diff mbox series

ARM: uaccess: Fix KASAN false-positives

Message ID 20230215023706.19453-1-zev@bewilderbeest.net (mailing list archive)
State New, archived
Headers show
Series ARM: uaccess: Fix KASAN false-positives | expand

Commit Message

Zev Weiss Feb. 15, 2023, 2:37 a.m. UTC
From: Andrew Jeffery <andrew@aj.id.au>

__copy_to_user_memcpy() and __clear_user_memset() had been calling
memcpy() and memset() respectively, leading to false-positive KASAN
reports when starting userspace:

    [   10.707901] Run /init as init process
    [   10.731892] process '/bin/busybox' started with executable stack
    [   10.745234] ==================================================================
    [   10.745796] BUG: KASAN: user-memory-access in __clear_user_memset+0x258/0x3ac
    [   10.747260] Write of size 2687 at addr 000de581 by task init/1

Use __memcpy() and __memset() instead to allow userspace access, which
is of course the intent of these functions.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
---
 arch/arm/lib/uaccess_with_memcpy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Arnd Bergmann Feb. 15, 2023, 10:07 a.m. UTC | #1
On Wed, Feb 15, 2023, at 03:37, Zev Weiss wrote:
> From: Andrew Jeffery <andrew@aj.id.au>
>
> __copy_to_user_memcpy() and __clear_user_memset() had been calling
> memcpy() and memset() respectively, leading to false-positive KASAN
> reports when starting userspace:
>
>     [   10.707901] Run /init as init process
>     [   10.731892] process '/bin/busybox' started with executable stack
>     [   10.745234] 
> ==================================================================
>     [   10.745796] BUG: KASAN: user-memory-access in 
> __clear_user_memset+0x258/0x3ac
>     [   10.747260] Write of size 2687 at addr 000de581 by task init/1
>
> Use __memcpy() and __memset() instead to allow userspace access, which
> is of course the intent of these functions.
>
> Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> Signed-off-by: Zev Weiss <zev@bewilderbeest.net>

Looks good to me. I've added it to my randconfig build tree to
see if there are any build time regressions in odd configurations.
If you don't hear back from me until tomorrow, please add this to
Russell's patch system at 

https://www.arm.linux.org.uk/developer/patches/info.php

with my

Reviewed-by: Arnd Bergmann <arnd@arndb.de>
diff mbox series

Patch

diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c
index 14eecaaf295f..e4c2677cc1e9 100644
--- a/arch/arm/lib/uaccess_with_memcpy.c
+++ b/arch/arm/lib/uaccess_with_memcpy.c
@@ -116,7 +116,7 @@  __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
 			tocopy = n;
 
 		ua_flags = uaccess_save_and_enable();
-		memcpy((void *)to, from, tocopy);
+		__memcpy((void *)to, from, tocopy);
 		uaccess_restore(ua_flags);
 		to += tocopy;
 		from += tocopy;
@@ -178,7 +178,7 @@  __clear_user_memset(void __user *addr, unsigned long n)
 			tocopy = n;
 
 		ua_flags = uaccess_save_and_enable();
-		memset((void *)addr, 0, tocopy);
+		__memset((void *)addr, 0, tocopy);
 		uaccess_restore(ua_flags);
 		addr += tocopy;
 		n -= tocopy;