From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0137C7115C for ; Sun, 22 Jun 2025 05:19:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D46ED6B008A; Sun, 22 Jun 2025 01:19:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D1CB06B008C; Sun, 22 Jun 2025 01:19:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C31886B0092; Sun, 22 Jun 2025 01:19:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id B7F956B008A for ; Sun, 22 Jun 2025 01:19:18 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 43CC01A1738 for ; Sun, 22 Jun 2025 05:19:18 +0000 (UTC) X-FDA: 83581883196.14.C5BA6AB Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by imf19.hostedemail.com (Postfix) with ESMTP id 73FB31A0006 for ; Sun, 22 Jun 2025 05:19:16 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=KcmoXAEi; spf=pass (imf19.hostedemail.com: domain of snovitoll@gmail.com designates 209.85.128.49 as permitted sender) smtp.mailfrom=snovitoll@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750569556; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=xvYslitUMqBt0gBMwySKkrly+VfBVue7PGZMHtctv/o=; b=x+E7HFxAvSEXgrgwLiUbyzN3greOERxMu40L050i5twNZgy0kWwyBiaZfSOnhp//Hd74fO nWJBKjhjNnbJwMwqnFHmJU5t6bBGiadPjglIHDGaZVgQgDV1+4cCIR/LyewcD3AvelKUfS NSeEnNJo7RMiOSA/DpzxA+p642XHoW8= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=KcmoXAEi; spf=pass (imf19.hostedemail.com: domain of snovitoll@gmail.com designates 209.85.128.49 as permitted sender) smtp.mailfrom=snovitoll@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750569556; a=rsa-sha256; cv=none; b=CDz5Fb2r0hj6HL0a//s0yoTyWHIGtEMZBmAwKdLbt29CgAb0BcWP6EUpyvzyNZSrKWBo2Q epOuveDppx/uHU1B7cTX8NMJqHeqc2t9Wt5nJWVO5RVOdRRHJou7bfNGUD+tCYVazjNGaD o46KKJAFHGLwjEIVvIX/o79sf67KZlo= Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-451dbe494d6so35446745e9.1 for ; Sat, 21 Jun 2025 22:19:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750569555; x=1751174355; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=xvYslitUMqBt0gBMwySKkrly+VfBVue7PGZMHtctv/o=; b=KcmoXAEiul+ti57d79pz5ilAGMAKJBSFsE+PUp6irXOLJ1ySsUF18KfjCkRMjl96jg UbwMcz57OqONqmi9LuZLpBvz0E3+pBLLrzTFdAlGBiCdzHEf1U3u0pCfjZBZR5gowR6h Ewaev2iDrL6L0CTs/f2OIqzc6CFj3jyqD4IGFSdklVxTl2hfql0DdJwRKL9wLvzswfIg YiSRj7Y0XqBC3BwA/e7rW+/12g15mzW400hgNaFFcHw2lUoHpQ5X1+OMiK36aDqZf3Ac vtlh/8yJ1KfH3stxI8zxNgPNbhCZPxnJZBMWwBbDVvCOHQnWEXUDdDbxrqLcdr+iIYmL gmxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750569555; x=1751174355; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xvYslitUMqBt0gBMwySKkrly+VfBVue7PGZMHtctv/o=; b=Ni4t03AX14T1O97YNHEucQQGfSHTW3ni9CtDla3icLq+DuVn4gpm03zrBFdOnP5Weu 1FFfZjB+rSRGhx8AE41giJ0mFLIXf8Uqso5JfJWyWBMdUVzA88lyAqVnX55AG9DG6jAg embLqrzG6CKV9Xp+wZhTQ6b59Y4QVgFJRjjlvXZzimYopHPL3aN9svRg9OpKlEeFUPdg ZvX0QUO27V/j37L8Z3H7LGmHS/yWT3MCn5V3Cl4GzxzxBykzM8dXvZPXArMvhZBelAi2 robYk2B434gKkylQLvPiQRNBKm3FgXlkGjbZP49bz1F28BZGBKRmP6q51tXvhn0kG0A+ +uEg== X-Forwarded-Encrypted: i=1; AJvYcCUEdj/SVIR0uuIq0bc5Tozw/IbFeMME7Kg4fjEy0x8kBg+CgV4Cb/sb06J/aA5B3z8pzU4X7JfTMQ==@kvack.org X-Gm-Message-State: AOJu0Yw6apkXbskNU6weZ1qUtX4Ade49z7xZGooUdsXgJttR0+O2hgXz Gj3qNEnEhTE50AOemArfbPeCxZ+uL+8QoY72K8ua3Vr5POjV7z58qY/+ X-Gm-Gg: ASbGncuKRCkPMaVwQvYMO3gRJ9pHNob87G4TJMH0Noo/ricmm8fArvpYaMY2X6Mi/eP Z2A73Uz/xnH8blhYhX/zWI5qAGgXH8T6bBMZVwNHCQQD6hH3mozYP+kZUm4rqgmh/GtEiBxsbcl Pi9M1PQbfAibEO+Eeiw6rwSY1CSC5dJ7NE+BiAcx/t/oO+e+dh8IYJd0SwO1WLR8LSZ9so48sQo rUk91QVQWSgIHIW9xbafaflL93X4urYsTY7+tZr2o1nOrjlvPhyFw4D17O8Qql0LsXyMSskvHor k/fGZ5/hUzEZw0iND2U8xwTTee5obfXuAOx172USReF+2cscJtp50EhziWLDCot7gHRZQ+53Y0w LFlsrrMCcIJxaOb3M6+XaXvWnAN5X770EheSubQkPN0NtPLEBr0wrMqJJ08tbwHZUFVwew34= X-Google-Smtp-Source: AGHT+IG2ItlSP7G+r/LWNbalZIeLjB/48RCjBxhLQj8TTmjNIL6SoIT8uXoqAVp1G28YhdjtzRkkAA== X-Received: by 2002:a05:600c:3b84:b0:441:b698:3431 with SMTP id 5b1f17b1804b1-453659ec191mr67080645e9.28.1750569554647; Sat, 21 Jun 2025 22:19:14 -0700 (PDT) Received: from localhost.localdomain (ec2-3-122-242-201.eu-central-1.compute.amazonaws.com. [3.122.242.201]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45359a09ee6sm60885395e9.1.2025.06.21.22.19.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 21 Jun 2025 22:19:14 -0700 (PDT) From: Sabyrzhan Tasbolatov To: ryabinin.a.a@gmail.com, hch@infradead.org, elver@google.com, arnd@arndb.de, glider@google.com, andreyknvl@gmail.com Cc: dvyukov@google.com, vincenzo.frascino@arm.com, akpm@linux-foundation.org, david@redhat.com, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, snovitoll@gmail.com Subject: [PATCH] mm: unexport globally copy_to_kernel_nofault Date: Sun, 22 Jun 2025 10:19:06 +0500 Message-Id: <20250622051906.67374-1-snovitoll@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Stat-Signature: eddqx79sy89ypo9cjkdsksrkrkcm3nkx X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 73FB31A0006 X-Rspam-User: X-HE-Tag: 1750569556-881284 X-HE-Meta: U2FsdGVkX19qOHkVFjwZimT9hAvfgEKSrBHDu3H2LWnrkYCxvCDP+UsMGhpGc8UO4mKmGYFciuwhhIO6aBT06FL+SNt/3w7ZytFmBc9eLMGrbMYrHHFc1lpsMh61h40Cpl8PWuKnJVTPRdpSFOqn2thA7mHojOFtCJdmjV+cq8bZAzeDcrRRIEXW+eRj3W/1DKGXoHsw0DqlEpvQzvlIrR1OQfVCHv3gmZZ5B44BnCRqyVkb2Ps1pDynZlHgGB4ifIQNEnbH5r6XLdfGaOrNylI1SdEHF25NnAQH4UIIc2Ggyz/EJ56wgpZeVNol6w8jj/xlqnY5aOwzUuz158abqIJrz7PikBWMZq0QsVS6/5Gymjshcb76LQey+wuWI1xkj+YmAxv+Bt61MfL7uJddQ1YMAtr3lkHLm7ghiPYVCja4chUqAJmiyOMQ1LlElVMOjEfZw9vjOSTjxsy7a+k6au37HCnjXJD1Dzg3HvcCL+CiRVmCBM3HrMFyYnWMhRgnbkpuTU4g5kue/4oRJEAk3O3v088GcL2/jpATRwxxEjPZ721eLwCYoUYKDVGTuQ77REfhdRyYX896ozB8d3ixs7GXHh2UpDesOBnbErupvLgMBuNmYYbli7oI2e8vWZ0tKvVcUWVGm7WinNTc6dxFSbrchO703dIjRYF8pOF7YnNP0ub7pV/MTbFCdsrw/+SAyKrDeRQwWTBErLDhvQLSJktu6+7euqJ1NEmN5JCqhaVPhzs2YnTusZx0etjLpPwqSlonzk1QbaEkMUP8cJVYcagFO8C/VhAQJQJUWRHEKfjKmzjXD9M6Mi1wSOE6pMsbw2bL9Bll6mq7xXZOilZIYGdTblzeSHQ/g8Jw2IdeS/RbTOxkumzxv6oqam+s6t7Wij7Nx6bC0nxQXAr07H10fVJhbzRSLL5J2TZsAZRKnIReETcVVxEmWXR+dZ4ylqWEXkxo8FQkJ6voU+8+gd+ Jr3O5WW0 GLphzvccTXlKgy5iN2Wxel9wSaOIlJo/HKNdluaG1N/GTajqqxg5hb00Rux0Giyg5qSa9Z777BapIuRHLtm1sz0zx3tdbxPWSOK9JhLZKL2dEfvIDKab0ADUV+rBZE5ilN+GDb/agVXPRO+YdqGWj7dOUk8r6H7B7tmSlPInn1dSwDZ4gjWrsEOExly3ftqoHRFhxrzmRCeAkNCPNcRFqnfWWxGVbfhG/f8MzSg7ScWe1/1kHyb1uzHKRjPz3lsxZxGBKWx4xqjD5Di8Ff3IVQLc24II8XmkwHrxtzHuUIxGcCw6iIxwtMt/dSCyp8eOQOD5ox/yFjcnvmCrIXILI9G9lbNnPK4YMCYEYZSTHIZuISsKlDQf+58iUwtYInFprf9afzqFMccbmzxrR99nZssSaPTEFGkVCGN53215LxvA658iha8vlsWpLpL35w7SVnD+c1hC1sSXlxWNAB3n4YuDnVTdGWCtQAUfc9bUgU+GEPSqt5yzbkRdCQEBpxEAWFUWyvIoj9qB4/ggAr+RZj/mG55FDSVp6phmTIVHjn/CoRbfV0Z5tUYN5DSZUNnvw42Iax/OhASAR+kXTIcH6yTAXBvBNkwXkF/RDhXPTeYQG0wL6X/dZ5MkW3SdXvv6uoMfu08m8eb9/R/Dj9VB5BNP7KLcgNa0WjkMb7TB91OSYOz7iMVbUuxpXTG7FykCGA4Vh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: `copy_to_kernel_nofault()` is an internal helper which should not be visible to loadable modules – exporting it would give exploit code a cheap oracle to probe kernel addresses. Instead, keep the helper un-exported and compile the kunit case that exercises it only when `mm/kasan/kasan_test.o` is linked into vmlinux. Fixes: ca79a00bb9a8 ("kasan: migrate copy_user_test to kunit") Suggested-by: Christoph Hellwig Suggested-by: Marco Elver Signed-off-by: Sabyrzhan Tasbolatov --- mm/kasan/kasan_test_c.c | 4 ++++ mm/maccess.c | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c index 5f922dd38ffa..094ecd27b707 100644 --- a/mm/kasan/kasan_test_c.c +++ b/mm/kasan/kasan_test_c.c @@ -1977,6 +1977,7 @@ static void rust_uaf(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); } +#ifndef MODULE static void copy_to_kernel_nofault_oob(struct kunit *test) { char *ptr; @@ -2011,6 +2012,7 @@ static void copy_to_kernel_nofault_oob(struct kunit *test) kfree(ptr); } +#endif /* !MODULE */ static void copy_user_test_oob(struct kunit *test) { @@ -2131,7 +2133,9 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(match_all_not_assigned), KUNIT_CASE(match_all_ptr_tag), KUNIT_CASE(match_all_mem_tag), +#ifndef MODULE KUNIT_CASE(copy_to_kernel_nofault_oob), +#endif KUNIT_CASE(rust_uaf), KUNIT_CASE(copy_user_test_oob), {} diff --git a/mm/maccess.c b/mm/maccess.c index 831b4dd7296c..486559d68858 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -82,7 +82,6 @@ long copy_to_kernel_nofault(void *dst, const void *src, size_t size) pagefault_enable(); return -EFAULT; } -EXPORT_SYMBOL_GPL(copy_to_kernel_nofault); long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) { -- 2.34.1