* [PATCH 1/2][v3] proc: use vmalloc for our kernel buffer
@ 2020-08-13 16:13 Josef Bacik
2020-08-13 16:13 ` [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user Josef Bacik
0 siblings, 1 reply; 6+ messages in thread
From: Josef Bacik @ 2020-08-13 16:13 UTC (permalink / raw)
To: hch, viro, willy, linux-kernel, linux-fsdevel, kernel-team
Since
sysctl: pass kernel pointers to ->proc_handler
we have been pre-allocating a buffer to copy the data from the proc
handlers into, and then copying that to userspace. The problem is this
just blind kmalloc()'s the buffer size passed in from the read, which in
the case of our 'cat' binary was 64kib. Order-4 allocations are not
awesome, and since we can potentially allocate up to our maximum order,
use vmalloc for these buffers.
Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler")
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
v2->v3:
- Rename vmemdup_user_nul to kvmemdup_user_nul.
v1->v2:
- Make vmemdup_user_nul actually do the right thing...sorry about that.
fs/proc/proc_sysctl.c | 6 +++---
include/linux/string.h | 1 +
mm/util.c | 27 +++++++++++++++++++++++++++
3 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 6c1166ccdaea..8e19bad83b45 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -571,13 +571,13 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
goto out;
if (write) {
- kbuf = memdup_user_nul(ubuf, count);
+ kbuf = kvmemdup_user_nul(ubuf, count);
if (IS_ERR(kbuf)) {
error = PTR_ERR(kbuf);
goto out;
}
} else {
- kbuf = kzalloc(count, GFP_KERNEL);
+ kbuf = kvzalloc(count, GFP_KERNEL);
if (!kbuf)
goto out;
}
@@ -600,7 +600,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
error = count;
out_free_buf:
- kfree(kbuf);
+ kvfree(kbuf);
out:
sysctl_head_finish(head);
diff --git a/include/linux/string.h b/include/linux/string.h
index 9b7a0632e87a..21bb6d3d88c4 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -12,6 +12,7 @@
extern char *strndup_user(const char __user *, long);
extern void *memdup_user(const void __user *, size_t);
extern void *vmemdup_user(const void __user *, size_t);
+extern void *kvmemdup_user_nul(const void __user *, size_t);
extern void *memdup_user_nul(const void __user *, size_t);
/*
diff --git a/mm/util.c b/mm/util.c
index 5ef378a2a038..cf454d57d3e2 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -208,6 +208,33 @@ void *vmemdup_user(const void __user *src, size_t len)
}
EXPORT_SYMBOL(vmemdup_user);
+/**
+ * kvmemdup_user_nul - duplicate memory region from user space and NUL-terminate
+ *
+ * @src: source address in user space
+ * @len: number of bytes to copy
+ *
+ * Return: an ERR_PTR() on failure. Result may be not
+ * physically contiguous. Use kvfree() to free.
+ */
+void *kvmemdup_user_nul(const void __user *src, size_t len)
+{
+ char *p;
+
+ p = kvmalloc(len + 1, GFP_USER);
+ if (!p)
+ return ERR_PTR(-ENOMEM);
+
+ if (copy_from_user(p, src, len)) {
+ kvfree(p);
+ return ERR_PTR(-EFAULT);
+ }
+ p[len] = '\0';
+
+ return p;
+}
+EXPORT_SYMBOL(kvmemdup_user_nul);
+
/**
* strndup_user - duplicate an existing string from user space
* @s: The string to duplicate
--
2.24.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user
2020-08-13 16:13 [PATCH 1/2][v3] proc: use vmalloc for our kernel buffer Josef Bacik
@ 2020-08-13 16:13 ` Josef Bacik
2020-08-13 18:52 ` kernel test robot
2020-08-13 18:52 ` [PATCH] tree-wide: fix memdup_user.cocci warnings kernel test robot
0 siblings, 2 replies; 6+ messages in thread
From: Josef Bacik @ 2020-08-13 16:13 UTC (permalink / raw)
To: hch, viro, willy, linux-kernel, linux-fsdevel, kernel-team
This helper uses kvmalloc, not vmalloc, so rename it to kvmemdup_user to
make it clear we're using kvmalloc() and will need to use kvfree().
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
arch/x86/kvm/cpuid.c | 6 +++---
drivers/gpu/drm/virtio/virtgpu_ioctl.c | 2 +-
drivers/tty/vt/consolemap.c | 2 +-
include/linux/string.h | 2 +-
mm/util.c | 6 +++---
sound/core/control.c | 4 ++--
virt/kvm/kvm_main.c | 4 ++--
7 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 3fd6eec202d7..22834ea499ee 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -200,9 +200,9 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
goto out;
if (cpuid->nent) {
- cpuid_entries = vmemdup_user(entries,
- array_size(sizeof(struct kvm_cpuid_entry),
- cpuid->nent));
+ cpuid_entries = kvmemdup_user(entries,
+ array_size(sizeof(struct kvm_cpuid_entry),
+ cpuid->nent));
if (IS_ERR(cpuid_entries)) {
r = PTR_ERR(cpuid_entries);
goto out;
diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index 7a2430e34e00..c2f973aa3680 100644
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -147,7 +147,7 @@ static int virtio_gpu_execbuffer_ioctl(struct drm_device *dev, void *data,
bo_handles = NULL;
}
- buf = vmemdup_user(u64_to_user_ptr(exbuf->command), exbuf->size);
+ buf = kvmemdup_user(u64_to_user_ptr(exbuf->command), exbuf->size);
if (IS_ERR(buf)) {
ret = PTR_ERR(buf);
goto out_unused_fd;
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index 5947b54d92be..2cffa8b3c74b 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -542,7 +542,7 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list)
if (!ct)
return 0;
- unilist = vmemdup_user(list, array_size(sizeof(struct unipair), ct));
+ unilist = kvmemdup_user(list, array_size(sizeof(struct unipair), ct));
if (IS_ERR(unilist))
return PTR_ERR(unilist);
diff --git a/include/linux/string.h b/include/linux/string.h
index 21bb6d3d88c4..a6f7218124a0 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -11,7 +11,7 @@
extern char *strndup_user(const char __user *, long);
extern void *memdup_user(const void __user *, size_t);
-extern void *vmemdup_user(const void __user *, size_t);
+extern void *kvmemdup_user(const void __user *, size_t);
extern void *kvmemdup_user_nul(const void __user *, size_t);
extern void *memdup_user_nul(const void __user *, size_t);
diff --git a/mm/util.c b/mm/util.c
index cf454d57d3e2..f434634b6ba3 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -183,7 +183,7 @@ void *memdup_user(const void __user *src, size_t len)
EXPORT_SYMBOL(memdup_user);
/**
- * vmemdup_user - duplicate memory region from user space
+ * kvmemdup_user - duplicate memory region from user space
*
* @src: source address in user space
* @len: number of bytes to copy
@@ -191,7 +191,7 @@ EXPORT_SYMBOL(memdup_user);
* Return: an ERR_PTR() on failure. Result may be not
* physically contiguous. Use kvfree() to free.
*/
-void *vmemdup_user(const void __user *src, size_t len)
+void *kvmemdup_user(const void __user *src, size_t len)
{
void *p;
@@ -206,7 +206,7 @@ void *vmemdup_user(const void __user *src, size_t len)
return p;
}
-EXPORT_SYMBOL(vmemdup_user);
+EXPORT_SYMBOL(kvmemdup_user);
/**
* kvmemdup_user_nul - duplicate memory region from user space and NUL-terminate
diff --git a/sound/core/control.c b/sound/core/control.c
index aa0c0cf182af..b712f4d261de 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -1297,7 +1297,7 @@ static int replace_user_tlv(struct snd_kcontrol *kctl, unsigned int __user *buf,
if (size > 1024 * 128) /* sane value */
return -EINVAL;
- container = vmemdup_user(buf, size);
+ container = kvmemdup_user(buf, size);
if (IS_ERR(container))
return PTR_ERR(container);
@@ -1365,7 +1365,7 @@ static int snd_ctl_elem_init_enum_names(struct user_element *ue)
if (ue->info.value.enumerated.names_length > 64 * 1024)
return -EINVAL;
- names = vmemdup_user((const void __user *)user_ptrval,
+ names = kvmemdup_user((const void __user *)user_ptrval,
ue->info.value.enumerated.names_length);
if (IS_ERR(names))
return PTR_ERR(names);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 737666db02de..1111780ccefd 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3814,8 +3814,8 @@ static long kvm_vm_ioctl(struct file *filp,
goto out;
if (routing.nr) {
urouting = argp;
- entries = vmemdup_user(urouting->entries,
- array_size(sizeof(*entries),
+ entries = kvmemdup_user(urouting->entries,
+ array_size(sizeof(*entries),
routing.nr));
if (IS_ERR(entries)) {
r = PTR_ERR(entries);
--
2.24.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user
2020-08-13 16:13 ` [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user Josef Bacik
@ 2020-08-13 18:52 ` kernel test robot
2020-08-13 18:52 ` [PATCH] tree-wide: fix memdup_user.cocci warnings kernel test robot
1 sibling, 0 replies; 6+ messages in thread
From: kernel test robot @ 2020-08-13 18:52 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 1112 bytes --]
Hi Josef,
I love your patch! Perhaps something to improve:
[auto build test WARNING on kvm/linux-next]
[also build test WARNING on linus/master next-20200813]
[cannot apply to hnaz-linux-mm/master hch-configfs/for-next v5.8]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Josef-Bacik/proc-use-vmalloc-for-our-kernel-buffer/20200814-001519
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
config: s390-randconfig-c004-20200813 (attached as .config)
compiler: s390-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
coccinelle warnings: (new ones prefixed by >>)
>> mm/util.c:198:5-13: WARNING opportunity for vmemdup_user
Please review and possibly fold the followup patch.
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 22972 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] tree-wide: fix memdup_user.cocci warnings
2020-08-13 16:13 ` [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user Josef Bacik
2020-08-13 18:52 ` kernel test robot
@ 2020-08-13 18:52 ` kernel test robot
1 sibling, 0 replies; 6+ messages in thread
From: kernel test robot @ 2020-08-13 18:52 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 1091 bytes --]
From: kernel test robot <lkp@intel.com>
mm/util.c:198:5-13: WARNING opportunity for vmemdup_user
Use memdup_user rather than duplicating its implementation
This is a little bit restricted to reduce false positives
Generated by: scripts/coccinelle/api/memdup_user.cocci
CC: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: kernel test robot <lkp@intel.com>
---
url: https://github.com/0day-ci/linux/commits/Josef-Bacik/proc-use-vmalloc-for-our-kernel-buffer/20200814-001519
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
Please take the patch only if it's a positive warning. Thanks!
util.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
--- a/mm/util.c
+++ b/mm/util.c
@@ -195,14 +195,9 @@ void *kvmemdup_user(const void __user *s
{
void *p;
- p = kvmalloc(len, GFP_USER);
- if (!p)
- return ERR_PTR(-ENOMEM);
-
- if (copy_from_user(p, src, len)) {
- kvfree(p);
- return ERR_PTR(-EFAULT);
- }
+ p = vmemdup_user(src, len);
+ if (IS_ERR(p))
+ return ERR_PTR(PTR_ERR(p));
return p;
}
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user
[not found] <2e717622-22ba-9947-c8df-520bdbb2e16f@web.de>
@ 2020-08-15 18:23 ` Matthew Wilcox
0 siblings, 0 replies; 6+ messages in thread
From: Matthew Wilcox @ 2020-08-15 18:23 UTC (permalink / raw)
To: Markus Elfring
Cc: Josef Bacik, linux-fsdevel, kernel-janitors, Coccinelle,
linux-kernel, kernel-team, Al Viro, Christoph Hellwig,
Denis Efremov
On Sat, Aug 15, 2020 at 03:10:12PM +0200, Markus Elfring wrote:
> > This helper uses kvmalloc, not vmalloc, so rename it to kvmemdup_user to
> > make it clear we're using kvmalloc() and will need to use kvfree().
>
> Can the renaming of this function name trigger software updates
> for any more source files?
Why don't you find out, and if there are, submit your own patch?
> Example:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/coccinelle/api/memdup_user.cocci?id=c9c9735c46f589b9877b7fc00c89ef1b61a31e18#n18
>
> Regards,
> Markus
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user
@ 2020-08-15 18:23 ` Matthew Wilcox
0 siblings, 0 replies; 6+ messages in thread
From: Matthew Wilcox @ 2020-08-15 18:23 UTC (permalink / raw)
To: Markus Elfring
Cc: kernel-janitors, linux-kernel, Josef Bacik, Al Viro,
linux-fsdevel, kernel-team, Christoph Hellwig, Coccinelle
On Sat, Aug 15, 2020 at 03:10:12PM +0200, Markus Elfring wrote:
> > This helper uses kvmalloc, not vmalloc, so rename it to kvmemdup_user to
> > make it clear we're using kvmalloc() and will need to use kvfree().
>
> Can the renaming of this function name trigger software updates
> for any more source files?
Why don't you find out, and if there are, submit your own patch?
> Example:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/coccinelle/api/memdup_user.cocci?idÉc9735c46f589b9877b7fc00c89ef1b61a31e18#n18
>
> Regards,
> Markus
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-08-15 21:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-13 16:13 [PATCH 1/2][v3] proc: use vmalloc for our kernel buffer Josef Bacik
2020-08-13 16:13 ` [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user Josef Bacik
2020-08-13 18:52 ` kernel test robot
2020-08-13 18:52 ` [PATCH] tree-wide: fix memdup_user.cocci warnings kernel test robot
[not found] <2e717622-22ba-9947-c8df-520bdbb2e16f@web.de>
2020-08-15 18:23 ` [PATCH 2/2] tree-wide: rename vmemdup_user to kvmemdup_user Matthew Wilcox
2020-08-15 18:23 ` Matthew Wilcox
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.