the functio nif the first __copy_to_user fails? Note: setup_rt_frame -> setup_sigcontext -> save_fp_frame > > Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> > --- > arch/riscv/kernel/signal.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c > index 65942b3..2238fc5 100644 > --- a/arch/riscv/kernel/signal.c > +++ b/arch/riscv/kernel/signal.c > @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs, > fstate_save(current, regs); > err = __copy_to_user(state, ¤t->thread.fstate, sizeof(*state)); > if (unlikely(err)) > - return err; > + return -EFAULT; > > /* We support no other extension state at this time. */ > for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) { > @@ -140,8 +140,12 @@ static long setup_sigcontext(struct rt_sigframe __user *frame, > { > struct sigcontext __user *sc = &frame->uc.uc_mcontext; > long err; > + > /* sc_regs is structured the same as the start of pt_regs */ > err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); > + if (unlikely(err)) > + return -EFAULT; > + > /* Save the floating-point state. */ > if (has_fpu) > err |= save_fp_state(regs, &sc->sc_fpregs); >
On 03/02/2021 06:01 PM, Ben Dooks wrote: > On 02/03/2021 07:28, Tiezhu Yang wrote: >> copy_to_user() returns the amount left to copy, it should return -EFAULT >> if copy to user failed. > > This looks technically correct, but the caller (only one) > will check for non-zero and will covert that to -EFAULT > in setup_rt_frame(). Yes, as you said, the original code logic has no problem, it will covert that to -EFAULT in setup_rt_frame(). The initial aim of this patch is to make save_fp_state() return error code if __copy_to_user() failed, just like it returns -EFAULT if __put_user() failed. I notice that restore_fp_state() has similar issue, it will return -EFAULT if __get_user() failed and maybe return -EINVAL in the other error case, both -EFAULT and -EINVAL are error code, but when __copy_from_user() failed, it does not return an error code, which seems not so consistent. > > I expect if this change is done, it also needs to be done > for the callers too and there's a few others than assume > !=0 is an error. > > I think it would be easier to define save_fp_state() to > return non-zero on error and note it does not return an > error code. It may be worth exiting the functio nif > the first __copy_to_user fails? Now, (1) is it necessary to do some changes? If yes, I will send v2 later. Like this: [PATCH v2] riscv: Return -EFAULT if copy_{to,from}_user() failed in signal.c copy_{to,from}_user() returns the amount left to copy, it should return -EFAULT error code if copy {to,from} user failed, just like the return value is an error code when {put,get}_user() failed, this is to make the return value consistent, no function change. Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> --- arch/riscv/kernel/signal.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c index 65942b3..c76d877 100644 --- a/arch/riscv/kernel/signal.c +++ b/arch/riscv/kernel/signal.c @@ -39,7 +39,7 @@ static long restore_fp_state(struct pt_regs *regs, err = __copy_from_user(¤t->thread.fstate, state, sizeof(*state)); if (unlikely(err)) - return err; + return -EFAULT; fstate_restore(current, regs); @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs, fstate_save(current, regs); err = __copy_to_user(state, ¤t->thread.fstate, sizeof(*state)); if (unlikely(err)) - return err; + return -EFAULT; /* We support no other extension state at this time. */ for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) { @@ -87,8 +87,12 @@ static long restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc) { long err; + /* sc_regs is structured the same as the start of pt_regs */ err = __copy_from_user(regs, &sc->sc_regs, sizeof(sc->sc_regs)); + if (unlikely(err)) + return -EFAULT; + /* Restore the floating-point state. */ if (has_fpu) err |= restore_fp_state(regs, &sc->sc_fpregs); @@ -140,8 +144,12 @@ static long setup_sigcontext(struct rt_sigframe __user *frame, { struct sigcontext __user *sc = &frame->uc.uc_mcontext; long err; + /* sc_regs is structured the same as the start of pt_regs */ err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); + if (unlikely(err)) + return -EFAULT; + /* Save the floating-point state. */ if (has_fpu) err |= save_fp_state(regs, &sc->sc_fpregs);
diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c index 65942b3..2238fc5 100644 --- a/arch/riscv/kernel/signal.c +++ b/arch/riscv/kernel/signal.c @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs, fstate_save(current, regs); err = __copy_to_user(state, ¤t->thread.fstate, sizeof(*state)); if (unlikely(err)) - return err; + return -EFAULT; /* We support no other extension state at this time. */ for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) { @@ -140,8 +140,12 @@ static long setup_sigcontext(struct rt_sigframe __user *frame, { struct sigcontext __user *sc = &frame->uc.uc_mcontext; long err; + /* sc_regs is structured the same as the start of pt_regs */ err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); + if (unlikely(err)) + return -EFAULT; + /* Save the floating-point state. */ if (has_fpu) err |= save_fp_state(regs, &sc->sc_fpregs);
copy_to_user() returns the amount left to copy, it should return -EFAULT if copy to user failed. Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> --- arch/riscv/kernel/signal.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)