From patchwork Tue Nov  8 19:52:05 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Francis Laniel <flaniel@linux.microsoft.com>
X-Patchwork-Id: 13036810
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E9490C4332F
	for <linux-mm@archiver.kernel.org>; Tue,  8 Nov 2022 19:52:47 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 7FD4C8E0002; Tue,  8 Nov 2022 14:52:47 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 786388E0001; Tue,  8 Nov 2022 14:52:47 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 626F28E0002; Tue,  8 Nov 2022 14:52:47 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 4FF2E8E0001
	for <linux-mm@kvack.org>; Tue,  8 Nov 2022 14:52:47 -0500 (EST)
Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 13A78140A1F
	for <linux-mm@kvack.org>; Tue,  8 Nov 2022 19:52:47 +0000 (UTC)
X-FDA: 80111322774.19.6F914CF
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
	by imf26.hostedemail.com (Postfix) with ESMTP id A338814000B
	for <linux-mm@kvack.org>; Tue,  8 Nov 2022 19:52:46 +0000 (UTC)
Received: from pwmachine.numericable.fr (85-170-25-210.rev.numericable.fr
 [85.170.25.210])
	by linux.microsoft.com (Postfix) with ESMTPSA id C085920B9F80;
	Tue,  8 Nov 2022 11:52:41 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C085920B9F80
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1667937165;
	bh=t36xpm43qmLMEEXsLNHAnvSSN1fHn9/wxZfzoHQm4H4=;
	h=From:To:Cc:Subject:Date:From;
	b=jLCsIjthGu7d4DRVQ1TB1mUyc8RViDwSi21b47OLSSvYIUrMF88SfAwGaztkyEF3C
	 xlvS4iAXH5LWDmr/3H9Zbx7JkO/Pk1Yeyq1fUOTIm7LLa854J4p4OteAabn/akYUnt
	 ut53qaPtrmCoJUQjxqsEupHjc9whVtslOLdkiBus=
From: Francis Laniel <flaniel@linux.microsoft.com>
To: linux-kernel@vger.kernel.org
Cc: Alban Crequy <alban.crequy@gmail.com>,
	Francis Laniel <flaniel@linux.microsoft.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Andrii Nakryiko <andrii@kernel.org>,
	Mykola Lysenko <mykolal@fb.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Song Liu <song@kernel.org>,
	Yonghong Song <yhs@fb.com>,
	John Fastabend <john.fastabend@gmail.com>,
	KP Singh <kpsingh@kernel.org>,
	Stanislav Fomichev <sdf@google.com>,
	Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>,
	Shuah Khan <shuah@kernel.org>,
	Alban Crequy <albancrequy@microsoft.com>,
	linux-mm@kvack.org,
	bpf@vger.kernel.org,
	linux-kselftest@vger.kernel.org
Subject: [RFC PATCH v1 0/2] Fix offset when fault occurs in
 strncpy_from_kernel_nofault()
Date: Tue,  8 Nov 2022 20:52:05 +0100
Message-Id: <20221108195211.214025-1-flaniel@linux.microsoft.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1667937166; a=rsa-sha256;
	cv=none;
	b=XGkEcwiS6+2TcmNGe18uYW0Vl+98tOBU2rxUYa2ks7lbcrItm9uRpw+uSjDIK5qatM+Wj2
	G6cB80HVOP2D3vTV8vvsNXLgotoer5rPWYB0zTZTIyXaKN/8M/C9iqcoVWkFdRa4QRKXLb
	1CxMbogno9le7upON9sM+h+u72hOeeA=
ARC-Authentication-Results: i=1;
	imf26.hostedemail.com;
	dkim=pass header.d=linux.microsoft.com header.s=default header.b=jLCsIjth;
	spf=pass (imf26.hostedemail.com: domain of flaniel@linux.microsoft.com
 designates 13.77.154.182 as permitted sender)
 smtp.mailfrom=flaniel@linux.microsoft.com;
	dmarc=pass (policy=none) header.from=linux.microsoft.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1667937166;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:references:dkim-signature;
	bh=t36xpm43qmLMEEXsLNHAnvSSN1fHn9/wxZfzoHQm4H4=;
	b=MVbC/Lc79zgnViG86OFWMyJ4JBRTThBmyM4AaQ1N3FlR5j8CCgqpB8a8pPKasKSLmTkej8
	BhV6bYDZtKAdH8u9qCJaNg9qPpwUbVBpkm/Ewwcl73A4VG7G9KrrugAZ2xgsPGdNF6ZkXG
	YqCJGyYhQ+eHNoYMO01hx770RgiWo9k=
X-Stat-Signature: n35n11b9g9wfcqdbp3tzafzuyh97meef
X-Rspamd-Queue-Id: A338814000B
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=linux.microsoft.com header.s=default header.b=jLCsIjth;
	spf=pass (imf26.hostedemail.com: domain of flaniel@linux.microsoft.com
 designates 13.77.154.182 as permitted sender)
 smtp.mailfrom=flaniel@linux.microsoft.com;
	dmarc=pass (policy=none) header.from=linux.microsoft.com
X-Rspam-User: 
X-Rspamd-Server: rspam11
X-HE-Tag: 1667937166-112985
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hi.


First of all, I hope you are fine and the same for your relatives.

This contribution fixes a bug where the byte before the destination address can
be reset when a page fault occurs in strncpy_from_kernel_nofault() while copying
the first byte from the source address.

This bug leaded to kernel panic if a pointer containing the modified address is
dereferenced as the pointer does not contain a correct addresss.

To fix this bug, we simply reset the current destination byte in a case of a
page fault.
The proposed fix was tested and validated inside a VM:
root@vm-amd64:~# ./share/linux/tools/testing/selftests/bpf/test_progs --name varlen
...
#222     varlen:OK
Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
Without the patch, the test will fail:
root@vm-amd64:~# ./share/linux/tools/testing/selftests/bpf/test_progs --name varlen
...
#222     varlen:FAIL
Summary: 0/0 PASSED, 0 SKIPPED, 1 FAILED

If you see any way to improve this contribution, feel free to share.

Alban Crequy (2):
  maccess: fix writing offset in case of fault in
    strncpy_from_kernel_nofault()
  selftests: bpf: add a test when bpf_probe_read_kernel_str() returns
    EFAULT

 mm/maccess.c                                    | 2 +-
 tools/testing/selftests/bpf/prog_tests/varlen.c | 7 +++++++
 tools/testing/selftests/bpf/progs/test_varlen.c | 5 +++++
 3 files changed, 13 insertions(+), 1 deletion(-)


Best regards and thank you in advance.
---
2.25.1