From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1190AC43603 for ; Thu, 5 Dec 2019 00:52:43 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C7C5722464 for ; Thu, 5 Dec 2019 00:52:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="HQl5Rxoy" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C7C5722464 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 772EA6B0DD2; Wed, 4 Dec 2019 19:52:42 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 724426B0DD4; Wed, 4 Dec 2019 19:52:42 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 660F86B0DD5; Wed, 4 Dec 2019 19:52:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 5468B6B0DD2 for ; Wed, 4 Dec 2019 19:52:42 -0500 (EST) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with SMTP id 13215180AD811 for ; Thu, 5 Dec 2019 00:52:42 +0000 (UTC) X-FDA: 76229262564.27.front58_178b97d97d30b X-HE-Tag: front58_178b97d97d30b X-Filterd-Recvd-Size: 2678 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf09.hostedemail.com (Postfix) with ESMTP for ; Thu, 5 Dec 2019 00:52:41 +0000 (UTC) Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D2AF021823; Thu, 5 Dec 2019 00:52:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1575507161; bh=fTRHhdU69Gd/lkOtizASvTWSIuIPWyLFBzpSUv3YlYQ=; h=Date:From:To:Subject:In-Reply-To:From; b=HQl5Rxoyqbk0mUN2ZqdU70Tfxth3CFwAH9zxy3WroSeukK3RBSdjfPLVrMuALmH7G kuhsXYdg9x6P4c3s0GsKfm/1zGLFtHPpX+wPsCRAX6djDgupgGg21aJCWGh/0HKhC7 LO9kgeysKpGOmWywmuS9Yd/7htCQ298FtqWD4EEE= Date: Wed, 04 Dec 2019 16:52:40 -0800 From: Andrew Morton To: akpm@linux-foundation.org, dan.carpenter@oracle.com, keescook@chromium.org, linux-mm@kvack.org, mm-commits@vger.kernel.org, torvalds@linux-foundation.org, viro@zeniv.linux.org.uk Subject: [patch 55/86] uaccess: disallow > INT_MAX copy sizes Message-ID: <20191205005240.IwpaFCOyr%akpm@linux-foundation.org> In-Reply-To: <20191204164858.fe4ed8886e34ad9f3b34ea00@linux-foundation.org> User-Agent: s-nail v14.8.16 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Kees Cook Subject: uaccess: disallow > INT_MAX copy sizes As we've done with VFS, string operations, etc, reject usercopy sizes larger than INT_MAX, which would be nice to have for catching bugs related to size calculation overflows[1]. This adds 10 bytes to x86_64 defconfig text and 1980 bytes to the data section: text data bss dec hex filename 19691167 5134320 1646664 26472151 193eed7 vmlinux.before 19691177 5136300 1646664 26474141 193f69d vmlinux.after [1] https://marc.info/?l=linux-s390&m=156631939010493&w=2 Link: http://lkml.kernel.org/r/201908251612.F9902D7A@keescook Signed-off-by: Kees Cook Suggested-by: Dan Carpenter Cc: Alexander Viro Signed-off-by: Andrew Morton --- include/linux/thread_info.h | 2 ++ 1 file changed, 2 insertions(+) --- a/include/linux/thread_info.h~uaccess-disallow-int_max-copy-sizes +++ a/include/linux/thread_info.h @@ -147,6 +147,8 @@ check_copy_size(const void *addr, size_t __bad_copy_to(); return false; } + if (WARN_ON_ONCE(bytes > INT_MAX)) + return false; check_object_size(addr, bytes, is_source); return true; } _