* [PATCH] [V2] x86/asm: add __user on copy_user_handle_tail() pointers
@ 2019-03-30 11:56 Ben Dooks
2019-03-30 19:35 ` Mukesh Ojha
2019-04-02 8:43 ` [tip:x86/asm] x86/asm: Annotate copy_user_handle_tail() pointers with __user tip-bot for Ben Dooks
0 siblings, 2 replies; 3+ messages in thread
From: Ben Dooks @ 2019-03-30 11:56 UTC (permalink / raw)
To: linux-kernel; +Cc: x86, mingo, bp, hpa, torvalds, tglx, Ben Dooks
The copy_user_handle_tail() clearly uses both from and to as pointers
to user-space memory. This triggers sparse warning on using the calls
to get and put to user-space. This can be fixed easily by changing the
call to take __user annotated pointer.s
arch/x86/lib/usercopy_64.c:68:21: warning: incorrect type in argument 1 (different address spaces)
arch/x86/lib/usercopy_64.c:68:21: expected void const volatile [noderef] <asn:1>*<noident>
arch/x86/lib/usercopy_64.c:68:21: got char *
arch/x86/lib/usercopy_64.c:70:21: warning: incorrect type in argument 1 (different address spaces)
arch/x86/lib/usercopy_64.c:70:21: expected void const volatile [noderef] <asn:1>*<noident>
arch/x86/lib/usercopy_64.c:70:21: got char *to
From Linus Torvalds:
On Thu, Mar 28, 2019 at 12:24 AM Borislav Petkov <bp@alien8.de> wrote:
Well, but copy_user_generic() (which ends up calling the
copy_user_handle_tail() eventually) casts those __user pointers to
(__force void *). Converting them back to __user looks strange to me.
Linus?
Well, it does that because the x86 version of copy_user_generic() can
work in either direction, so it works when either the source or
destination (or both) are user pointers, but they don't _have_ to be.
So the "userness" of a pointer in that context is a bit ambiguous, and
so we've picked the pointers to be just plain "void *".
That said, arguably we should have gone the other way and just made
them both "__user" pointers, and do the cast the other way around.
But there's no absolutely right answer here, and nobody should ever
use copy_user_generic() directly (ie it is very much meant to be only
used as a internal helper for the cases that get the pointer
annotations right).
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
---
arch/x86/include/asm/uaccess_64.h | 2 +-
arch/x86/lib/usercopy_64.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index a9d637bc301d..cbca2cb28939 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -208,7 +208,7 @@ __copy_from_user_flushcache(void *dst, const void __user *src, unsigned size)
}
unsigned long
-copy_user_handle_tail(char *to, char *from, unsigned len);
+copy_user_handle_tail(char __user *to, char __user *from, unsigned len);
unsigned long
mcsafe_handle_tail(char *to, char *from, unsigned len);
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index ee42bb0cbeb3..aa180424e77a 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -60,7 +60,7 @@ EXPORT_SYMBOL(clear_user);
* it is not necessary to optimize tail handling.
*/
__visible unsigned long
-copy_user_handle_tail(char *to, char *from, unsigned len)
+copy_user_handle_tail(char __user *to, char __user *from, unsigned len)
{
for (; len; --len, to++) {
char c;
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] [V2] x86/asm: add __user on copy_user_handle_tail() pointers
2019-03-30 11:56 [PATCH] [V2] x86/asm: add __user on copy_user_handle_tail() pointers Ben Dooks
@ 2019-03-30 19:35 ` Mukesh Ojha
2019-04-02 8:43 ` [tip:x86/asm] x86/asm: Annotate copy_user_handle_tail() pointers with __user tip-bot for Ben Dooks
1 sibling, 0 replies; 3+ messages in thread
From: Mukesh Ojha @ 2019-03-30 19:35 UTC (permalink / raw)
To: Ben Dooks, linux-kernel; +Cc: x86, mingo, bp, hpa, torvalds, tglx
On 3/30/2019 5:26 PM, Ben Dooks wrote:
> The copy_user_handle_tail() clearly uses both from and to as pointers
> to user-space memory. This triggers sparse warning on using the calls
> to get and put to user-space. This can be fixed easily by changing the
> call to take __user annotated pointer.s
>
> arch/x86/lib/usercopy_64.c:68:21: warning: incorrect type in argument 1 (different address spaces)
> arch/x86/lib/usercopy_64.c:68:21: expected void const volatile [noderef] <asn:1>*<noident>
> arch/x86/lib/usercopy_64.c:68:21: got char *
> arch/x86/lib/usercopy_64.c:70:21: warning: incorrect type in argument 1 (different address spaces)
> arch/x86/lib/usercopy_64.c:70:21: expected void const volatile [noderef] <asn:1>*<noident>
> arch/x86/lib/usercopy_64.c:70:21: got char *to
>
> From Linus Torvalds:
>
> On Thu, Mar 28, 2019 at 12:24 AM Borislav Petkov <bp@alien8.de> wrote:
>
> Well, but copy_user_generic() (which ends up calling the
> copy_user_handle_tail() eventually) casts those __user pointers to
> (__force void *). Converting them back to __user looks strange to me.
>
> Linus?
>
> Well, it does that because the x86 version of copy_user_generic() can
> work in either direction, so it works when either the source or
> destination (or both) are user pointers, but they don't _have_ to be.
>
> So the "userness" of a pointer in that context is a bit ambiguous, and
> so we've picked the pointers to be just plain "void *".
>
> That said, arguably we should have gone the other way and just made
> them both "__user" pointers, and do the cast the other way around.
>
> But there's no absolutely right answer here, and nobody should ever
> use copy_user_generic() directly (ie it is very much meant to be only
> used as a internal helper for the cases that get the pointer
> annotations right).
>
> Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Cheers,
-Mukesh
> ---
> arch/x86/include/asm/uaccess_64.h | 2 +-
> arch/x86/lib/usercopy_64.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
> index a9d637bc301d..cbca2cb28939 100644
> --- a/arch/x86/include/asm/uaccess_64.h
> +++ b/arch/x86/include/asm/uaccess_64.h
> @@ -208,7 +208,7 @@ __copy_from_user_flushcache(void *dst, const void __user *src, unsigned size)
> }
>
> unsigned long
> -copy_user_handle_tail(char *to, char *from, unsigned len);
> +copy_user_handle_tail(char __user *to, char __user *from, unsigned len);
>
> unsigned long
> mcsafe_handle_tail(char *to, char *from, unsigned len);
> diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
> index ee42bb0cbeb3..aa180424e77a 100644
> --- a/arch/x86/lib/usercopy_64.c
> +++ b/arch/x86/lib/usercopy_64.c
> @@ -60,7 +60,7 @@ EXPORT_SYMBOL(clear_user);
> * it is not necessary to optimize tail handling.
> */
> __visible unsigned long
> -copy_user_handle_tail(char *to, char *from, unsigned len)
> +copy_user_handle_tail(char __user *to, char __user *from, unsigned len)
> {
> for (; len; --len, to++) {
> char c;
^ permalink raw reply [flat|nested] 3+ messages in thread
* [tip:x86/asm] x86/asm: Annotate copy_user_handle_tail() pointers with __user
2019-03-30 11:56 [PATCH] [V2] x86/asm: add __user on copy_user_handle_tail() pointers Ben Dooks
2019-03-30 19:35 ` Mukesh Ojha
@ 2019-04-02 8:43 ` tip-bot for Ben Dooks
1 sibling, 0 replies; 3+ messages in thread
From: tip-bot for Ben Dooks @ 2019-04-02 8:43 UTC (permalink / raw)
To: linux-tip-commits
Cc: mingo, adobriyan, bp, jannh, ben.dooks, mingo, hpa, mojha,
linux-kernel, torvalds, tglx, x86, dan.j.williams, mpatocka
Commit-ID: b5dbb6799e3e5b8ebdce33b52b2d4ec9c66e15fe
Gitweb: https://git.kernel.org/tip/b5dbb6799e3e5b8ebdce33b52b2d4ec9c66e15fe
Author: Ben Dooks <ben.dooks@codethink.co.uk>
AuthorDate: Sat, 30 Mar 2019 11:56:24 +0000
Committer: Borislav Petkov <bp@suse.de>
CommitDate: Tue, 2 Apr 2019 10:38:51 +0200
x86/asm: Annotate copy_user_handle_tail() pointers with __user
copy_user_handle_tail() clearly uses both @from and @to as pointers to
user-space memory.
Currently, it triggers sparse warning on using the calls to get and put
to user-space which can be fixed easily by changing the call to take
__user annotated pointers:
arch/x86/lib/usercopy_64.c:68:21: warning: incorrect type in argument 1 (different address spaces)
arch/x86/lib/usercopy_64.c:68:21: expected void const volatile [noderef] <asn:1>*<noident>
arch/x86/lib/usercopy_64.c:68:21: got char *
arch/x86/lib/usercopy_64.c:70:21: warning: incorrect type in argument 1 (different address spaces)
arch/x86/lib/usercopy_64.c:70:21: expected void const volatile [noderef] <asn:1>*<noident>
arch/x86/lib/usercopy_64.c:70:21: got char *to
Linus further explains the reasoning why it was done this way:
On Thu, Mar 28, 2019 at 12:24 AM Borislav Petkov <bp@alien8.de> wrote:
> Well, but copy_user_generic() (which ends up calling the
> copy_user_handle_tail() eventually) casts those __user pointers to
> (__force void *). Converting them back to __user looks strange to me.
>
> Linus?
Well, it does that because the x86 version of copy_user_generic() can
work in either direction, so it works when either the source or
destination (or both) are user pointers, but they don't _have_ to be.
So the "userness" of a pointer in that context is a bit ambiguous, and
so we've picked the pointers to be just plain "void *".
That said, arguably we should have gone the other way and just made
them both "__user" pointers, and do the cast the other way around.
But there's no absolutely right answer here, and nobody should ever
use copy_user_generic() directly (ie it is very much meant to be only
used as a internal helper for the cases that get the pointer
annotations right).
[ bp: massage. ]
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: mingo@redhat.co
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190330115624.4000-1-ben.dooks@codethink.co.uk
---
arch/x86/include/asm/uaccess_64.h | 2 +-
arch/x86/lib/usercopy_64.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index a9d637bc301d..cbca2cb28939 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -208,7 +208,7 @@ __copy_from_user_flushcache(void *dst, const void __user *src, unsigned size)
}
unsigned long
-copy_user_handle_tail(char *to, char *from, unsigned len);
+copy_user_handle_tail(char __user *to, char __user *from, unsigned len);
unsigned long
mcsafe_handle_tail(char *to, char *from, unsigned len);
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index ee42bb0cbeb3..aa180424e77a 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -60,7 +60,7 @@ EXPORT_SYMBOL(clear_user);
* it is not necessary to optimize tail handling.
*/
__visible unsigned long
-copy_user_handle_tail(char *to, char *from, unsigned len)
+copy_user_handle_tail(char __user *to, char __user *from, unsigned len)
{
for (; len; --len, to++) {
char c;
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-04-02 8:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-30 11:56 [PATCH] [V2] x86/asm: add __user on copy_user_handle_tail() pointers Ben Dooks
2019-03-30 19:35 ` Mukesh Ojha
2019-04-02 8:43 ` [tip:x86/asm] x86/asm: Annotate copy_user_handle_tail() pointers with __user tip-bot for Ben Dooks
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.