Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
From: Romain Perier <romain.perier@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>,
	Romain Perier <romain.perier@gmail.com>
Subject: [PRE-REVIEW PATCH 01/16] tasklet: Prepare to change tasklet callback argument type
Date: Sun, 29 Sep 2019 18:30:13 +0200
Message-ID: <20190929163028.9665-2-romain.perier@gmail.com> (raw)
In-Reply-To: <20190929163028.9665-1-romain.perier@gmail.com>

Nowadays, modern kernel subsystems that use callbacks pass the data
structure associated with a given callback as argument to the callback.
The tasklet subsystem remains the one to pass callback argument as an
arbitrary unsigned long argument. This has several problems:

- This keeps an extra field for storing the argument in each tasklet
data structure, it bloats the tasklet_struct structure with a redundant
.data field

- No type checking cannot be performed on this argument. Instead of
using container_of() like other callback subsystems, it forces callbacks
to do explicit type cast of the unsigned long argument into the required
object type.

- Buffer overflows can overwrite the .function and the .data field, so
an attacker can easily overwrite the function and its first argument
to whatever it wants.

This adds a new tasklet initialization API which will gradually replace
the existing one.

This work is greatly inspired from the timer_struct conversion series,
see commit e99e88a9d ("treewide: setup_timer() -> timer_setup()")

Signed-off-by: Romain Perier <romain.perier@gmail.com>
---
 include/linux/interrupt.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
index 89fc59dab57d..f5332ae2dbeb 100644
--- a/include/linux/interrupt.h
+++ b/include/linux/interrupt.h
@@ -673,6 +673,18 @@ extern void tasklet_kill_immediate(struct tasklet_struct *t, unsigned int cpu);
 extern void tasklet_init(struct tasklet_struct *t,
 			 void (*func)(unsigned long), unsigned long data);
 
+#define TASKLET_DATA_TYPE		unsigned long
+#define TASKLET_FUNC_TYPE		void (*)(TASKLET_DATA_TYPE)
+
+#define from_tasklet(var, callback_tasklet, tasklet_fieldname) \
+	container_of(callback_tasklet, typeof(*var), tasklet_fieldname)
+
+static inline void tasklet_setup(struct tasklet_struct *t,
+				 void (*callback)(struct tasklet_struct *))
+{
+	tasklet_init(t, (TASKLET_FUNC_TYPE)callback, (TASKLET_DATA_TYPE)t);
+}
+
 /*
  * Autoprobing for irqs:
  *
-- 
2.23.0


  reply index

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-29 16:30 [PRE-REVIEW PATCH 00/16] Modernize the tasklet API Romain Perier
2019-09-29 16:30 ` Romain Perier [this message]
2019-09-29 16:30 ` [PRE-REVIEW PATCH 02/16] crypto: ccp - Prepare to use the new " Romain Perier
2019-09-30 22:35   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 03/16] mmc: renesas_sdhi: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 04/16] net: liquidio: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 05/16] chelsio: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 06/16] net: mvpp2: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 07/16] qed: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 08/16] isdn: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 09/16] scsi: pm8001: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 10/16] scsi: pmcraid: " Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 11/16] treewide: Globally replace tasklet_init() by tasklet_setup() Romain Perier
2019-09-30 22:46   ` Kees Cook
2019-10-01 17:18     ` Romain Perier
2019-10-10 22:30       ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 12/16] tasklet: Pass tasklet_struct pointer as .data in DECLARE_TASKLET Romain Perier
2019-09-30 22:44   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 13/16] tasklet: Pass tasklet_struct pointer to callbacks unconditionally Romain Perier
2019-09-30 22:49   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 14/16] tasklet: Remove the data argument from DECLARE_TASKLET() macros Romain Perier
2019-09-30 22:50   ` Kees Cook
2019-09-29 16:30 ` [PRE-REVIEW PATCH 15/16] tasklet: convert callbacks prototype for using struct tasklet_struct * arguments Romain Perier
2019-09-29 16:30 ` [PRE-REVIEW PATCH 16/16] tasklet: Add the new initialization function permanently Romain Perier
2019-09-30 22:52   ` Kees Cook
2019-10-01 17:34     ` Romain Perier
2019-09-30 23:06 ` [PRE-REVIEW PATCH 00/16] Modernize the tasklet API Kees Cook
2019-10-01 17:47   ` Romain Perier
2019-10-10 22:34     ` Kees Cook
2019-10-30  8:20       ` Allen
2019-11-07  7:29         ` Romain Perier
2019-11-07 21:22           ` Kees Cook

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190929163028.9665-2-romain.perier@gmail.com \
    --to=romain.perier@gmail.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com
	public-inbox-index kernel-hardening

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git