From: Tiezhu Yang <yangtiezhu@loongson.cn> To: Ben Dooks <ben.dooks@codethink.co.uk>, Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu> Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] riscv: Return -EFAULT if copy_to_user() failed in signal.c Date: Wed, 3 Mar 2021 09:53:03 +0800 [thread overview] Message-ID: <07aa690f-b37d-7d91-414f-f5dfda98a868@loongson.cn> (raw) In-Reply-To: <aa84cddb-9c04-3bad-49de-2fb3056ec44a@codethink.co.uk> On 03/02/2021 06:01 PM, Ben Dooks wrote: > On 02/03/2021 07:28, Tiezhu Yang wrote: >> copy_to_user() returns the amount left to copy, it should return -EFAULT >> if copy to user failed. > > This looks technically correct, but the caller (only one) > will check for non-zero and will covert that to -EFAULT > in setup_rt_frame(). Yes, as you said, the original code logic has no problem, it will covert that to -EFAULT in setup_rt_frame(). The initial aim of this patch is to make save_fp_state() return error code if __copy_to_user() failed, just like it returns -EFAULT if __put_user() failed. I notice that restore_fp_state() has similar issue, it will return -EFAULT if __get_user() failed and maybe return -EINVAL in the other error case, both -EFAULT and -EINVAL are error code, but when __copy_from_user() failed, it does not return an error code, which seems not so consistent. > > I expect if this change is done, it also needs to be done > for the callers too and there's a few others than assume > !=0 is an error. > > I think it would be easier to define save_fp_state() to > return non-zero on error and note it does not return an > error code. It may be worth exiting the functio nif > the first __copy_to_user fails? Now, (1) is it necessary to do some changes? If yes, I will send v2 later. Like this: [PATCH v2] riscv: Return -EFAULT if copy_{to,from}_user() failed in signal.c copy_{to,from}_user() returns the amount left to copy, it should return -EFAULT error code if copy {to,from} user failed, just like the return value is an error code when {put,get}_user() failed, this is to make the return value consistent, no function change. Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> --- arch/riscv/kernel/signal.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c index 65942b3..c76d877 100644 --- a/arch/riscv/kernel/signal.c +++ b/arch/riscv/kernel/signal.c @@ -39,7 +39,7 @@ static long restore_fp_state(struct pt_regs *regs, err = __copy_from_user(¤t->thread.fstate, state, sizeof(*state)); if (unlikely(err)) - return err; + return -EFAULT; fstate_restore(current, regs); @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs, fstate_save(current, regs); err = __copy_to_user(state, ¤t->thread.fstate, sizeof(*state)); if (unlikely(err)) - return err; + return -EFAULT; /* We support no other extension state at this time. */ for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) { @@ -87,8 +87,12 @@ static long restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc) { long err; + /* sc_regs is structured the same as the start of pt_regs */ err = __copy_from_user(regs, &sc->sc_regs, sizeof(sc->sc_regs)); + if (unlikely(err)) + return -EFAULT; + /* Restore the floating-point state. */ if (has_fpu) err |= restore_fp_state(regs, &sc->sc_fpregs); @@ -140,8 +144,12 @@ static long setup_sigcontext(struct rt_sigframe __user *frame, { struct sigcontext __user *sc = &frame->uc.uc_mcontext; long err; + /* sc_regs is structured the same as the start of pt_regs */ err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); + if (unlikely(err)) + return -EFAULT; + /* Save the floating-point state. */ if (has_fpu) err |= save_fp_state(regs, &sc->sc_fpregs); -- 2.1.0 (2) or just leave it as it is and ignore this patch? Thanks, Tiezhu > > Note: setup_rt_frame -> setup_sigcontext -> save_fp_frame > >> >> Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> >> --- >> arch/riscv/kernel/signal.c | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c >> index 65942b3..2238fc5 100644 >> --- a/arch/riscv/kernel/signal.c >> +++ b/arch/riscv/kernel/signal.c >> @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs, >> fstate_save(current, regs); >> err = __copy_to_user(state, ¤t->thread.fstate, >> sizeof(*state)); >> if (unlikely(err)) >> - return err; >> + return -EFAULT; >> /* We support no other extension state at this time. */ >> for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) { >> @@ -140,8 +140,12 @@ static long setup_sigcontext(struct rt_sigframe >> __user *frame, >> { >> struct sigcontext __user *sc = &frame->uc.uc_mcontext; >> long err; >> + >> /* sc_regs is structured the same as the start of pt_regs */ >> err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); >> + if (unlikely(err)) >> + return -EFAULT; >> + >> /* Save the floating-point state. */ >> if (has_fpu) >> err |= save_fp_state(regs, &sc->sc_fpregs); >> > >
WARNING: multiple messages have this Message-ID (diff)
From: Tiezhu Yang <yangtiezhu@loongson.cn> To: Ben Dooks <ben.dooks@codethink.co.uk>, Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu> Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] riscv: Return -EFAULT if copy_to_user() failed in signal.c Date: Wed, 3 Mar 2021 09:53:03 +0800 [thread overview] Message-ID: <07aa690f-b37d-7d91-414f-f5dfda98a868@loongson.cn> (raw) In-Reply-To: <aa84cddb-9c04-3bad-49de-2fb3056ec44a@codethink.co.uk> On 03/02/2021 06:01 PM, Ben Dooks wrote: > On 02/03/2021 07:28, Tiezhu Yang wrote: >> copy_to_user() returns the amount left to copy, it should return -EFAULT >> if copy to user failed. > > This looks technically correct, but the caller (only one) > will check for non-zero and will covert that to -EFAULT > in setup_rt_frame(). Yes, as you said, the original code logic has no problem, it will covert that to -EFAULT in setup_rt_frame(). The initial aim of this patch is to make save_fp_state() return error code if __copy_to_user() failed, just like it returns -EFAULT if __put_user() failed. I notice that restore_fp_state() has similar issue, it will return -EFAULT if __get_user() failed and maybe return -EINVAL in the other error case, both -EFAULT and -EINVAL are error code, but when __copy_from_user() failed, it does not return an error code, which seems not so consistent. > > I expect if this change is done, it also needs to be done > for the callers too and there's a few others than assume > !=0 is an error. > > I think it would be easier to define save_fp_state() to > return non-zero on error and note it does not return an > error code. It may be worth exiting the functio nif > the first __copy_to_user fails? Now, (1) is it necessary to do some changes? If yes, I will send v2 later. Like this: [PATCH v2] riscv: Return -EFAULT if copy_{to,from}_user() failed in signal.c copy_{to,from}_user() returns the amount left to copy, it should return -EFAULT error code if copy {to,from} user failed, just like the return value is an error code when {put,get}_user() failed, this is to make the return value consistent, no function change. Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> --- arch/riscv/kernel/signal.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c index 65942b3..c76d877 100644 --- a/arch/riscv/kernel/signal.c +++ b/arch/riscv/kernel/signal.c @@ -39,7 +39,7 @@ static long restore_fp_state(struct pt_regs *regs, err = __copy_from_user(¤t->thread.fstate, state, sizeof(*state)); if (unlikely(err)) - return err; + return -EFAULT; fstate_restore(current, regs); @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs, fstate_save(current, regs); err = __copy_to_user(state, ¤t->thread.fstate, sizeof(*state)); if (unlikely(err)) - return err; + return -EFAULT; /* We support no other extension state at this time. */ for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) { @@ -87,8 +87,12 @@ static long restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc) { long err; + /* sc_regs is structured the same as the start of pt_regs */ err = __copy_from_user(regs, &sc->sc_regs, sizeof(sc->sc_regs)); + if (unlikely(err)) + return -EFAULT; + /* Restore the floating-point state. */ if (has_fpu) err |= restore_fp_state(regs, &sc->sc_fpregs); @@ -140,8 +144,12 @@ static long setup_sigcontext(struct rt_sigframe __user *frame, { struct sigcontext __user *sc = &frame->uc.uc_mcontext; long err; + /* sc_regs is structured the same as the start of pt_regs */ err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); + if (unlikely(err)) + return -EFAULT; + /* Save the floating-point state. */ if (has_fpu) err |= save_fp_state(regs, &sc->sc_fpregs); -- 2.1.0 (2) or just leave it as it is and ignore this patch? Thanks, Tiezhu > > Note: setup_rt_frame -> setup_sigcontext -> save_fp_frame > >> >> Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> >> --- >> arch/riscv/kernel/signal.c | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c >> index 65942b3..2238fc5 100644 >> --- a/arch/riscv/kernel/signal.c >> +++ b/arch/riscv/kernel/signal.c >> @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs, >> fstate_save(current, regs); >> err = __copy_to_user(state, ¤t->thread.fstate, >> sizeof(*state)); >> if (unlikely(err)) >> - return err; >> + return -EFAULT; >> /* We support no other extension state at this time. */ >> for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) { >> @@ -140,8 +140,12 @@ static long setup_sigcontext(struct rt_sigframe >> __user *frame, >> { >> struct sigcontext __user *sc = &frame->uc.uc_mcontext; >> long err; >> + >> /* sc_regs is structured the same as the start of pt_regs */ >> err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs)); >> + if (unlikely(err)) >> + return -EFAULT; >> + >> /* Save the floating-point state. */ >> if (has_fpu) >> err |= save_fp_state(regs, &sc->sc_fpregs); >> > > _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2021-03-03 11:26 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-02 7:28 [PATCH] riscv: Return -EFAULT if copy_to_user() failed in signal.c Tiezhu Yang 2021-03-02 7:28 ` Tiezhu Yang 2021-03-02 10:01 ` Ben Dooks 2021-03-02 10:01 ` Ben Dooks 2021-03-03 1:53 ` Tiezhu Yang [this message] 2021-03-03 1:53 ` Tiezhu Yang
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=07aa690f-b37d-7d91-414f-f5dfda98a868@loongson.cn \ --to=yangtiezhu@loongson.cn \ --cc=aou@eecs.berkeley.edu \ --cc=ben.dooks@codethink.co.uk \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-riscv@lists.infradead.org \ --cc=palmer@dabbelt.com \ --cc=paul.walmsley@sifive.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.