From: Tiezhu Yang <yangtiezhu@loongson.cn>
To: Ben Dooks <ben.dooks@codethink.co.uk>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>
Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] riscv: Return -EFAULT if copy_to_user() failed in signal.c
Date: Wed, 3 Mar 2021 09:53:03 +0800 [thread overview]
Message-ID: <07aa690f-b37d-7d91-414f-f5dfda98a868@loongson.cn> (raw)
In-Reply-To: <aa84cddb-9c04-3bad-49de-2fb3056ec44a@codethink.co.uk>
On 03/02/2021 06:01 PM, Ben Dooks wrote:
> On 02/03/2021 07:28, Tiezhu Yang wrote:
>> copy_to_user() returns the amount left to copy, it should return -EFAULT
>> if copy to user failed.
>
> This looks technically correct, but the caller (only one)
> will check for non-zero and will covert that to -EFAULT
> in setup_rt_frame().
Yes, as you said, the original code logic has no problem, it will covert
that to -EFAULT in setup_rt_frame().
The initial aim of this patch is to make save_fp_state() return error code
if __copy_to_user() failed, just like it returns -EFAULT if __put_user()
failed.
I notice that restore_fp_state() has similar issue, it will return -EFAULT
if __get_user() failed and maybe return -EINVAL in the other error case,
both -EFAULT and -EINVAL are error code, but when __copy_from_user() failed,
it does not return an error code, which seems not so consistent.
>
> I expect if this change is done, it also needs to be done
> for the callers too and there's a few others than assume
> !=0 is an error.
>
> I think it would be easier to define save_fp_state() to
> return non-zero on error and note it does not return an
> error code. It may be worth exiting the functio nif
> the first __copy_to_user fails?
Now,
(1) is it necessary to do some changes? If yes, I will send v2 later.
Like this:
[PATCH v2] riscv: Return -EFAULT if copy_{to,from}_user() failed in
signal.c
copy_{to,from}_user() returns the amount left to copy, it should return
-EFAULT error code if copy {to,from} user failed, just like the return
value is an error code when {put,get}_user() failed, this is to make the
return value consistent, no function change.
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
---
arch/riscv/kernel/signal.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c
index 65942b3..c76d877 100644
--- a/arch/riscv/kernel/signal.c
+++ b/arch/riscv/kernel/signal.c
@@ -39,7 +39,7 @@ static long restore_fp_state(struct pt_regs *regs,
err = __copy_from_user(¤t->thread.fstate, state,
sizeof(*state));
if (unlikely(err))
- return err;
+ return -EFAULT;
fstate_restore(current, regs);
@@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs,
fstate_save(current, regs);
err = __copy_to_user(state, ¤t->thread.fstate, sizeof(*state));
if (unlikely(err))
- return err;
+ return -EFAULT;
/* We support no other extension state at this time. */
for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) {
@@ -87,8 +87,12 @@ static long restore_sigcontext(struct pt_regs *regs,
struct sigcontext __user *sc)
{
long err;
+
/* sc_regs is structured the same as the start of pt_regs */
err = __copy_from_user(regs, &sc->sc_regs, sizeof(sc->sc_regs));
+ if (unlikely(err))
+ return -EFAULT;
+
/* Restore the floating-point state. */
if (has_fpu)
err |= restore_fp_state(regs, &sc->sc_fpregs);
@@ -140,8 +144,12 @@ static long setup_sigcontext(struct rt_sigframe
__user *frame,
{
struct sigcontext __user *sc = &frame->uc.uc_mcontext;
long err;
+
/* sc_regs is structured the same as the start of pt_regs */
err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs));
+ if (unlikely(err))
+ return -EFAULT;
+
/* Save the floating-point state. */
if (has_fpu)
err |= save_fp_state(regs, &sc->sc_fpregs);
--
2.1.0
(2) or just leave it as it is and ignore this patch?
Thanks,
Tiezhu
>
> Note: setup_rt_frame -> setup_sigcontext -> save_fp_frame
>
>>
>> Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
>> ---
>> arch/riscv/kernel/signal.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c
>> index 65942b3..2238fc5 100644
>> --- a/arch/riscv/kernel/signal.c
>> +++ b/arch/riscv/kernel/signal.c
>> @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs,
>> fstate_save(current, regs);
>> err = __copy_to_user(state, ¤t->thread.fstate,
>> sizeof(*state));
>> if (unlikely(err))
>> - return err;
>> + return -EFAULT;
>> /* We support no other extension state at this time. */
>> for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) {
>> @@ -140,8 +140,12 @@ static long setup_sigcontext(struct rt_sigframe
>> __user *frame,
>> {
>> struct sigcontext __user *sc = &frame->uc.uc_mcontext;
>> long err;
>> +
>> /* sc_regs is structured the same as the start of pt_regs */
>> err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs));
>> + if (unlikely(err))
>> + return -EFAULT;
>> +
>> /* Save the floating-point state. */
>> if (has_fpu)
>> err |= save_fp_state(regs, &sc->sc_fpregs);
>>
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Tiezhu Yang <yangtiezhu@loongson.cn>
To: Ben Dooks <ben.dooks@codethink.co.uk>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>
Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] riscv: Return -EFAULT if copy_to_user() failed in signal.c
Date: Wed, 3 Mar 2021 09:53:03 +0800 [thread overview]
Message-ID: <07aa690f-b37d-7d91-414f-f5dfda98a868@loongson.cn> (raw)
In-Reply-To: <aa84cddb-9c04-3bad-49de-2fb3056ec44a@codethink.co.uk>
On 03/02/2021 06:01 PM, Ben Dooks wrote:
> On 02/03/2021 07:28, Tiezhu Yang wrote:
>> copy_to_user() returns the amount left to copy, it should return -EFAULT
>> if copy to user failed.
>
> This looks technically correct, but the caller (only one)
> will check for non-zero and will covert that to -EFAULT
> in setup_rt_frame().
Yes, as you said, the original code logic has no problem, it will covert
that to -EFAULT in setup_rt_frame().
The initial aim of this patch is to make save_fp_state() return error code
if __copy_to_user() failed, just like it returns -EFAULT if __put_user()
failed.
I notice that restore_fp_state() has similar issue, it will return -EFAULT
if __get_user() failed and maybe return -EINVAL in the other error case,
both -EFAULT and -EINVAL are error code, but when __copy_from_user() failed,
it does not return an error code, which seems not so consistent.
>
> I expect if this change is done, it also needs to be done
> for the callers too and there's a few others than assume
> !=0 is an error.
>
> I think it would be easier to define save_fp_state() to
> return non-zero on error and note it does not return an
> error code. It may be worth exiting the functio nif
> the first __copy_to_user fails?
Now,
(1) is it necessary to do some changes? If yes, I will send v2 later.
Like this:
[PATCH v2] riscv: Return -EFAULT if copy_{to,from}_user() failed in
signal.c
copy_{to,from}_user() returns the amount left to copy, it should return
-EFAULT error code if copy {to,from} user failed, just like the return
value is an error code when {put,get}_user() failed, this is to make the
return value consistent, no function change.
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
---
arch/riscv/kernel/signal.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c
index 65942b3..c76d877 100644
--- a/arch/riscv/kernel/signal.c
+++ b/arch/riscv/kernel/signal.c
@@ -39,7 +39,7 @@ static long restore_fp_state(struct pt_regs *regs,
err = __copy_from_user(¤t->thread.fstate, state,
sizeof(*state));
if (unlikely(err))
- return err;
+ return -EFAULT;
fstate_restore(current, regs);
@@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs,
fstate_save(current, regs);
err = __copy_to_user(state, ¤t->thread.fstate, sizeof(*state));
if (unlikely(err))
- return err;
+ return -EFAULT;
/* We support no other extension state at this time. */
for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) {
@@ -87,8 +87,12 @@ static long restore_sigcontext(struct pt_regs *regs,
struct sigcontext __user *sc)
{
long err;
+
/* sc_regs is structured the same as the start of pt_regs */
err = __copy_from_user(regs, &sc->sc_regs, sizeof(sc->sc_regs));
+ if (unlikely(err))
+ return -EFAULT;
+
/* Restore the floating-point state. */
if (has_fpu)
err |= restore_fp_state(regs, &sc->sc_fpregs);
@@ -140,8 +144,12 @@ static long setup_sigcontext(struct rt_sigframe
__user *frame,
{
struct sigcontext __user *sc = &frame->uc.uc_mcontext;
long err;
+
/* sc_regs is structured the same as the start of pt_regs */
err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs));
+ if (unlikely(err))
+ return -EFAULT;
+
/* Save the floating-point state. */
if (has_fpu)
err |= save_fp_state(regs, &sc->sc_fpregs);
--
2.1.0
(2) or just leave it as it is and ignore this patch?
Thanks,
Tiezhu
>
> Note: setup_rt_frame -> setup_sigcontext -> save_fp_frame
>
>>
>> Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
>> ---
>> arch/riscv/kernel/signal.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c
>> index 65942b3..2238fc5 100644
>> --- a/arch/riscv/kernel/signal.c
>> +++ b/arch/riscv/kernel/signal.c
>> @@ -67,7 +67,7 @@ static long save_fp_state(struct pt_regs *regs,
>> fstate_save(current, regs);
>> err = __copy_to_user(state, ¤t->thread.fstate,
>> sizeof(*state));
>> if (unlikely(err))
>> - return err;
>> + return -EFAULT;
>> /* We support no other extension state at this time. */
>> for (i = 0; i < ARRAY_SIZE(sc_fpregs->q.reserved); i++) {
>> @@ -140,8 +140,12 @@ static long setup_sigcontext(struct rt_sigframe
>> __user *frame,
>> {
>> struct sigcontext __user *sc = &frame->uc.uc_mcontext;
>> long err;
>> +
>> /* sc_regs is structured the same as the start of pt_regs */
>> err = __copy_to_user(&sc->sc_regs, regs, sizeof(sc->sc_regs));
>> + if (unlikely(err))
>> + return -EFAULT;
>> +
>> /* Save the floating-point state. */
>> if (has_fpu)
>> err |= save_fp_state(regs, &sc->sc_fpregs);
>>
>
>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2021-03-03 11:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-02 7:28 [PATCH] riscv: Return -EFAULT if copy_to_user() failed in signal.c Tiezhu Yang
2021-03-02 7:28 ` Tiezhu Yang
2021-03-02 10:01 ` Ben Dooks
2021-03-02 10:01 ` Ben Dooks
2021-03-03 1:53 ` Tiezhu Yang [this message]
2021-03-03 1:53 ` Tiezhu Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=07aa690f-b37d-7d91-414f-f5dfda98a868@loongson.cn \
--to=yangtiezhu@loongson.cn \
--cc=aou@eecs.berkeley.edu \
--cc=ben.dooks@codethink.co.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.