mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-29 09:12:07 +00:00
kasan: move checks to do_strncpy_from_user
Patch series "kasan: migrate the last module test to kunit", v4.
copy_user_test() is the last KUnit-incompatible test with
CONFIG_KASAN_MODULE_TEST requirement, which we are going to migrate to
KUnit framework and delete the former test and Kconfig as well.
In this patch series:
- [1/3] move kasan_check_write() and check_object_size() to
do_strncpy_from_user() to cover with KASAN checks with
multiple conditions in strncpy_from_user().
- [2/3] migrated copy_user_test() to KUnit, where we can also test
strncpy_from_user() due to [1/4].
KUnits have been tested on:
- x86_64 with CONFIG_KASAN_GENERIC. Passed
- arm64 with CONFIG_KASAN_SW_TAGS. 1 fail. See [1]
- arm64 with CONFIG_KASAN_HW_TAGS. 1 fail. See [1]
[1] https://lore.kernel.org/linux-mm/CACzwLxj21h7nCcS2-KA_q7ybe+5pxH0uCDwu64q_9pPsydneWQ@mail.gmail.com/
- [3/3] delete CONFIG_KASAN_MODULE_TEST and documentation occurrences.
This patch (of 3):
Since in the commit 2865baf54077("x86: support user address masking
instead of non-speculative conditional") do_strncpy_from_user() is called
from multiple places, we should sanitize the kernel *dst memory and size
which were done in strncpy_from_user() previously.
Link: https://lkml.kernel.org/r/20241016131802.3115788-1-snovitoll@gmail.com
Link: https://lkml.kernel.org/r/20241016131802.3115788-2-snovitoll@gmail.com
Fixes: 2865baf540
("x86: support user address masking instead of non-speculative conditional")
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Alex Shi <alexs@kernel.org>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Hu Haowen <2023002089@link.tyut.edu.cn>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Marco Elver <elver@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Yanteng Si <siyanteng@loongson.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
This commit is contained in:
parent
aaf2914aec
commit
ae193dd793
@ -120,6 +120,9 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
|
|||||||
if (unlikely(count <= 0))
|
if (unlikely(count <= 0))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
kasan_check_write(dst, count);
|
||||||
|
check_object_size(dst, count, false);
|
||||||
|
|
||||||
if (can_do_masked_user_access()) {
|
if (can_do_masked_user_access()) {
|
||||||
long retval;
|
long retval;
|
||||||
|
|
||||||
@ -142,8 +145,6 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
|
|||||||
if (max > count)
|
if (max > count)
|
||||||
max = count;
|
max = count;
|
||||||
|
|
||||||
kasan_check_write(dst, count);
|
|
||||||
check_object_size(dst, count, false);
|
|
||||||
if (user_read_access_begin(src, max)) {
|
if (user_read_access_begin(src, max)) {
|
||||||
retval = do_strncpy_from_user(dst, src, count, max);
|
retval = do_strncpy_from_user(dst, src, count, max);
|
||||||
user_read_access_end();
|
user_read_access_end();
|
||||||
|
Loading…
Reference in New Issue
Block a user