From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6316FA372A for ; Wed, 16 Oct 2019 11:19:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 88FFF2067B for ; Wed, 16 Oct 2019 11:19:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392708AbfJPLTV (ORCPT ); Wed, 16 Oct 2019 07:19:21 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:40230 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389063AbfJPLTU (ORCPT ); Wed, 16 Oct 2019 07:19:20 -0400 Received: from [213.220.153.21] (helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iKhKo-0003tb-DZ; Wed, 16 Oct 2019 11:19:18 +0000 From: Christian Brauner To: christian.brauner@ubuntu.com Cc: ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, kafai@fb.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, songliubraving@fb.com, yhs@fb.com, Aleksa Sarai Subject: [PATCH bpf-next v4 1/3] bpf: use check_zeroed_user() in bpf_check_uarg_tail_zero() Date: Wed, 16 Oct 2019 13:18:08 +0200 Message-Id: <20191016111810.1799-2-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191016111810.1799-1-christian.brauner@ubuntu.com> References: <20191016034432.4418-1-christian.brauner@ubuntu.com> <20191016111810.1799-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org In v5.4-rc2 we added a new helper (cf. [1]) check_zeroed_user() which does what bpf_check_uarg_tail_zero() is doing generically. We're slowly switching such codepaths over to use check_zeroed_user() instead of using their own hand-rolled version. [1]: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper") Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Aleksa Sarai Cc: bpf@vger.kernel.org Signed-off-by: Christian Brauner --- /* v1 */ Link: https://lore.kernel.org/r/20191009160907.10981-2-christian.brauner@ubuntu.com /* v2 */ Link: https://lore.kernel.org/r/20191016004138.24845-2-christian.brauner@ubuntu.com - Alexei Starovoitov : - Add a comment in bpf_check_uarg_tail_zero() to clarify that copy_struct_from_user() should be used whenever possible instead. /* v3 */ Link: https://lore.kernel.org/r/20191016034432.4418-2-christian.brauner@ubuntu.com - Christian Brauner : - use correct checks for check_zeroed_user() /* v4 */ - Alexei Starovoitov : - remove unnecessary min() and max() calls --- kernel/bpf/syscall.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 82eabd4e38ad..8d112bc069c0 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -58,35 +58,26 @@ static const struct bpf_map_ops * const bpf_map_types[] = { * There is a ToCToU between this function call and the following * copy_from_user() call. However, this is not a concern since this function is * meant to be a future-proofing of bits. + * + * Note, instead of using bpf_check_uarg_tail_zero() followed by + * copy_from_user() use the dedicated copy_struct_from_user() helper which + * performs both tasks whenever possible. */ int bpf_check_uarg_tail_zero(void __user *uaddr, size_t expected_size, size_t actual_size) { - unsigned char __user *addr; - unsigned char __user *end; - unsigned char val; int err; if (unlikely(actual_size > PAGE_SIZE)) /* silly large */ return -E2BIG; - if (unlikely(!access_ok(uaddr, actual_size))) - return -EFAULT; - if (actual_size <= expected_size) return 0; - addr = uaddr + expected_size; - end = uaddr + actual_size; - - for (; addr < end; addr++) { - err = get_user(val, addr); - if (err) - return err; - if (val) - return -E2BIG; - } + err = check_zeroed_user(uaddr + expected_size, actual_size - expected_size); + if (err <= 0) + return err ?: -E2BIG; return 0; } -- 2.23.0