Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
From: Andrey Konovalov
Date: Fri Jun 29 2018 - 11:19:44 EST
a bunch of compat
a bunch of ioctl that use ptr to stored ints
ipc/shm.c:1355
ipc/shm.c:1566
mm/process_vm_access.c:178:20
mm/process_vm_access.c:180:19
substraction => harmless
mm/process_vm_access.c:221:4
?
mm/memory.c:4679:14
should be __user pointer
fs/fuse/file.c:1256:9
?
kernel/kthread.c:73:9
?
mm/migrate.c:1586:10
mm/migrate.c:1660:24
lib/iov_iter.c
???
kernel/futex.c:502
uses user addr as key
kernel/futex.c:730
gup, fixed
lib/strncpy_from_user.c:110:13
fixed?
lib/strnlen_user.c:112
fixed?
fs/readdir.c:369
???
On Thu, Jun 28, 2018 at 9:30 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
> On Wed, Jun 27, 2018 at 5:05 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
>> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
>> <catalin.marinas@xxxxxxx> wrote:
>>> While I support this work, as a maintainer I'd like to understand
>>> whether we'd be in a continuous chase of ABI breaks with every kernel
>>> release or we have a better way to identify potential issues. Is there
>>> any way to statically analyse conversions from __user ptr to long for
>>> example? Or, could we get the compiler to do this for us?
>>
>>
>> OK, got it, I'll try to figure out a way to find these conversions.
>
> I've prototyped a checker on top of clang static analyzer (initially
> looked at sparse, but couldn't find any documentation or examples).
> The results are here [1], search for "warning: user pointer cast".
> Sharing in case anybody wants to take a look, will look at them myself
> tomorrow.
>
> [1] https://gist.github.com/xairy/433edd5c86456a64026247cb2fef2115