From patchwork Mon Mar 11 10:47:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13588580 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD14DC5475B for ; Mon, 11 Mar 2024 10:47:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 604E56B007E; Mon, 11 Mar 2024 06:47:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 58B736B0080; Mon, 11 Mar 2024 06:47:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3B5A46B0081; Mon, 11 Mar 2024 06:47:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 22FEA6B007E for ; Mon, 11 Mar 2024 06:47:31 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id E6DA9140ADB for ; Mon, 11 Mar 2024 10:47:30 +0000 (UTC) X-FDA: 81884431860.29.1CA854C Received: from mail-lj1-f202.google.com (mail-lj1-f202.google.com [209.85.208.202]) by imf28.hostedemail.com (Postfix) with ESMTP id D2E9FC0019 for ; Mon, 11 Mar 2024 10:47:28 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=1KrtEmGe; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf28.hostedemail.com: domain of 3PuHuZQkKCPETebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com designates 209.85.208.202 as permitted sender) smtp.mailfrom=3PuHuZQkKCPETebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710154049; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QK7N3wvRNuxt3Md31RNENpTO88LXLvO1cHfykZ9Cy8A=; b=VUGzqko19LXcwrehabzmsVleGG77jDulOAgUuS4yl3B6mLl3FTFycpIURI0KPuSfE36GM4 LIigiCehRStd9zDHLWQflk7KUWxv0zhw7sYAf39JhJOTdjPfi2cZp1q9duUGRRdKJNZie3 Cab2Fh+U/+fHGtYcFBIvWIMFVXFRVXg= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=1KrtEmGe; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf28.hostedemail.com: domain of 3PuHuZQkKCPETebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com designates 209.85.208.202 as permitted sender) smtp.mailfrom=3PuHuZQkKCPETebVXkraeZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--aliceryhl.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710154049; a=rsa-sha256; cv=none; b=icB6ezHYvceDjhUL7E/SmVovlSBepbQmX3p0+ltlupq/7dtuWg0n6svjuOVUyzCbYXZwDI 4myxkMa91wRFzOjOlncmYEq53X9+Yd+LpQ3Sy+5D/nnmuJwt7AoB16ypwFz2sADyI5XnEp 9HAh/SNamQcsPP8baFUxCSf4YWZh5fA= Received: by mail-lj1-f202.google.com with SMTP id 38308e7fff4ca-2d416c82a47so22046661fa.0 for ; Mon, 11 Mar 2024 03:47:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710154047; x=1710758847; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=QK7N3wvRNuxt3Md31RNENpTO88LXLvO1cHfykZ9Cy8A=; b=1KrtEmGeaF1C1Sm4mSukJdFwC4SmtWvPT0qkegf+Rcwiti1TtO+59ISI2eHnuCWbbh Iixyou/Hb+QTB+RSIme8f0zH+1evZrn+hrl9C76CARH9BL0YFU5+KGbwDgcvXotxA2s0 CzG1kyI0EGXIQk2PRQH8lxaqBAG0moHRlEGO+/zBGMG7oOag2QR05AHadDbQ1RzNn62Z NUZmq27zEPmFqFqpeuIeMdWKtlW8JwHJbWsu0zEoWNddPefaK5dskmKY7PYSmC4iGH08 egLPTR9i8s0Vm15yQjYnUJfq086HwGsNsGJWfR6B1D3IIquBpCfcgfuFiG0Dau5Rimp+ m2qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710154047; x=1710758847; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QK7N3wvRNuxt3Md31RNENpTO88LXLvO1cHfykZ9Cy8A=; b=Z0cyK9MjlZmVBjsoblhWfPRu8aPkNK11Gfkl8zF+hU1MmMspEGYeR8/Z2JpqG/AK3P puj4kO3ZI0nq8DnC0mv9/Ue+NGu084QFxwFUR/V2rNaBom+b2guS+Z49kDPIReBFg91j LVRhTQ08x9WJ5QS1VQG+1I73BvsDnK4OQjFyj0eo7Hok1l8yX+mWKcO746P+yrbASJsj DTyN3UVF3me+ieHmfsKowWcFd77pUrmq+04nQ8LIv4jZO3URHwzbqYNyS8/voLLBuNtE M+ul4ulQTe5i+X6BRtHrzlfcWK+8dYXipYSLODVzGPhhQ9qucqXCY/UKPCUowNvVO7SG aktQ== X-Forwarded-Encrypted: i=1; AJvYcCUYCdHMdJkJ8LbSz3udSROz5+dXbbLXEyom6E406LFVPA4s2A2G3cAONYYGOXDh3oSKP5h1n0lK7LKM0+mNWkYh6Nw= X-Gm-Message-State: AOJu0Yyuf7kop5h/Dh3zZwwa6i5N7olgQZNjzSXfttMRcaZWjG1YX+ed Runabfu1cL9QqN6Mp1zi3UtEOaRLzRRqrUg2FZ8Mi+T4covyIbqvBIMtMPD7E5q0Qizq4tIaZgI H8Bu3J7kmVxdvBA== X-Google-Smtp-Source: AGHT+IHSWDS4ViRws7i/kRXoMZR5WHtv1Oe3C4G9VZj4JBfcdfc7JLVHMzSKn3kJjxqSGhfVqyFOyNajwYd1AbY= X-Received: from aliceryhl2.c.googlers.com ([fda3:e722:ac3:cc00:68:949d:c0a8:572]) (user=aliceryhl job=sendgmr) by 2002:a2e:98d7:0:b0:2d2:39e3:4177 with SMTP id s23-20020a2e98d7000000b002d239e34177mr5921ljj.3.1710154046386; Mon, 11 Mar 2024 03:47:26 -0700 (PDT) Date: Mon, 11 Mar 2024 10:47:14 +0000 In-Reply-To: <20240311-alice-mm-v3-0-cdf7b3a2049c@google.com> Mime-Version: 1.0 References: <20240311-alice-mm-v3-0-cdf7b3a2049c@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=5026; i=aliceryhl@google.com; h=from:subject:message-id; bh=pHnbSUxra5e5H6zBKTRnUbpLhZzdUBojHIfp+nyvk+Y=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBl7uE0j1KsTCtMubuFNvEOo6APsxvUwA1hJoBnz QHXFmedNU6JAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZe7hNAAKCRAEWL7uWMY5 Rp+KD/4qOeDNNJqVjqc6H7KB4hwApHbA5wPeaWMEUeFX/cw2NlzyLJPdERRCiqZLQ/cEdsHg7Wz gZUXgev5Z21/0QAeen5iqImCU0oknimN4IowfaMXghclnRg6AI95WZr+YSDOfUTInGLsjVeR5X4 D2yQCZ22UtLTRbmz3aVcRLkUAFDTMyzKjj0uQQysx92PKlM62qwFpJyHgf1VYYl+tU9FOK2prQ4 X5m6OeKp9sz7tZJ64BNvj9wFCrVHbeYZmu3X1gEIPtj0YuUGtylFF3hNNZX4PWb27YBqgTh/jsv uLj1a8kBx+HN66qwceF7EVW40qHUqlJYvF8kByf0Qd6lOo61FxBRRXrfhE+GFkdgK1uRDRenjpJ gfIqSvdgqx9JClXUqQgS6U8txVmMCWErdT3wSkzhop3wNLdA4q0eZlTnTHQVtuofBhbnbjr9NvE BgApEvdQxYtNmjEDWS3zH/GG18kLfHqArvpraRws98F4n0PVY22Dg1RuifPFihc9um3lqpoto0K cdMmSF6mMo4HSZx1wq+r/PURWdB2rlvRbt6q8sLZ5xWK1NorgXqXs8w9gqad76yCV5byjmGMGqC ULKm+giotJR8S6iaAvd0PFjxeKoz5R9iOobOCUZFg4UQsrn890ASHToXImx92uLM1+kCe1HYXEH Pw8yHaDClkwD+iQ== X-Mailer: b4 0.13-dev-26615 Message-ID: <20240311-alice-mm-v3-2-cdf7b3a2049c@google.com> Subject: [PATCH v3 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Al Viro , Andrew Morton , Kees Cook Cc: Alex Gaynor , Wedson Almeida Filho , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Greg Kroah-Hartman , " =?utf-8?q?Arve_Hj=C3=B8?= =?utf-8?q?nnev=C3=A5g?= " , Todd Kjos , Martijn Coenen , Joel Fernandes , Carlos Llamas , Suren Baghdasaryan , Arnd Bergmann , linux-mm@kvack.org, linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, Alice Ryhl , Christian Brauner X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D2E9FC0019 X-Stat-Signature: 7y3ycfrqjjt6aghr6tzj6pxbnqtjkn4h X-HE-Tag: 1710154048-121643 X-HE-Meta: U2FsdGVkX18GDQh67OO+SUWKvZbONOWH+ztdid2FUxBE/+caGjMoCV9H5YrdXpUyqUrFLXOStf4R+0OKXa1/7mzRwo/OCL2rN3n9Aap8z4zMoBDuQIA9VsDOkkpwpLYJDk45OB59ZqKrSKY/BjJ6PiP8xgpul/h3K/5biDr2+mCXfH//8MQb6bCJXLWRK+RibkOHnNrjbmWFG7FP2z9uUj9dljtifIPx5DiSxF3ionnQolm31Sj95VFeUtzwLAJ6MxPB0dtwmc+s0hop3y81LDC3TqEUQR9UAHOd4XA06g67eFntDdR+ym/JVFLgDuq5+Spgs1lMqg9w8zeMRI131dsZuzXj+MR4EMdDMEM2RWWtzB/mS49QyPRDKJy98X74+y+vFu6dRMJ4W19EOPfUQcP8zjUktfw+DVYp82KDhgt2ydKOf95XZzithxaZQRJN9Bkocb3TGBQxXKLPtrkpNf5tFlr/lDN8QMA7BPrrh6nbtXcUlrHrfY+815Zr9iBRzKSGnTlyM8mVt2F5OJ99koBp9KNpHuJ12KoNACdTPoW2JVzYBVSNP815XTvLEZDsZvqjCsj7Mc6feJlm65jk5ukZlCG2s9Tc8pvNsnHrdy1mUimZaTSZZWVTpi0ZDuDnvsuOCGf5uLJskg2pRVlLnWHhuFWsl1JX4tCyKB4AEeJKPr9IQTU9hrRfAliIxa/4H8fUmrJBdcFQMtPv9oIAtQPoErK55JYJcDSp7WrGsZCLtRQGvS0lLVI/r0mFm1xH7SgSxk25AwFb+U2Yppaawg0WyDOJ+JZJsSpchW/D6S7BgGtJTO9fHHrGlWDPqCgxe0Uknd1LdK/Coqn/+9FmEwcAlgd395wfUrYrIMizF4M/7zwUnuWbgDB6YeEWMkrw2+j1XAmnxo45Nz8umPp3woqCVdUqWm1qbdslRK7GKIC66taXBZjAhTUsBPJLqNLldYUm5n/FVRj8qk+vV8C LY9iv08+ jkLRnCmUceyjBy6SJDVB2P5ZLFmWa9/pHV4VwWh+DIvqSWNvrr01eh7kpq+x1nb3W+nnDaGXaGtxJI5DYZA4pPocC6nWfu7UuDBBDVEHIm/xl2Dj9wWXkbrfIf/6dUy7UbDg3EOBwRBVPa2/ajIrh544koa5ulVuXGz69rZQYnjBeb/PpLSy33i5+M2uN7u+cxd2ZWrAiO2nx5f60aQuZK9rH2kVZhWP7NIl9295tbjqmEW+9d1vuGGnVDNYMWZJWZDFfrqRjOfErU1voKZKuJf4f/eMxpbgmFgpMAuVCOzb1iE+Scow5PVUsn34E8k8bqZzuN22kuIXCnYnDuDDnG3LMxZ6SUOt0DqFZrG7GJBu08ujoH2IVzpqjJa5n1ZqW2Lj10jTB/iXr2Jn69c2/niBrPakyFfX11Mb+BsKqzpiqhyidH2YqB7w/jnPILQF1rYypVvzHfWUSFaQDyb1eIwT+uuzES2gQ+wnjftg9ZjgG/8NmjWuCIKAmnBWby1hm+4p4PlTovPnIf9rYvCdKFcf1tLjRThe9SGTipR5s7M0+Z4eum9tjz4Gty6hZ2qQa9/vW3uK4z3pegm4Pa+K3FB5i7QbwvLgs8brKKtCLgtVxFtHAXL4qckQULn8ST+cw79n/oiYfuIA4G94wrGQQ7kgSJ9O4QFShegWb X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Arnd Bergmann Rust code needs to be able to access _copy_from_user and _copy_to_user so that it can skip the check_copy_size check in cases where the length is known at compile-time, mirroring the logic for when C code will skip check_copy_size. To do this, we ensure that exported versions of these methods are available when CONFIG_RUST is enabled. Alice has verified that this patch passes the CONFIG_TEST_USER_COPY test on x86 using the Android cuttlefish emulator. Signed-off-by: Arnd Bergmann Tested-by: Alice Ryhl Signed-off-by: Alice Ryhl Reviewed-by: Boqun Feng --- include/linux/uaccess.h | 38 ++++++++++++++++++++++++-------------- lib/usercopy.c | 30 ++++-------------------------- 2 files changed, 28 insertions(+), 40 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 3064314f4832..2ebfce98b5cc 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -5,6 +5,7 @@ #include #include #include +#include #include #include @@ -138,13 +139,18 @@ __copy_to_user(void __user *to, const void *from, unsigned long n) return raw_copy_to_user(to, from, n); } -#ifdef INLINE_COPY_FROM_USER static inline __must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) +_inline_copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; might_fault(); if (!should_fail_usercopy() && likely(access_ok(from, n))) { + /* + * Ensure that bad access_ok() speculation will not + * lead to nasty side effects *after* the copy is + * finished: + */ + barrier_nospec(); instrument_copy_from_user_before(to, from, n); res = raw_copy_from_user(to, from, n); instrument_copy_from_user_after(to, from, n, res); @@ -153,14 +159,11 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) memset(to + (n - res), 0, res); return res; } -#else extern __must_check unsigned long _copy_from_user(void *, const void __user *, unsigned long); -#endif -#ifdef INLINE_COPY_TO_USER static inline __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned long n) +_inline_copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); if (should_fail_usercopy()) @@ -171,25 +174,32 @@ _copy_to_user(void __user *to, const void *from, unsigned long n) } return n; } -#else extern __must_check unsigned long _copy_to_user(void __user *, const void *, unsigned long); -#endif static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - if (check_copy_size(to, n, false)) - n = _copy_from_user(to, from, n); - return n; + if (!check_copy_size(to, n, false)) + return n; +#ifdef INLINE_COPY_FROM_USER + return _inline_copy_from_user(to, from, n); +#else + return _copy_from_user(to, from, n); +#endif } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - if (check_copy_size(from, n, true)) - n = _copy_to_user(to, from, n); - return n; + if (!check_copy_size(from, n, true)) + return n; + +#ifdef INLINE_COPY_TO_USER + return _inline_copy_to_user(to, from, n); +#else + return _copy_to_user(to, from, n); +#endif } #ifndef copy_mc_to_kernel diff --git a/lib/usercopy.c b/lib/usercopy.c index d29fe29c6849..de7f30618293 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -7,40 +7,18 @@ /* out-of-line parts */ -#ifndef INLINE_COPY_FROM_USER +#if !defined(INLINE_COPY_FROM_USER) || defined(CONFIG_RUST) unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long res = n; - might_fault(); - if (!should_fail_usercopy() && likely(access_ok(from, n))) { - /* - * Ensure that bad access_ok() speculation will not - * lead to nasty side effects *after* the copy is - * finished: - */ - barrier_nospec(); - instrument_copy_from_user_before(to, from, n); - res = raw_copy_from_user(to, from, n); - instrument_copy_from_user_after(to, from, n, res); - } - if (unlikely(res)) - memset(to + (n - res), 0, res); - return res; + return _inline_copy_from_user(to, from, n); } EXPORT_SYMBOL(_copy_from_user); #endif -#ifndef INLINE_COPY_TO_USER +#if !defined(INLINE_COPY_TO_USER) || defined(CONFIG_RUST) unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - might_fault(); - if (should_fail_usercopy()) - return n; - if (likely(access_ok(to, n))) { - instrument_copy_to_user(to, from, n); - n = raw_copy_to_user(to, from, n); - } - return n; + return _inline_copy_to_user(to, from, n); } EXPORT_SYMBOL(_copy_to_user); #endif