From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8CABC54EE9 for ; Fri, 16 Sep 2022 14:02:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2D71A94000B; Fri, 16 Sep 2022 10:02:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 28416940007; Fri, 16 Sep 2022 10:02:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 14CA394000B; Fri, 16 Sep 2022 10:02:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 08AFF940007 for ; Fri, 16 Sep 2022 10:02:06 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id C63A8C0F45 for ; Fri, 16 Sep 2022 14:02:05 +0000 (UTC) X-FDA: 79918112610.14.C5F2413 Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by imf24.hostedemail.com (Postfix) with ESMTP id 3E068180122 for ; Fri, 16 Sep 2022 14:02:02 +0000 (UTC) Received: by mail-pf1-f173.google.com with SMTP id b23so21325345pfp.9 for ; Fri, 16 Sep 2022 07:02:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=m4dgh/mxnUSEPj3HfQNUBb5nsgYsEWdLYyqOM0O6Vpg=; b=jI1TBoHWK7INYvXXCvlGHB3MZlBO14PcpeillYZKgYjgbsEt606qO+fSOI6Fml4RMR oX0N/4bEKvlQblCR4Ff83CVuQnrm1mUSNafLG4I+SvO1ZKzjcWx2TGHTJlj0VNf1U4hn utwv4NmQdiJMsYb3StFL0V6D7PE1YBv1gfboI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=m4dgh/mxnUSEPj3HfQNUBb5nsgYsEWdLYyqOM0O6Vpg=; b=poeQmLwI+WZkuGinu+FV2GjFP3on6l+ydlxuOrBSgNtFdrPc1rDbWm3XNbDuc1fM48 6tJFABUssTssfL1rClrr5Kbe1N6KlJJOPOTKqYcQLxhSXwNu1B0FNuTD6L6j0K8jG6k1 axKf7muM2CnUkptzUH8ILv9I6LtqoLN/RrOgYeJsrA1IoBUePV6/pFEwBg8WjscAesGh VVwY7spbrh+weUrGAJSgeHTsYUGRWS2PtV31QY1SHCTg/Lhl1rrM9RGOl73a4hC4ZG/S 4fma2IL7xAvad7u+WaIB6aFr9AkNRTmpg5B48+D4PO5Sc7sZGqCFTV5wdLseU3IVCJsm JchA== X-Gm-Message-State: ACrzQf3/IJHHgwSBZ6zKp8pAn32zo+1ZDszoqNtmybkxHv5LEe6POeJy 7npO8je1TZoDj97jb6VotshVqw== X-Google-Smtp-Source: AMsMyM5ruebRsvODVR+Z/MGmOdF0Yq6HP2tQiwWDNCKT5n+gY73mAViYZmQmRLDXngcku4Y2YMW4sw== X-Received: by 2002:a63:5620:0:b0:429:9ad7:b4f2 with SMTP id k32-20020a635620000000b004299ad7b4f2mr4652001pgb.162.1663336921065; Fri, 16 Sep 2022 07:02:01 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h16-20020a17090adb9000b001f5513f6fb9sm1575447pjv.14.2022.09.16.07.01.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Sep 2022 07:01:59 -0700 (PDT) From: Kees Cook To: Matthew Wilcox Cc: Kees Cook , Uladzislau Rezki , Andrew Morton , Yu Zhao , dev@der-flo.net, linux-mm@kvack.org, linux-hardening@vger.kernel.org, Peter Zijlstra , Ingo Molnar , linux-kernel@vger.kernel.org, x86@kernel.org, linux-perf-users@vger.kernel.org, linux-arch@vger.kernel.org Subject: [PATCH 3/3] usercopy: Add find_vmap_area_try() to avoid deadlocks Date: Fri, 16 Sep 2022 06:59:57 -0700 Message-Id: <20220916135953.1320601-4-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220916135953.1320601-1-keescook@chromium.org> References: <20220916135953.1320601-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2412; h=from:subject; bh=QZ6Z8NUryO+WXs11aot8e62UrW7zXJzgNjf9RA+g260=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjJIFZPv4/7ywbrNNcCVWPzvTkr6HcSFspF17/+HNL KUwNf5SJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYySBWQAKCRCJcvTf3G3AJreQEA CZOZ/BXt+5KgNX9VpTzYbr5l4Hxnm2HUfC9ouhb1vIQvd4GSBXv3YLWuN5JWTlnt8SLltG5TzQ64XT JEALXvYOE51UQlH9TVsscdQ3ed9BiHQDIwWmJzzb8FupJHdUxocPiKLXEOpny4QxCjZXqZR2QUT1KF DTpNiY57v/Pz0iYpqNmDaFW+w1DudEMX1EqIfAmBD5p7XvEzsCFup+suxrh7eK4e2e8g2uTAJR0h7u WP9ccsTCfqqYqwqFsP17hREGzgqIE+nOsnmROYXhji0C9r4zHVOECoU50SxlLx8ik1AnMvzL8j33K9 6ltpwFCWNfMC1OQuzaLA2VDK3Y7OTnO+wlfsC6SAl841m22iP54H3+oLBATH4pRw2zNDa4ONYSiZLt YeW8xd/Bi+7Zr6gh8awsBpUuwAJVK7JhrgxrW5qYMRh69Nm/Njoh7h2EGjpauv1+wRFh90ku7vksTu K4AsS0mwIvNqjgjXribZKXFdBWP92MljiXksXsWwJbV0rzAceFU17Luum+I8PVS5lbpkvG+wV0pKmH CPIZ5l7zEv8gc2aCt6sCCnn5XRcLR8kKdKsCgWSm3Dm7tYvK1JeVDZBHDNXYt4Yc8Rng1UaNDO8oZd YpM/VgautWGgX3BmxCNGNqgX8LQJh/gH0mqQssJCDW6F9B6dOUHtX9OyCbcQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1663336922; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=m4dgh/mxnUSEPj3HfQNUBb5nsgYsEWdLYyqOM0O6Vpg=; b=vc4DfrPbG0A36YrdVEtqbAs8nizkx//9zWOhFi2ivIG5ylGka4eS8LmCD/K0P50+R2WSBg 9dcpniCax9SY2XzS31SekOIGHjiHc3EO/YHtBpQvC8oQYUSXiARimF0OflrO4ZDB6Tyu+7 PXGJi4WDZOVZTzWRbwpBmlPRo0egGzo= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=jI1TBoHW; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf24.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.173 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1663336922; a=rsa-sha256; cv=none; b=4WInnYoRznKxtcXbb/Itl5Xjdb7ZVZHDwkMZ9tln2fVq67NcT+TCvVzK+PN2RwqJDZc17/ JQec+j0YI5aaBu/tSMUiUTYJSHpCQ1jD45N++QM9L+UHQpcBi4NHMcFebzWWmH3fsF6LNf Rjq1cWyAGfNJH+57+1WXE2SpSEfhc98= Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=jI1TBoHW; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf24.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.173 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Stat-Signature: 4imkbj4jao7qxpatohekc4d7b8mkkrkw X-Rspamd-Queue-Id: 3E068180122 X-Rspamd-Server: rspam12 X-Rspam-User: X-HE-Tag: 1663336922-304230 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The check_object_size() checks under CONFIG_HARDENED_USERCOPY need to be more defensive against running from interrupt context. Use a best-effort check for VMAP areas when running in interrupt context Suggested-by: Matthew Wilcox Link: https://lore.kernel.org/linux-mm/YyQ2CSdIJdvQPSPO@casper.infradead.org Cc: Andrew Morton Cc: Yu Zhao Cc: dev@der-flo.net Cc: linux-mm@kvack.org Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook --- include/linux/vmalloc.h | 1 + mm/usercopy.c | 11 ++++++++++- mm/vmalloc.c | 11 +++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h index 096d48aa3437..c8a00f181a11 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -216,6 +216,7 @@ void free_vm_area(struct vm_struct *area); extern struct vm_struct *remove_vm_area(const void *addr); extern struct vm_struct *find_vm_area(const void *addr); struct vmap_area *find_vmap_area(unsigned long addr); +struct vmap_area *find_vmap_area_try(unsigned long addr); static inline bool is_vm_area_hugepages(const void *addr) { diff --git a/mm/usercopy.c b/mm/usercopy.c index c1ee15a98633..4a371099ac64 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c @@ -173,7 +173,16 @@ static inline void check_heap_object(const void *ptr, unsigned long n, } if (is_vmalloc_addr(ptr)) { - struct vmap_area *area = find_vmap_area(addr); + struct vmap_area *area; + + if (unlikely(in_interrupt())) { + area = find_vmap_area_try(addr); + /* Give up under interrupt to avoid deadlocks. */ + if (!area) + return; + } else { + area = find_vmap_area(addr); + } if (!area) usercopy_abort("vmalloc", "no area", to_user, 0, n); diff --git a/mm/vmalloc.c b/mm/vmalloc.c index dd6cdb201195..f14f1902c2f6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -1840,6 +1840,17 @@ struct vmap_area *find_vmap_area(unsigned long addr) return va; } +struct vmap_area *find_vmap_area_try(unsigned long addr) +{ + struct vmap_area *va = NULL; + + if (spin_trylock(&vmap_area_lock)) { + va = __find_vmap_area(addr, &vmap_area_root); + spin_unlock(&vmap_area_lock); + } + return va; +} + /*** Per cpu kva allocator ***/ /* -- 2.34.1