From patchwork Thu Oct 6 07:07:30 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 9363697 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 757F96077E for ; Thu, 6 Oct 2016 07:07:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 68D8128E2E for ; Thu, 6 Oct 2016 07:07:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5BC6D28E35; Thu, 6 Oct 2016 07:07:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C2D928E2E for ; Thu, 6 Oct 2016 07:07:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752961AbcJFHHo (ORCPT ); Thu, 6 Oct 2016 03:07:44 -0400 Received: from mout.gmx.net ([212.227.15.15]:54445 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752885AbcJFHHn (ORCPT ); Thu, 6 Oct 2016 03:07:43 -0400 Received: from ls3530.box ([92.203.45.129]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LkgAG-1bHc5x2b8G-00aYlI; Thu, 06 Oct 2016 09:07:33 +0200 Date: Thu, 6 Oct 2016 09:07:30 +0200 From: Helge Deller To: linux-parisc@vger.kernel.org, James Bottomley , John David Anglin Subject: [PATCH] parisc: Add hardened usercopy feature Message-ID: <20161006070730.GA24780@ls3530.box> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Provags-ID: V03:K0:cnhD4uvzaoUykQrmF+8bWbdlibf2jevsCMv6PS2X442SYasjGj7 0xhZefedgG9gDjVtZwBN9AfSDZAaCNZUq0cS+RIRDsNUaNrn4Kw4l4/r1JyhlKiA8YxkMdn jtDW48Y3/HuP7ubQYW1rfYO0+GUTH1qQoSK+OrmuakgCssNSZGOxaaGpZKAYoApi3AfuaNM ytzD5THOhwMuRWyfJl0sA== X-UI-Out-Filterresults: notjunk:1; V01:K0:iznhqIXNT4Q=:LXHFcuoy04LFg454Yt8NFG VpTExzcYp5PcbQV7B5sknHNZQl4Zs9AVpzmGX2UKWfz9IypxMqAWY2HXpaZFmIRlScPRcam+5 Q8UBS8Zjlo9LV+d11xO0KR9OPYOk0viMNzOOycOIDKBRY4C9upmH5TlK5dnTAOg4igxNuPREh WJMHEihcw3y+f4OqROfzHcyx9E9vIviUdP6szYsPRGQHcJ0nenFp/gnTxDNgWpxgjcA1J8hfC m8rNDLoPr7sBR7CrOYQHcMHYNPLChgfI4cYwF3ASyIgIWta27pKlk/0AfxpPz60n4jCh/kELP iTmuctiV6tmtl+0qe2GKE+9ugcShOeLQhWLuoL1IxxDI42jxYb3DG+e8ijOfTV7jiFSuHH8Uz J8jVW//kN5D9NOSpHOy8tZ/N4hgZ343Un7bLofFfqFw8cyL62wSSwQRY1Ek0IgkcCCUiGzYOx xHGRCxnrVe7taDA5NHQgfG5kIANEKazMnGvFK10zP2iSZMRFGNjWcs1AbIAzL6T95kfU7x1Vj 59z9ixTqXzzgY8rnxsEPPZtv1pDIlPcH7FBfebqWbtiyI9TifyW0Uifp3kbNXDTUShfC4Veoq gaPn9GYPFeKzwE+1u/jdskotk7WlGP9JpjDi3FA9dNuvU+/AZK3ws3lgcafseHWOl1aXMi6Fv TYLmDwqjATknigUb9X249i9m+ATIUJk2E7wSlj0vID5nWkHNhUZnzaN97Ya2lLjus/6fZgaYj Y1cR3ARz1tQKfQBuqU5ssKOzjgm9pZEYmsf0I7Fc7lFAcVh7mTqhjyyIhEc= Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add hardened usercopy checks to parisc architecture and clean up indenting. Signed-off-by: Helge Deller --- To unsubscribe from this list: send the line "unsubscribe linux-parisc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index af12c2d..393c730 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -24,6 +24,7 @@ config PARISC select SYSCTL_ARCH_UNALIGN_ALLOW select SYSCTL_EXCEPTION_TRACE select HAVE_MOD_ARCH_SPECIFIC + select HAVE_ARCH_HARDENED_USERCOPY select VIRT_TO_BUS select MODULES_USE_ELF_RELA select CLONE_BACKWARDS diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h index 4828478..9a2aee1 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -11,6 +11,7 @@ #include #include +#include #define VERIFY_READ 0 #define VERIFY_WRITE 1 @@ -201,10 +202,12 @@ extern long lstrnlen_user(const char __user *, long); #define clear_user lclear_user #define __clear_user lclear_user -unsigned long copy_to_user(void __user *dst, const void *src, unsigned long len); -#define __copy_to_user copy_to_user -unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long len); -unsigned long copy_in_user(void __user *dst, const void __user *src, unsigned long len); +unsigned long __must_check __copy_to_user(void __user *dst, const void *src, + unsigned long len); +unsigned long __must_check __copy_from_user(void *dst, const void __user *src, + unsigned long len); +unsigned long copy_in_user(void __user *dst, const void __user *src, + unsigned long len); #define __copy_in_user copy_in_user #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user @@ -217,23 +220,40 @@ static inline void copy_user_overflow(int size, unsigned long count) WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); } -static inline unsigned long __must_check copy_from_user(void *to, - const void __user *from, - unsigned long n) +static __always_inline unsigned long __must_check +copy_from_user(void *to, const void __user *from, unsigned long n) { - int sz = __compiletime_object_size(to); - unsigned long ret = n; + int sz = __compiletime_object_size(to); + unsigned long ret = n; - if (likely(sz == -1 || sz >= n)) - ret = __copy_from_user(to, from, n); - else if (!__builtin_constant_p(n)) + if (likely(sz < 0 || sz >= n)) { + check_object_size(to, n, false); + ret = __copy_from_user(to, from, n); + } else if (!__builtin_constant_p(n)) copy_user_overflow(sz, n); else - __bad_copy_user(); + __bad_copy_user(); if (unlikely(ret)) memset(to + (n - ret), 0, ret); - return ret; + + return ret; +} + +static __always_inline unsigned long __must_check +copy_to_user(void __user *to, const void *from, unsigned long n) +{ + int sz = __compiletime_object_size(from); + + if (likely(sz < 0 || sz >= n)) { + check_object_size(from, n, true); + n = __copy_to_user(to, from, n); + } else if (!__builtin_constant_p(n)) + copy_user_overflow(sz, n); + else + __bad_copy_user(); + + return n; } struct pt_regs; diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c index b2b441b..f82ff10 100644 --- a/arch/parisc/lib/memcpy.c +++ b/arch/parisc/lib/memcpy.c @@ -489,20 +489,23 @@ static unsigned long pa_memcpy(void *dstp, const void *srcp, unsigned long len) } #ifdef __KERNEL__ -unsigned long copy_to_user(void __user *dst, const void *src, unsigned long len) +unsigned long __copy_to_user(void __user *dst, const void *src, + unsigned long len) { mtsp(get_kernel_space(), 1); mtsp(get_user_space(), 2); return pa_memcpy((void __force *)dst, src, len); } +EXPORT_SYMBOL(__copy_to_user); -EXPORT_SYMBOL(__copy_from_user); -unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long len) +unsigned long __copy_from_user(void *dst, const void __user *src, + unsigned long len) { mtsp(get_user_space(), 1); mtsp(get_kernel_space(), 2); return pa_memcpy(dst, (void __force *)src, len); } +EXPORT_SYMBOL(__copy_from_user); unsigned long copy_in_user(void __user *dst, const void __user *src, unsigned long len) { @@ -520,8 +523,6 @@ void * memcpy(void * dst,const void *src, size_t count) return dst; } -EXPORT_SYMBOL(copy_to_user); -EXPORT_SYMBOL(copy_from_user); EXPORT_SYMBOL(copy_in_user); EXPORT_SYMBOL(memcpy);