From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AF5DC7115A for ; Sun, 22 Jun 2025 13:00:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 943E86B0095; Sun, 22 Jun 2025 09:00:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8F3A16B0096; Sun, 22 Jun 2025 09:00:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8097D6B0098; Sun, 22 Jun 2025 09:00:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 72B116B0095 for ; Sun, 22 Jun 2025 09:00:49 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id E622FB9E83 for ; Sun, 22 Jun 2025 13:00:48 +0000 (UTC) X-FDA: 83583046176.28.1A9EF8A Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by imf22.hostedemail.com (Postfix) with ESMTP id D0B6AC0012 for ; Sun, 22 Jun 2025 13:00:46 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7sBqsjS; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf22.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.128.44 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750597246; a=rsa-sha256; cv=none; b=eSJjMb7spXHf9NRgWcDv5whe7as6ZUSRRqvZziGg80K39nlEcZHtdjbBYAi2md951m8NP6 /FNSIiHnn5qPKxzT7/ErUKd36Y07//zvR1rsCOgprd9WijvKOPHdYYDVq/lDhpVnreswVj RUEcrAS12PgCkbszxviaJWtmG7OMcf4= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=O7sBqsjS; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf22.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.128.44 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750597246; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fdJCP3IGjFjNpzPk6xWCR4zsn18tfTf8CrLc1ojCZko=; b=otN9z9/Jn8R/EGAUjSQrTL/5DYbeKuFJWUPYwUXcfnXFA3ug55vHUHOng53zHJVmHzhzjH sFmtxmCBMk//nE61K6qEIZ+kElM1S0i/wMMf8bujbLcdU5wNeIAy8tuWWCn+pvqo0GmlXU GnVr4+dallHbLMY0poGWXki8E0q5MKM= Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-441ab63a415so34822145e9.3 for ; Sun, 22 Jun 2025 06:00:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750597245; x=1751202045; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=fdJCP3IGjFjNpzPk6xWCR4zsn18tfTf8CrLc1ojCZko=; b=O7sBqsjSpdfw3g2UPaE3rGjB/LqvbgoZGgw2zyitxc4E9yFwKNYOSuAuSRVWr0YWx+ RyKqYYgsnxW99kG74aU+iUol9YVme4vQS+z70w09XDvS4Fck4g7V1k/Y2eUNJIM3qgOZ 0iuICGf6Bv9qhOurXaAuuilUQZrZQkMrxA2hbveELlZlGQKFo2DZTMxMYGM8X0RA0iNt O4IQgNkcUMf5bHmA/q2Xka4YIfmrfhD/G5eNzjnDJLY1CJHmgp7Q04gAKhPvFG7XqzQw l4g8XPi5cNlBPrZJwLVFj45wOAupYr0gkK1Dy0QYfI77FfUiFfUQvUBGdzsMwx5E/TIX ugng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750597245; x=1751202045; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fdJCP3IGjFjNpzPk6xWCR4zsn18tfTf8CrLc1ojCZko=; b=dCHVxQjZdYuvDrLPrBXFYC+gqR961eU4b4F13JrtFX7uwyCHlCB9kPrGfKiUgbMt4W ek/kAnE+ETvdjb941BeHp2vsXHLVMKNL0y0iX+xvwn9Te+bZwzPcnAwWg3NW6LxRMNQQ WANHqQkebsryhf5eBXpPiUbFT5jaiTOpusA629IEJ6wIB/F3m5rxvk3ApB0y5/JkpRPg LRb0TLpiuu5xGTAI9UbrH7aaM63NMg8Zy618HO5lNy0fdEvo3joswhykgWPQCYn85Dj/ La3NJhxl/eME3tFP3zzLMucaq1Yi2ZO1xZqDgPBx9W6IS8hqmfQ/jShNIyx5158+DCjU TGIA== X-Forwarded-Encrypted: i=1; AJvYcCWmMeHKZZXsU2VaDRMWmsE4QXznBYH+MN26y7o33K97JNfbKHcqIvegZVqjeo6UL+iAmoF8CiWqnQ==@kvack.org X-Gm-Message-State: AOJu0YxSq5tAZ983BuN2JVq121BGZrQ3Fug1iIaUKJOtNPkQlWNVigZE Muct0vGrZu4E1jxpfceBAAe6khrFeKnOzzpHQrOq/+qGuZ0dbD4ioQY1PhnbEOCoMrYBr8aYIvy FDxkwPW6lhEZVmWc2nc9YbhqwSOJm1cc= X-Gm-Gg: ASbGncuEJUUA3pAusbCBZXcWxYY3yRe0DW3PTnOVwAboRFItWjWG4oAtiuhZv27Jdw/ 2hlo0yh1aFdov0uUPS67ZdrE8KsXHVjAHcKa3n7BBgTKFOin9FiHdvsovbBWwvaCtbdwLF2gX+P dpLu08ualXidxF3jMpgSyE6SomjReWSibjIC7fLuCbxxO+NQ== X-Google-Smtp-Source: AGHT+IFzr9f6rWciNyiuAYrcxK+S2hQKO/PfnHre1skviLIkEB9KWSWr2OaKz+9b64I+WBPNt7mrTErmt4hd1Gnn+hY= X-Received: by 2002:a05:600c:c4aa:b0:453:a95:f07d with SMTP id 5b1f17b1804b1-453654cb7b3mr107100065e9.10.1750597244951; Sun, 22 Jun 2025 06:00:44 -0700 (PDT) MIME-Version: 1.0 References: <20250622051906.67374-1-snovitoll@gmail.com> In-Reply-To: <20250622051906.67374-1-snovitoll@gmail.com> From: Andrey Konovalov Date: Sun, 22 Jun 2025 15:00:33 +0200 X-Gm-Features: Ac12FXwDCMDtes9nEuHZSX21IEb-3roo_RAemSxrzaRE-NRx5fyXMcdS_EvWEQc Message-ID: Subject: Re: [PATCH] mm: unexport globally copy_to_kernel_nofault To: Sabyrzhan Tasbolatov Cc: ryabinin.a.a@gmail.com, hch@infradead.org, elver@google.com, arnd@arndb.de, glider@google.com, dvyukov@google.com, vincenzo.frascino@arm.com, akpm@linux-foundation.org, david@redhat.com, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: D0B6AC0012 X-Rspamd-Server: rspam10 X-Stat-Signature: s8quyj4wxierhfwcabtyrfyk1xamqu6j X-HE-Tag: 1750597246-653796 X-HE-Meta: U2FsdGVkX19HP3rLP4qlKWgNHtd/QHMr2hbLRUucUCKQxIwckvxFdAk67yLXD8O0so/RWrINJtlKe8mjYLE9JYbhW7uhNPP52fc4Jz4EjcAqhx33a2hZLngEz/xa/StKCgnL6VAER3gJl9RAQ8H0L+kMJ3hgRwvt0xpTru2m1yuc3yX/yMRt+R65Y/uSI54/nZeh6pTfaIjt6W0jthJ2T6NrcC6ddG5MdKbUp0AomtYxkZyDkz5tbFMCmhPvDojaQMGHInjDbw0QetT6Lv/A9ZmziUNHmCKb/sqTJgnzqWK//i2jH/lXYpQTHjkS5bAqXlL+mIr5dsv/FZ812xcR74+/zLNyg2divhnE4yLxk7QJMH6lb710skcsOEB9xEqpuNW2tPNV9IKbEBcIrjghmakspYnXsaBNSjxg0sX4E/BZisWW96BRbaaRXlj8l+BgOJ9sVcZFO0pgrFLRLoJ7chPmDRMLwv5dvna8je96IVb18UYlAbbdudsSP21RruwHX/6HuJFg2pHVjZShiZm1+R2QNH9eduLZ4oKRETYhoQ7OT4B3/3WpYcvSfR8Jp6v6uXmWNqonjz0Th+eUm3WNtG+rwMlwtue9JlkCFzkn/QJFp8IrCw9ND4tka5JPXzyMfOzQUb7cbqwhX48Z5Kp+A7jLxI2MJIrsj4eLA3I6ikNH0ekVVzGJguRRXH6hxqoZ3lLRYgpIhHN1hR4IIThbVFQP9O66bQYf0QO9bqJlx73eymauTPl9YwX9v3KR+fbAoiTL9w8Xm7CNnzu7WBkh6IM8sCuxDADYnFBnEsdEgtaro6dkoT9diYvJRvGeGm1iwUChhbVyZ7WbSJ49oZC/EsXGpQwQ/wKbOTej+AkilgiF6sP4gr2olAZCg2F3Mecr8AFtxBt55KwiDAh36WDm5w9v6Ut+rNv9B5qqQMmssmminPpdesoWKvtD+ctY/G2xXeCtoMgh0oWazqunff/ CFWwvFU3 LhTojXqgUY4uj/QAJ4pkezIi8UpaWPMb6ea442CMZGBoqMva+h/qAK0S+GyCXw743+BBdjZszAy1xktxG1WqUFSPxzux1XiLTTa624bnisryfIwcPMzbkm7rDX3PpFriWAmKAY5txJE1nUW190xHihEmeQOcenbxDoCb75m3lvuzBqFrxtF5EAP9QtCyhCeu27oMRxdj+rChF4tmlAsQ1/KvGWQDwTpqSFktfM3FFE67rKhYGvD3KOBgK7+T6iZH9/6vRRg0iXpArCV4Cxx+Q3kfyRn69wPhSBajUjuJ0E5JaikAwT0W7/imJjx9BPYWPNrtUDjf+prmV2lKZGHKc4JpHEH32V/VaV23GWNkcDOkxgFEt0xHhA+iNnyITlIMAQPRz5DLCWzI01Hvxpb1YUBem9Vn5T7jp/qQ+GGhb924AWtat4pPOkUeTenLM4/mvpUVhZf74N78axuZ0N2HlbXfKGl9DLZ5gaGgqHGgPQFkgyscQbSCLu8lJ12oL7GYln7MF0M9JwLUYLSoJnUJecl9NJDDchqHrjK73 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, Jun 22, 2025 at 7:19=E2=80=AFAM Sabyrzhan Tasbolatov wrote: > > `copy_to_kernel_nofault()` is an internal helper which should not be > visible to loadable modules =E2=80=93 exporting it would give exploit cod= e a > cheap oracle to probe kernel addresses. Instead, keep the helper > un-exported and compile the kunit case that exercises it only when > `mm/kasan/kasan_test.o` is linked into vmlinux. > > Fixes: ca79a00bb9a8 ("kasan: migrate copy_user_test to kunit") > Suggested-by: Christoph Hellwig > Suggested-by: Marco Elver > Signed-off-by: Sabyrzhan Tasbolatov > --- > mm/kasan/kasan_test_c.c | 4 ++++ > mm/maccess.c | 1 - > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c > index 5f922dd38ffa..094ecd27b707 100644 > --- a/mm/kasan/kasan_test_c.c > +++ b/mm/kasan/kasan_test_c.c > @@ -1977,6 +1977,7 @@ static void rust_uaf(struct kunit *test) > KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf()); > } > > +#ifndef MODULE Would be great to have a comment here explaining the ifndef. > static void copy_to_kernel_nofault_oob(struct kunit *test) > { > char *ptr; > @@ -2011,6 +2012,7 @@ static void copy_to_kernel_nofault_oob(struct kunit= *test) > > kfree(ptr); > } > +#endif /* !MODULE */ > > static void copy_user_test_oob(struct kunit *test) > { > @@ -2131,7 +2133,9 @@ static struct kunit_case kasan_kunit_test_cases[] = =3D { > KUNIT_CASE(match_all_not_assigned), > KUNIT_CASE(match_all_ptr_tag), > KUNIT_CASE(match_all_mem_tag), > +#ifndef MODULE > KUNIT_CASE(copy_to_kernel_nofault_oob), > +#endif > KUNIT_CASE(rust_uaf), > KUNIT_CASE(copy_user_test_oob), > {} > diff --git a/mm/maccess.c b/mm/maccess.c > index 831b4dd7296c..486559d68858 100644 > --- a/mm/maccess.c > +++ b/mm/maccess.c > @@ -82,7 +82,6 @@ long copy_to_kernel_nofault(void *dst, const void *src,= size_t size) > pagefault_enable(); > return -EFAULT; > } > -EXPORT_SYMBOL_GPL(copy_to_kernel_nofault); > > long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, lon= g count) > { > -- > 2.34.1 > Other than that: Reviewed-by: Andrey Konovalov Thank you!