Re: [PATCH v16 03/16] lib, arm64: untag user pointers in strn*_user

From: Kees Cook
Date: Fri Jun 07 2019 - 23:52:38 EST

Next message: Bjorn Andersson: "Re: [PATCH 5/6] arm64: dts: Add ipq6018 SoC and CP01 board support"
Previous message: Bjorn Andersson: "Re: [PATCH 3/6] clk: qcom: Add DT bindings for ipq6018 gcc clock controller"
In reply to: Andrey Konovalov: "[PATCH v16 03/16] lib, arm64: untag user pointers in strn*_user"
Next in thread: Andrey Konovalov: "[PATCH v16 04/16] mm: untag user pointers in do_pages_move"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 03, 2019 at 06:55:05PM +0200, Andrey Konovalov wrote:
> This patch is a part of a series that extends arm64 kernel ABI to allow to
> pass tagged user pointers (with the top byte set to something else other
> than 0x00) as syscall arguments.
>
> strncpy_from_user and strnlen_user accept user addresses as arguments, and
> do not go through the same path as copy_from_user and others, so here we
> need to handle the case of tagged user addresses separately.
>
> Untag user pointers passed to these functions.
>
> Note, that this patch only temporarily untags the pointers to perform
> validity checks, but then uses them as is to perform user memory accesses.
>
> Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>
> Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>

Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

> ---
> lib/strncpy_from_user.c | 3 ++-
> lib/strnlen_user.c | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
> index 023ba9f3b99f..dccb95af6003 100644
> --- a/lib/strncpy_from_user.c
> +++ b/lib/strncpy_from_user.c
> @@ -6,6 +6,7 @@
> #include <linux/uaccess.h>
> #include <linux/kernel.h>
> #include <linux/errno.h>
> +#include <linux/mm.h>
>
> #include <asm/byteorder.h>
> #include <asm/word-at-a-time.h>
> @@ -108,7 +109,7 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
> return 0;
>
> max_addr = user_addr_max();
> - src_addr = (unsigned long)src;
> + src_addr = (unsigned long)untagged_addr(src);
> if (likely(src_addr < max_addr)) {
> unsigned long max = max_addr - src_addr;
> long retval;
> diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c
> index 7f2db3fe311f..28ff554a1be8 100644
> --- a/lib/strnlen_user.c
> +++ b/lib/strnlen_user.c
> @@ -2,6 +2,7 @@
> #include <linux/kernel.h>
> #include <linux/export.h>
> #include <linux/uaccess.h>
> +#include <linux/mm.h>
>
> #include <asm/word-at-a-time.h>
>
> @@ -109,7 +110,7 @@ long strnlen_user(const char __user *str, long count)
> return 0;
>
> max_addr = user_addr_max();
> - src_addr = (unsigned long)str;
> + src_addr = (unsigned long)untagged_addr(str);
> if (likely(src_addr < max_addr)) {
> unsigned long max = max_addr - src_addr;
> long retval;
> --
> 2.22.0.rc1.311.g5d7573a151-goog
>

--
Kees Cook

Next message: Bjorn Andersson: "Re: [PATCH 5/6] arm64: dts: Add ipq6018 SoC and CP01 board support"
Previous message: Bjorn Andersson: "Re: [PATCH 3/6] clk: qcom: Add DT bindings for ipq6018 gcc clock controller"
In reply to: Andrey Konovalov: "[PATCH v16 03/16] lib, arm64: untag user pointers in strn*_user"
Next in thread: Andrey Konovalov: "[PATCH v16 04/16] mm: untag user pointers in do_pages_move"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]