Message ID | 20200414070142.288696-9-hch@lst.de (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [1/8] powerpc/spufs: simplify spufs core dumping | expand |
Le 14/04/2020 à 09:01, Christoph Hellwig a écrit : > Currently copy_string_kernel is just a wrapper around copy_strings that > simplifies the calling conventions and uses set_fs to allow passing a > kernel pointer. But due to the fact the we only need to handle a single > kernel argument pointer, the logic can be sigificantly simplified while > getting rid of the set_fs. Instead of duplicating almost identical code, can you write a function that takes whether the source is from user or from kernel, then you just do things like: if (from_user) len = strnlen_user(str, MAX_ARG_STRLEN); else len = strnlen(str, MAX_ARG_STRLEN); if (from_user) copy_from_user(kaddr+offset, str, bytes_to_copy); else memcpy(kaddr+offset, str, bytes_to_copy); > > Signed-off-by: Christoph Hellwig <hch@lst.de> > --- > fs/exec.c | 43 ++++++++++++++++++++++++++++++++++--------- > 1 file changed, 34 insertions(+), 9 deletions(-) > > diff --git a/fs/exec.c b/fs/exec.c > index b2a77d5acede..ea90af1fb236 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -592,17 +592,42 @@ static int copy_strings(int argc, struct user_arg_ptr argv, > */ > int copy_string_kernel(const char *arg, struct linux_binprm *bprm) > { > - int r; > - mm_segment_t oldfs = get_fs(); > - struct user_arg_ptr argv = { > - .ptr.native = (const char __user *const __user *)&arg, > - }; > + int len = strnlen(arg, MAX_ARG_STRLEN) + 1 /* terminating NUL */; > + unsigned long pos = bprm->p; > + > + if (len == 0) > + return -EFAULT; > + if (!valid_arg_len(bprm, len)) > + return -E2BIG; > + > + /* We're going to work our way backwards. */ > + arg += len; > + bprm->p -= len; > + if (IS_ENABLED(CONFIG_MMU) && bprm->p < bprm->argmin) > + return -E2BIG; > + > + while (len > 0) { > + unsigned int bytes_to_copy = min_t(unsigned int, len, > + min_not_zero(offset_in_page(pos), PAGE_SIZE)); > + struct page *page; > + char *kaddr; > > - set_fs(KERNEL_DS); > - r = copy_strings(1, argv, bprm); > - set_fs(oldfs); > + pos -= bytes_to_copy; > + arg -= bytes_to_copy; > + len -= bytes_to_copy; > > - return r; > + page = get_arg_page(bprm, pos, 1); > + if (!page) > + return -E2BIG; > + kaddr = kmap_atomic(page); > + flush_arg_page(bprm, pos & PAGE_MASK, page); > + memcpy(kaddr + offset_in_page(pos), arg, bytes_to_copy); > + flush_kernel_dcache_page(page); > + kunmap_atomic(kaddr); > + put_arg_page(page); > + } > + > + return 0; > } > EXPORT_SYMBOL(copy_string_kernel); > > Christophe
On Sat, Apr 18, 2020 at 10:15:42AM +0200, Christophe Leroy wrote: > > > Le 14/04/2020 à 09:01, Christoph Hellwig a écrit : >> Currently copy_string_kernel is just a wrapper around copy_strings that >> simplifies the calling conventions and uses set_fs to allow passing a >> kernel pointer. But due to the fact the we only need to handle a single >> kernel argument pointer, the logic can be sigificantly simplified while >> getting rid of the set_fs. > > > Instead of duplicating almost identical code, can you write a function that > takes whether the source is from user or from kernel, then you just do > things like: > > if (from_user) > len = strnlen_user(str, MAX_ARG_STRLEN); > else > len = strnlen(str, MAX_ARG_STRLEN); > > > if (from_user) > copy_from_user(kaddr+offset, str, bytes_to_copy); > else > memcpy(kaddr+offset, str, bytes_to_copy); We'll need two different str variables then with and without __user annotations to keep type safety. And introduce a branch-y and unreadable mess in the exec fast path instead of adding a simple and well understood function for the kernel case that just deals with the much simpler case of just copying a single arg vector from a kernel address.
Le 19/04/2020 à 10:06, Christoph Hellwig a écrit : > On Sat, Apr 18, 2020 at 10:15:42AM +0200, Christophe Leroy wrote: >> >> >> Le 14/04/2020 à 09:01, Christoph Hellwig a écrit : >>> Currently copy_string_kernel is just a wrapper around copy_strings that >>> simplifies the calling conventions and uses set_fs to allow passing a >>> kernel pointer. But due to the fact the we only need to handle a single >>> kernel argument pointer, the logic can be sigificantly simplified while >>> getting rid of the set_fs. >> >> >> Instead of duplicating almost identical code, can you write a function that >> takes whether the source is from user or from kernel, then you just do >> things like: >> >> if (from_user) >> len = strnlen_user(str, MAX_ARG_STRLEN); >> else >> len = strnlen(str, MAX_ARG_STRLEN); >> >> >> if (from_user) >> copy_from_user(kaddr+offset, str, bytes_to_copy); >> else >> memcpy(kaddr+offset, str, bytes_to_copy); > > We'll need two different str variables then with and without __user > annotations to keep type safety. And introduce a branch-y and unreadable > mess in the exec fast path instead of adding a simple and well understood > function for the kernel case that just deals with the much simpler case > of just copying a single arg vector from a kernel address. > About the branch, I was expecting GCC to inline and eliminate the unused branch.
diff --git a/fs/exec.c b/fs/exec.c index b2a77d5acede..ea90af1fb236 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -592,17 +592,42 @@ static int copy_strings(int argc, struct user_arg_ptr argv, */ int copy_string_kernel(const char *arg, struct linux_binprm *bprm) { - int r; - mm_segment_t oldfs = get_fs(); - struct user_arg_ptr argv = { - .ptr.native = (const char __user *const __user *)&arg, - }; + int len = strnlen(arg, MAX_ARG_STRLEN) + 1 /* terminating NUL */; + unsigned long pos = bprm->p; + + if (len == 0) + return -EFAULT; + if (!valid_arg_len(bprm, len)) + return -E2BIG; + + /* We're going to work our way backwards. */ + arg += len; + bprm->p -= len; + if (IS_ENABLED(CONFIG_MMU) && bprm->p < bprm->argmin) + return -E2BIG; + + while (len > 0) { + unsigned int bytes_to_copy = min_t(unsigned int, len, + min_not_zero(offset_in_page(pos), PAGE_SIZE)); + struct page *page; + char *kaddr; - set_fs(KERNEL_DS); - r = copy_strings(1, argv, bprm); - set_fs(oldfs); + pos -= bytes_to_copy; + arg -= bytes_to_copy; + len -= bytes_to_copy; - return r; + page = get_arg_page(bprm, pos, 1); + if (!page) + return -E2BIG; + kaddr = kmap_atomic(page); + flush_arg_page(bprm, pos & PAGE_MASK, page); + memcpy(kaddr + offset_in_page(pos), arg, bytes_to_copy); + flush_kernel_dcache_page(page); + kunmap_atomic(kaddr); + put_arg_page(page); + } + + return 0; } EXPORT_SYMBOL(copy_string_kernel);
Currently copy_string_kernel is just a wrapper around copy_strings that simplifies the calling conventions and uses set_fs to allow passing a kernel pointer. But due to the fact the we only need to handle a single kernel argument pointer, the logic can be sigificantly simplified while getting rid of the set_fs. Signed-off-by: Christoph Hellwig <hch@lst.de> --- fs/exec.c | 43 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 9 deletions(-)