[PATCH] x86/uaccess: Use address masking for get_size on ia32

From: Linus Torvalds
Date: Wed Jul 31 2024 - 21:30:39 EST


On x86_64 get_user and put_user rely on using address masking to force
any invalid addresses to the top of kernel address space, which is
unmapped, and then will trap. The 32-bit case has thus far just used a
comparison and a jump.

Use the address masking technique on ia32 as well (as the top page is
guaranteed to be unmapped here as well), to bring it into alignment with
the x86_64 implementation.

This also fixes the previous cleanup, which didn't zero the high bits if
a 64-bit get_user() was attempted with an invalid address, as in the
usercopy.usercopy_test_invalid KUnit test.

Fixes: 8a2462df1547 ("x86/uaccess: Improve the 8-byte getuser() case")
Co-developed-by: David Gow <davidgow@xxxxxxxxxx>
Signed-off-by: David Gow <davidgow@xxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
---
arch/x86/lib/getuser.S | 5 ++---
arch/x86/lib/putuser.S | 5 +++--
2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S
index a314622aa093..3ee80b9c4f78 100644
--- a/arch/x86/lib/getuser.S
+++ b/arch/x86/lib/getuser.S
@@ -44,9 +44,9 @@
or %rdx, %rax
.else
cmp $TASK_SIZE_MAX-\size+1, %eax
- jae .Lbad_get_user
sbb %edx, %edx /* array_index_mask_nospec() */
- and %edx, %eax
+ not %edx
+ or %edx, %eax
.endif
.endm

@@ -153,7 +153,6 @@ EXPORT_SYMBOL(__get_user_nocheck_8)

SYM_CODE_START_LOCAL(__get_user_handle_exception)
ASM_CLAC
-.Lbad_get_user:
xor %edx,%edx
mov $(-EFAULT),%_ASM_AX
RET
diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S
index 975c9c18263d..8896f6bcbf9c 100644
--- a/arch/x86/lib/putuser.S
+++ b/arch/x86/lib/putuser.S
@@ -39,7 +39,9 @@
or %rbx, %rcx
.else
cmp $TASK_SIZE_MAX-\size+1, %ecx
- jae .Lbad_put_user
+ sbb %ebx, %ebx
+ not %ebx
+ or %ebx, %ecx
.endif
.endm

@@ -128,7 +130,6 @@ EXPORT_SYMBOL(__put_user_nocheck_8)

SYM_CODE_START_LOCAL(__put_user_handle_exception)
ASM_CLAC
-.Lbad_put_user:
movl $-EFAULT,%ecx
RET
SYM_CODE_END(__put_user_handle_exception)
--
2.46.0.rc1.232.g9752f9e123-goog