From patchwork Thu Jul 16 03:08:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11666561 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2F56D6C1 for ; Thu, 16 Jul 2020 03:09:18 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 7DC1920775 for ; Thu, 16 Jul 2020 03:09:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="FG/kfdhr" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7DC1920775 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19336-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 10153 invoked by uid 550); 16 Jul 2020 03:09:06 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 10084 invoked from network); 16 Jul 2020 03:09:05 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PQ3rS81iCqlQj563UE75aUsx51oFdKIvno+SEEG/FG4=; b=FG/kfdhrrvpgKNO8XoFAw8rMldsyko1xxMQvI4cYzTokOwgJ4VoV67Xp7ZSUwQyuB1 pUGFqZBMP6lpP24GnUWphnxjAPTHxBvHDhawoWy2aIc23UsRgkac0gYVUKAPjXZwMzVH C32IKdA7MiHJNt49J80WqSESe08lPvA2ln4BQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PQ3rS81iCqlQj563UE75aUsx51oFdKIvno+SEEG/FG4=; b=O0TqahgLqS1MVwPRf/A5MZNeuIqFbw7H9SP2C2JXuKnvOwv0Ur6ZJNutRMHrl7SyoZ KBWyuR4os0JXhd3w7Y3O9SfmzfNyC6EWBWoD7HoJfbM3nceaEUIbO4O3KeZ4toW+xE6D Cu2L5CRuhp61fGVPmijBim2u6+Kqcmf3pVGJ0wuEgBvF6PWAuxzBleKwjH4OtTkKUJDQ y0jFLepKne2hxRQo3yBoGiPJk0yWZK2KgZWRBMINzogxM1n6xKj3E6Z5n39OQiJGfF9L 2IVTaI4osbqVmtzC4hOvu/ncJP7RmgGWNGtMPk/xO5PyFsJkD6cLzMaR2EluebwPyxBx mVSw== X-Gm-Message-State: AOAM532gLVezmt74pCY3nU2jDLZom+NRLhPcI53+bgPG1ZLu++dobf1l XVLzCYfRemr6l/CsWYc+pZUKow== X-Google-Smtp-Source: ABdhPJyQqOXVFa0AWxv/APlQyrdA+w7DqHfNJLE5LIIILIY1tjbP6/hW3QXi5M1V5H9nUHof0O9/lw== X-Received: by 2002:a17:902:6181:: with SMTP id u1mr1929724plj.205.1594868933459; Wed, 15 Jul 2020 20:08:53 -0700 (PDT) From: Kees Cook To: Greg Kroah-Hartman Cc: Kees Cook , Thomas Gleixner , Allen Pais , Oscar Carter , Romain Perier , Dmitry Torokhov , Kevin Curtis , "David S. Miller" , Jakub Kicinski , Harald Freudenberger , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Jiri Slaby , Felipe Balbi , Jason Wessel , Daniel Thompson , Douglas Anderson , Mitchell Blank Jr , Julian Wiedmann , Karsten Graul , Ursula Braun , Jaroslav Kysela , Takashi Iwai , Christian Gromm , Nishka Dasgupta , Masahiro Yamada , Stephen Boyd , "Matthew Wilcox (Oracle)" , Wambui Karuga , Guenter Roeck , Chris Packham , Kyungtae Kim , Kuppuswamy Sathyanarayanan , Sebastian Andrzej Siewior , "Rafael J. Wysocki" , Jonathan Corbet , Peter Zijlstra , Will Deacon , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-s390@vger.kernel.org, devel@driverdev.osuosl.org, linux-usb@vger.kernel.org, kgdb-bugreport@lists.sourceforge.net, alsa-devel@alsa-project.org, kernel-hardening@lists.openwall.com Subject: [PATCH 1/3] usb: gadget: udc: Avoid tasklet passing a global Date: Wed, 15 Jul 2020 20:08:45 -0700 Message-Id: <20200716030847.1564131-2-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200716030847.1564131-1-keescook@chromium.org> References: <20200716030847.1564131-1-keescook@chromium.org> MIME-Version: 1.0 There's no reason for the tasklet callback to set an argument since it always uses a global. Instead, use the global directly, in preparation for converting the tasklet subsystem to modern callback conventions. Signed-off-by: Kees Cook Reviewed-by: Greg Kroah-Hartman Acked-by: Felipe Balbi --- drivers/usb/gadget/udc/snps_udc_core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/usb/gadget/udc/snps_udc_core.c b/drivers/usb/gadget/udc/snps_udc_core.c index 3fcded31405a..afdd28f332ce 100644 --- a/drivers/usb/gadget/udc/snps_udc_core.c +++ b/drivers/usb/gadget/udc/snps_udc_core.c @@ -96,9 +96,7 @@ static int stop_pollstall_timer; static DECLARE_COMPLETION(on_pollstall_exit); /* tasklet for usb disconnect */ -static DECLARE_TASKLET(disconnect_tasklet, udc_tasklet_disconnect, - (unsigned long) &udc); - +static DECLARE_TASKLET(disconnect_tasklet, udc_tasklet_disconnect, 0); /* endpoint names used for print */ static const char ep0_string[] = "ep0in"; @@ -1661,7 +1659,7 @@ static void usb_disconnect(struct udc *dev) /* Tasklet for disconnect to be outside of interrupt context */ static void udc_tasklet_disconnect(unsigned long par) { - struct udc *dev = (struct udc *)(*((struct udc **) par)); + struct udc *dev = udc; u32 tmp; DBG(dev, "Tasklet disconnect\n"); From patchwork Thu Jul 16 03:08:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11666565 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7D6986C1 for ; Thu, 16 Jul 2020 03:09:33 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 84A0D20791 for ; Thu, 16 Jul 2020 03:09:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="d2aHLAxc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 84A0D20791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19338-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 11290 invoked by uid 550); 16 Jul 2020 03:09:08 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 10165 invoked from network); 16 Jul 2020 03:09:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=YKRQn4PWPR6aqJLM+dSe6CfJ97Lq3xoVJCKy4oCXcfw=; b=d2aHLAxcaHOfkEP6nSB6KRJPecbpK9NMvd5SB5ZS6VfRpf1rJvFbbYDLbDXhKkuD+y HgFhdPAP3NFRygkq9dgGUdHjAY890WwD+xL26TOO99/l34puJrlNga0LGbY+CUrGY3gs 8UxdHR34GQbfiCHQ5bl+ejr55J1Ry2/eP9BNk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YKRQn4PWPR6aqJLM+dSe6CfJ97Lq3xoVJCKy4oCXcfw=; b=J61BCCOBZw21LsCyLNiaLL0YECP6RseVrekRpPi5bISaW6BNBCdkvnEzOPRYt3ohJa G+ZGDe0CDZ/MxKPqJc3pciCDrQ0SoreEpGcrP+PGvnQT+lVsrGXR6/k+aKnSmGM+cKnw JrkpGjyydKr8UcU6MC9aDc+4LeMhW0GFtrACnZooD47DRNvW9YGn1oTP2vkXITw0cHQL BaVJJ28VTFwr2xIROELH82UWW8eiD4MdD3VKKNQ/SNSS/L80VuZ7UqvWFZ6A35RErz+g rdAtuZRqOhr8KcjVW2m1/aaFRynMOd4AieyfozgNg7SOkyQcVIFHOUk8VbZ1MK+evubS DlZA== X-Gm-Message-State: AOAM531Enj7msYzgIYTfQclCzzwYWVH2FatapWFZWanPmIK2ha0Jovnv kDukeyRQh6JGwz3elOx6RkmAyg== X-Google-Smtp-Source: ABdhPJyaie5LKd1G/WgbNxozg5eWAhk9NUlZRTUVHmeHZhL3LP86asLpTKIRghDjWTjPimNL57cO8g== X-Received: by 2002:a63:4b04:: with SMTP id y4mr2461067pga.158.1594868934634; Wed, 15 Jul 2020 20:08:54 -0700 (PDT) From: Kees Cook To: Greg Kroah-Hartman Cc: Kees Cook , Thomas Gleixner , Allen Pais , Oscar Carter , Romain Perier , Dmitry Torokhov , Kevin Curtis , "David S. Miller" , Jakub Kicinski , Harald Freudenberger , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Jiri Slaby , Felipe Balbi , Jason Wessel , Daniel Thompson , Douglas Anderson , Mitchell Blank Jr , Julian Wiedmann , Karsten Graul , Ursula Braun , Jaroslav Kysela , Takashi Iwai , Christian Gromm , Nishka Dasgupta , Masahiro Yamada , Stephen Boyd , "Matthew Wilcox (Oracle)" , Wambui Karuga , Guenter Roeck , Chris Packham , Kyungtae Kim , Kuppuswamy Sathyanarayanan , Sebastian Andrzej Siewior , "Rafael J. Wysocki" , Jonathan Corbet , Peter Zijlstra , Will Deacon , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-s390@vger.kernel.org, devel@driverdev.osuosl.org, linux-usb@vger.kernel.org, kgdb-bugreport@lists.sourceforge.net, alsa-devel@alsa-project.org, kernel-hardening@lists.openwall.com Subject: [PATCH 2/3] treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() Date: Wed, 15 Jul 2020 20:08:46 -0700 Message-Id: <20200716030847.1564131-3-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200716030847.1564131-1-keescook@chromium.org> References: <20200716030847.1564131-1-keescook@chromium.org> MIME-Version: 1.0 This converts all the existing DECLARE_TASKLET() (and ...DISABLED) macros with DECLARE_TASKLET_OLD() in preparation for refactoring the tasklet callback type. All existing DECLARE_TASKLET() users had a "0" data argument, it has been removed here as well. Signed-off-by: Kees Cook Reviewed-by: Greg Kroah-Hartman --- drivers/input/keyboard/omap-keypad.c | 2 +- drivers/input/serio/hil_mlc.c | 2 +- drivers/net/wan/farsync.c | 4 ++-- drivers/s390/crypto/ap_bus.c | 2 +- drivers/staging/most/dim2/dim2.c | 2 +- drivers/staging/octeon/ethernet-tx.c | 2 +- drivers/tty/vt/keyboard.c | 2 +- drivers/usb/gadget/udc/snps_udc_core.c | 2 +- drivers/usb/host/fhci-sched.c | 2 +- include/linux/interrupt.h | 15 ++++++++++----- kernel/backtracetest.c | 2 +- kernel/debug/debug_core.c | 2 +- kernel/irq/resend.c | 2 +- net/atm/pppoatm.c | 2 +- net/iucv/iucv.c | 2 +- sound/drivers/pcsp/pcsp_lib.c | 2 +- 16 files changed, 26 insertions(+), 21 deletions(-) diff --git a/drivers/input/keyboard/omap-keypad.c b/drivers/input/keyboard/omap-keypad.c index 5fe7a5633e33..dbe836c7ff47 100644 --- a/drivers/input/keyboard/omap-keypad.c +++ b/drivers/input/keyboard/omap-keypad.c @@ -46,7 +46,7 @@ struct omap_kp { unsigned short keymap[]; }; -static DECLARE_TASKLET_DISABLED(kp_tasklet, omap_kp_tasklet, 0); +static DECLARE_TASKLET_DISABLED_OLD(kp_tasklet, omap_kp_tasklet); static unsigned int *row_gpios; static unsigned int *col_gpios; diff --git a/drivers/input/serio/hil_mlc.c b/drivers/input/serio/hil_mlc.c index e1423f7648d6..65f4e9d62a67 100644 --- a/drivers/input/serio/hil_mlc.c +++ b/drivers/input/serio/hil_mlc.c @@ -77,7 +77,7 @@ static struct timer_list hil_mlcs_kicker; static int hil_mlcs_probe; static void hil_mlcs_process(unsigned long unused); -static DECLARE_TASKLET_DISABLED(hil_mlcs_tasklet, hil_mlcs_process, 0); +static DECLARE_TASKLET_DISABLED_OLD(hil_mlcs_tasklet, hil_mlcs_process); /* #define HIL_MLC_DEBUG */ diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c index 7916efce7188..f5198a391417 100644 --- a/drivers/net/wan/farsync.c +++ b/drivers/net/wan/farsync.c @@ -569,8 +569,8 @@ static void do_bottom_half_rx(struct fst_card_info *card); static void fst_process_tx_work_q(unsigned long work_q); static void fst_process_int_work_q(unsigned long work_q); -static DECLARE_TASKLET(fst_tx_task, fst_process_tx_work_q, 0); -static DECLARE_TASKLET(fst_int_task, fst_process_int_work_q, 0); +static DECLARE_TASKLET_OLD(fst_tx_task, fst_process_tx_work_q); +static DECLARE_TASKLET_OLD(fst_int_task, fst_process_int_work_q); static struct fst_card_info *fst_card_array[FST_MAX_CARDS]; static spinlock_t fst_work_q_lock; diff --git a/drivers/s390/crypto/ap_bus.c b/drivers/s390/crypto/ap_bus.c index e71ca4a719a5..2589ccd257e3 100644 --- a/drivers/s390/crypto/ap_bus.c +++ b/drivers/s390/crypto/ap_bus.c @@ -93,7 +93,7 @@ static DECLARE_WORK(ap_scan_work, ap_scan_bus); * Tasklet & timer for AP request polling and interrupts */ static void ap_tasklet_fn(unsigned long); -static DECLARE_TASKLET(ap_tasklet, ap_tasklet_fn, 0); +static DECLARE_TASKLET_OLD(ap_tasklet, ap_tasklet_fn); static DECLARE_WAIT_QUEUE_HEAD(ap_poll_wait); static struct task_struct *ap_poll_kthread; static DEFINE_MUTEX(ap_poll_thread_mutex); diff --git a/drivers/staging/most/dim2/dim2.c b/drivers/staging/most/dim2/dim2.c index 8e0f27e61652..509c8012d20b 100644 --- a/drivers/staging/most/dim2/dim2.c +++ b/drivers/staging/most/dim2/dim2.c @@ -46,7 +46,7 @@ MODULE_PARM_DESC(fcnt, "Num of frames per sub-buffer for sync channels as a powe static DEFINE_SPINLOCK(dim_lock); static void dim2_tasklet_fn(unsigned long data); -static DECLARE_TASKLET(dim2_tasklet, dim2_tasklet_fn, 0); +static DECLARE_TASKLET_OLD(dim2_tasklet, dim2_tasklet_fn); /** * struct hdm_channel - private structure to keep channel specific data diff --git a/drivers/staging/octeon/ethernet-tx.c b/drivers/staging/octeon/ethernet-tx.c index ab7dd8216006..9c71ad5af7b9 100644 --- a/drivers/staging/octeon/ethernet-tx.c +++ b/drivers/staging/octeon/ethernet-tx.c @@ -41,7 +41,7 @@ #endif static void cvm_oct_tx_do_cleanup(unsigned long arg); -static DECLARE_TASKLET(cvm_oct_tx_cleanup_tasklet, cvm_oct_tx_do_cleanup, 0); +static DECLARE_TASKLET_OLD(cvm_oct_tx_cleanup_tasklet, cvm_oct_tx_do_cleanup); /* Maximum number of SKBs to try to free per xmit packet. */ #define MAX_SKB_TO_FREE (MAX_OUT_QUEUE_DEPTH * 2) diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index 568b2171f335..f80199984ee0 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -1236,7 +1236,7 @@ static void kbd_bh(unsigned long dummy) } } -DECLARE_TASKLET_DISABLED(keyboard_tasklet, kbd_bh, 0); +DECLARE_TASKLET_DISABLED_OLD(keyboard_tasklet, kbd_bh); #if defined(CONFIG_X86) || defined(CONFIG_IA64) || defined(CONFIG_ALPHA) ||\ defined(CONFIG_MIPS) || defined(CONFIG_PPC) || defined(CONFIG_SPARC) ||\ diff --git a/drivers/usb/gadget/udc/snps_udc_core.c b/drivers/usb/gadget/udc/snps_udc_core.c index afdd28f332ce..e76f1a50b0fc 100644 --- a/drivers/usb/gadget/udc/snps_udc_core.c +++ b/drivers/usb/gadget/udc/snps_udc_core.c @@ -96,7 +96,7 @@ static int stop_pollstall_timer; static DECLARE_COMPLETION(on_pollstall_exit); /* tasklet for usb disconnect */ -static DECLARE_TASKLET(disconnect_tasklet, udc_tasklet_disconnect, 0); +static DECLARE_TASKLET_OLD(disconnect_tasklet, udc_tasklet_disconnect); /* endpoint names used for print */ static const char ep0_string[] = "ep0in"; diff --git a/drivers/usb/host/fhci-sched.c b/drivers/usb/host/fhci-sched.c index 3235d5307403..5c423f240a1f 100644 --- a/drivers/usb/host/fhci-sched.c +++ b/drivers/usb/host/fhci-sched.c @@ -677,7 +677,7 @@ static void process_done_list(unsigned long data) enable_irq(fhci_to_hcd(fhci)->irq); } -DECLARE_TASKLET(fhci_tasklet, process_done_list, 0); +DECLARE_TASKLET_OLD(fhci_tasklet, process_done_list); /* transfer complted callback */ u32 fhci_transfer_confirm_callback(struct fhci_hcd *fhci) diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h index 5db970b6615a..b911196f03eb 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h @@ -612,12 +612,17 @@ struct tasklet_struct unsigned long data; }; -#define DECLARE_TASKLET(name, func, data) \ -struct tasklet_struct name = { NULL, 0, ATOMIC_INIT(0), func, data } - -#define DECLARE_TASKLET_DISABLED(name, func, data) \ -struct tasklet_struct name = { NULL, 0, ATOMIC_INIT(1), func, data } +#define DECLARE_TASKLET_OLD(name, _func) \ +struct tasklet_struct name = { \ + .count = ATOMIC_INIT(0), \ + .func = _func, \ +} +#define DECLARE_TASKLET_DISABLED_OLD(name, _func) \ +struct tasklet_struct name = { \ + .count = ATOMIC_INIT(1), \ + .func = _func, \ +} enum { diff --git a/kernel/backtracetest.c b/kernel/backtracetest.c index a2a97fa3071b..370217dd7e39 100644 --- a/kernel/backtracetest.c +++ b/kernel/backtracetest.c @@ -29,7 +29,7 @@ static void backtrace_test_irq_callback(unsigned long data) complete(&backtrace_work); } -static DECLARE_TASKLET(backtrace_tasklet, &backtrace_test_irq_callback, 0); +static DECLARE_TASKLET_OLD(backtrace_tasklet, &backtrace_test_irq_callback); static void backtrace_test_irq(void) { diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index 9e5934780f41..b16dbc1bf056 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -1068,7 +1068,7 @@ static void kgdb_tasklet_bpt(unsigned long ing) atomic_set(&kgdb_break_tasklet_var, 0); } -static DECLARE_TASKLET(kgdb_tasklet_breakpoint, kgdb_tasklet_bpt, 0); +static DECLARE_TASKLET_OLD(kgdb_tasklet_breakpoint, kgdb_tasklet_bpt); void kgdb_schedule_breakpoint(void) { diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c index 27634f4022d0..c48ce19a257f 100644 --- a/kernel/irq/resend.c +++ b/kernel/irq/resend.c @@ -45,7 +45,7 @@ static void resend_irqs(unsigned long arg) } /* Tasklet to handle resend: */ -static DECLARE_TASKLET(resend_tasklet, resend_irqs, 0); +static DECLARE_TASKLET_OLD(resend_tasklet, resend_irqs); static int irq_sw_resend(struct irq_desc *desc) { diff --git a/net/atm/pppoatm.c b/net/atm/pppoatm.c index 45d8e1d5d033..579b66da1d95 100644 --- a/net/atm/pppoatm.c +++ b/net/atm/pppoatm.c @@ -393,7 +393,7 @@ static int pppoatm_assign_vcc(struct atm_vcc *atmvcc, void __user *arg) * Each PPPoATM instance has its own tasklet - this is just a * prototypical one used to initialize them */ - static const DECLARE_TASKLET(tasklet_proto, pppoatm_wakeup_sender, 0); + static const DECLARE_TASKLET_OLD(tasklet_proto, pppoatm_wakeup_sender); if (copy_from_user(&be, arg, sizeof be)) return -EFAULT; if (be.encaps != PPPOATM_ENCAPS_AUTODETECT && diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c index 19250a0c85d3..cd2e468852e7 100644 --- a/net/iucv/iucv.c +++ b/net/iucv/iucv.c @@ -105,7 +105,7 @@ static LIST_HEAD(iucv_task_queue); * The tasklet for fast delivery of iucv interrupts. */ static void iucv_tasklet_fn(unsigned long); -static DECLARE_TASKLET(iucv_tasklet, iucv_tasklet_fn,0); +static DECLARE_TASKLET_OLD(iucv_tasklet, iucv_tasklet_fn); /* * Queue of interrupt buffers for delivery via a work queue diff --git a/sound/drivers/pcsp/pcsp_lib.c b/sound/drivers/pcsp/pcsp_lib.c index 05244b11ed5e..4e79293d7f11 100644 --- a/sound/drivers/pcsp/pcsp_lib.c +++ b/sound/drivers/pcsp/pcsp_lib.c @@ -36,7 +36,7 @@ static void pcsp_call_pcm_elapsed(unsigned long priv) } } -static DECLARE_TASKLET(pcsp_pcm_tasklet, pcsp_call_pcm_elapsed, 0); +static DECLARE_TASKLET_OLD(pcsp_pcm_tasklet, pcsp_call_pcm_elapsed); /* write the port and returns the next expire time in ns; * called at the trigger-start and in hrtimer callback From patchwork Thu Jul 16 03:08:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11666563 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6C7D36C1 for ; Thu, 16 Jul 2020 03:09:25 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 9CB2520791 for ; Thu, 16 Jul 2020 03:09:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="dTugxUNj" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9CB2520791 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19337-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com Received: (qmail 10224 invoked by uid 550); 16 Jul 2020 03:09:07 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 10087 invoked from network); 16 Jul 2020 03:09:05 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8vJxKwUVpAhdj4wYAl5b2tdLtDhCjBtUhiOv5fUux8k=; b=dTugxUNjGm8SBhEVwZ0yB8FvtZrzhFOHuSpiIvNE2E3SjUjSrIE1w14I52dw3Uk8b5 3VAafc7gUmjsQ/YS7Xjq8i7OhMMWVeWrbTF8mKhc0S9n4IAuIzChi1+9oaZlREtdDKow 3jCsslDzAr0zlil4XVqBtq+3neBsSD18zU00A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8vJxKwUVpAhdj4wYAl5b2tdLtDhCjBtUhiOv5fUux8k=; b=RCywkvx6HWsUNsay/6SFsGp7AdQbXT1JGN0ihpm9yiWYvJEMCGf3uXBGC9LarLYhWI 1DC157q3Apk4u3pnjIcuThGCkBlxCOsfnViNtPppYYj7hKhlr+YR+qgT7uNY5jzCfnES std3kLn0wZiZhGiLNFI7ToFk1z04nvPI5Vlo14x/+oVBrI2jN8aajXjWLqX/b2/4qV59 xUSn9TNcfXTg66y2L8TVM2nnl1tMHsd5+ACUR4kotzQIgdDespsqqhvFSQ5TV09HU0M3 kvOLrZzsuMNPU31eA1+EzFmbcnXOcuntk/XPKsHBfTD34zlHC1fk4iXaQBnFvSO/6BFI vjig== X-Gm-Message-State: AOAM530vcqZmaSK/NSg8UUGGpRXvOgMk0736WJK5aRMXaasdvcoLsGw4 905q9OgzusjzGNJfUgmFRy5xHA== X-Google-Smtp-Source: ABdhPJxTrfzJCqi7BCSMsLwnF0LnH2/m3v4TdrKv4bsn5z85zApyPj+eDhaQfjttTIQn/Q1hTEyF2g== X-Received: by 2002:a17:902:6181:: with SMTP id u1mr1929746plj.205.1594868934031; Wed, 15 Jul 2020 20:08:54 -0700 (PDT) From: Kees Cook To: Greg Kroah-Hartman Cc: Kees Cook , Romain Perier , Allen Pais , Thomas Gleixner , Oscar Carter , Dmitry Torokhov , Kevin Curtis , "David S. Miller" , Jakub Kicinski , Harald Freudenberger , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Jiri Slaby , Felipe Balbi , Jason Wessel , Daniel Thompson , Douglas Anderson , Mitchell Blank Jr , Julian Wiedmann , Karsten Graul , Ursula Braun , Jaroslav Kysela , Takashi Iwai , Christian Gromm , Nishka Dasgupta , Masahiro Yamada , Stephen Boyd , "Matthew Wilcox (Oracle)" , Wambui Karuga , Guenter Roeck , Chris Packham , Kyungtae Kim , Kuppuswamy Sathyanarayanan , Sebastian Andrzej Siewior , "Rafael J. Wysocki" , Jonathan Corbet , Peter Zijlstra , Will Deacon , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-s390@vger.kernel.org, devel@driverdev.osuosl.org, linux-usb@vger.kernel.org, kgdb-bugreport@lists.sourceforge.net, alsa-devel@alsa-project.org, kernel-hardening@lists.openwall.com Subject: [PATCH 3/3] tasklet: Introduce new initialization API Date: Wed, 15 Jul 2020 20:08:47 -0700 Message-Id: <20200716030847.1564131-4-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200716030847.1564131-1-keescook@chromium.org> References: <20200716030847.1564131-1-keescook@chromium.org> MIME-Version: 1.0 From: Romain Perier Nowadays, modern kernel subsystems that use callbacks pass the data structure associated with a given callback as argument to the callback. The tasklet subsystem remains one which passes an arbitrary unsigned long to the callback function. This has several problems: - This keeps an extra field for storing the argument in each tasklet data structure, it bloats the tasklet_struct structure with a redundant .data field - No type checking can be performed on this argument. Instead of using container_of() like other callback subsystems, it forces callbacks to do explicit type cast of the unsigned long argument into the required object type. - Buffer overflows can overwrite the .func and the .data field, so an attacker can easily overwrite the function and its first argument to whatever it wants. Add a new tasklet initialization API, via DECLARE_TASKLET() and tasklet_setup(), which will replace the existing ones. This work is greatly inspired by the timer_struct conversion series, see commit e99e88a9d2b0 ("treewide: setup_timer() -> timer_setup()") To avoid problems with both -Wcast-function-type (which is enabled in the kernel via -Wextra is several subsystems), and with mismatched function prototypes when build with Control Flow Integrity enabled, this adds the "use_callback" member to let the tasklet caller choose which union member to call through. Once all old API uses are removed, this and the .data member will be removed as well. (On 64-bit this does not grow the struct size as the new member fills the hole after atomic_t, which is also "int" sized.) Signed-off-by: Romain Perier Co-developed-by: Allen Pais Signed-off-by: Allen Pais Co-developed-by: Kees Cook Signed-off-by: Kees Cook Reviewed-by: Greg Kroah-Hartman --- include/linux/interrupt.h | 24 +++++++++++++++++++++++- kernel/softirq.c | 18 +++++++++++++++++- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h index b911196f03eb..15570b237e53 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h @@ -608,10 +608,30 @@ struct tasklet_struct struct tasklet_struct *next; unsigned long state; atomic_t count; - void (*func)(unsigned long); + bool use_callback; + union { + void (*func)(unsigned long data); + void (*callback)(struct tasklet_struct *t); + }; unsigned long data; }; +#define DECLARE_TASKLET(name, _callback) \ +struct tasklet_struct name = { \ + .count = ATOMIC_INIT(0), \ + .callback = _callback, \ + .use_callback = true, \ +} + +#define DECLARE_TASKLET_DISABLED(name, _callback) \ +struct tasklet_struct name = { \ + .count = ATOMIC_INIT(1), \ + .callback = _callback, \ +} + +#define from_tasklet(var, callback_tasklet, tasklet_fieldname) \ + container_of(callback_tasklet, typeof(*var), tasklet_fieldname) + #define DECLARE_TASKLET_OLD(name, _func) \ struct tasklet_struct name = { \ .count = ATOMIC_INIT(0), \ @@ -691,6 +711,8 @@ extern void tasklet_kill(struct tasklet_struct *t); extern void tasklet_kill_immediate(struct tasklet_struct *t, unsigned int cpu); extern void tasklet_init(struct tasklet_struct *t, void (*func)(unsigned long), unsigned long data); +extern void tasklet_setup(struct tasklet_struct *t, + void (*callback)(struct tasklet_struct *)); /* * Autoprobing for irqs: diff --git a/kernel/softirq.c b/kernel/softirq.c index c4201b7f42b1..292e7c2d2333 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -547,7 +547,10 @@ static void tasklet_action_common(struct softirq_action *a, if (!test_and_clear_bit(TASKLET_STATE_SCHED, &t->state)) BUG(); - t->func(t->data); + if (t->use_callback) + t->callback(t); + else + t->func(t->data); tasklet_unlock(t); continue; } @@ -573,6 +576,18 @@ static __latent_entropy void tasklet_hi_action(struct softirq_action *a) tasklet_action_common(a, this_cpu_ptr(&tasklet_hi_vec), HI_SOFTIRQ); } +void tasklet_setup(struct tasklet_struct *t, + void (*callback)(struct tasklet_struct *)) +{ + t->next = NULL; + t->state = 0; + atomic_set(&t->count, 0); + t->callback = callback; + t->use_callback = true; + t->data = 0; +} +EXPORT_SYMBOL(tasklet_setup); + void tasklet_init(struct tasklet_struct *t, void (*func)(unsigned long), unsigned long data) { @@ -580,6 +595,7 @@ void tasklet_init(struct tasklet_struct *t, t->state = 0; atomic_set(&t->count, 0); t->func = func; + t->use_callback = false; t->data = data; } EXPORT_SYMBOL(tasklet_init);