From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Yygt=KN=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,PDS_BAD_THREAD_QP_64,SPF_HELO_NONE,SPF_PASS autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6EE9CC433ED
	for <linux-mm@archiver.kernel.org>; Tue, 18 May 2021 20:47:44 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id EBCF561261
	for <linux-mm@archiver.kernel.org>; Tue, 18 May 2021 20:47:43 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EBCF561261
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=ACULAB.COM
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 5ADE28E0053; Tue, 18 May 2021 16:47:43 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 55E228E002F; Tue, 18 May 2021 16:47:43 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 425AC8E0053; Tue, 18 May 2021 16:47:43 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0096.hostedemail.com [216.40.44.96])
	by kanga.kvack.org (Postfix) with ESMTP id 0D8698E002F
	for <linux-mm@kvack.org>; Tue, 18 May 2021 16:47:42 -0400 (EDT)
Received: from smtpin33.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 8FBE9824999B
	for <linux-mm@kvack.org>; Tue, 18 May 2021 20:47:42 +0000 (UTC)
X-FDA: 78155537964.33.B768059
Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.86.151])
	by imf22.hostedemail.com (Postfix) with ESMTP id C91B4C000C73
	for <linux-mm@kvack.org>; Tue, 18 May 2021 20:47:40 +0000 (UTC)
Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 uk-mta-225-zZ4PUMaUP8CQ45Z6-Pf8hg-1; Tue, 18 May 2021 21:47:38 +0100
X-MC-Unique: zZ4PUMaUP8CQ45Z6-Pf8hg-1
Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by
 AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP
 Server (TLS) id 15.0.1497.2; Tue, 18 May 2021 21:47:36 +0100
Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by
 AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id
 15.00.1497.015; Tue, 18 May 2021 21:47:36 +0100
From: David Laight <David.Laight@ACULAB.COM>
To: 'Arnd Bergmann' <arnd@kernel.org>, "linux-arch@vger.kernel.org"
	<linux-arch@vger.kernel.org>
CC: Arnd Bergmann <arnd@arndb.de>, Christoph Hellwig <hch@infradead.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, Andrew Morton
	<akpm@linux-foundation.org>, Borislav Petkov <bp@alien8.de>, Brian Gerst
	<brgerst@gmail.com>, Eric Biederman <ebiederm@xmission.com>, Ingo Molnar
	<mingo@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner
	<tglx@linutronix.de>, Linux ARM <linux-arm-kernel@lists.infradead.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, Linux-MM
	<linux-mm@kvack.org>, "kexec@lists.infradead.org" <kexec@lists.infradead.org>
Subject: RE: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load
Thread-Topic: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load
Thread-Index: AQHXS1wVPpN9Wz+83EGX6Ch7EQlMgqrptkWg
Date: Tue, 18 May 2021 20:47:36 +0000
Message-ID: <dcc79c4336234b6a84b597e0e39d65d0@AcuMS.aculab.com>
References: <20210517203343.3941777-1-arnd@kernel.org>
 <20210517203343.3941777-2-arnd@kernel.org>
In-Reply-To: <20210517203343.3941777-2-arnd@kernel.org>
Accept-Language: en-GB, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.202.205.107]
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: aculab.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: C91B4C000C73
Authentication-Results: imf22.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=ACULAB.COM;
	spf=pass (imf22.hostedemail.com: domain of david.laight@aculab.com designates 185.58.86.151 as permitted sender) smtp.mailfrom=david.laight@aculab.com
X-Rspamd-Server: rspam04
X-Stat-Signature: bqm4y4e4m9zkf9zfdi3b56fdtbettwh6
X-HE-Tag: 1621370860-212588
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

From: Arnd Bergmann
> Sent: 17 May 2021 21:34
>=20
> The compat version of sys_kexec_load() uses compat_alloc_user_space to
> convert the user-provided arguments into the native format.
>=20
> Move the conversion into the regular implementation with
> an in_compat_syscall() check to simplify it and avoid the
> compat_alloc_user_space() call.
>=20
> compat_sys_kexec_load() now behaves the same as sys_kexec_load().
>=20
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  include/linux/kexec.h |  2 -
>  kernel/kexec.c        | 95 +++++++++++++++++++------------------------
>  2 files changed, 42 insertions(+), 55 deletions(-)
>=20
> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index 0c994ae37729..f61e310d7a85 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -88,14 +88,12 @@ struct kexec_segment {
>  =09size_t memsz;
>  };
>=20
> -#ifdef CONFIG_COMPAT
>  struct compat_kexec_segment {
>  =09compat_uptr_t buf;
>  =09compat_size_t bufsz;
>  =09compat_ulong_t mem;=09/* User space sees this as a (void *) ... */
>  =09compat_size_t memsz;
>  };
> -#endif
>=20
>  #ifdef CONFIG_KEXEC_FILE
>  struct purgatory_info {
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index c82c6c06f051..6618b1d9f00b 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -19,21 +19,46 @@
>=20
>  #include "kexec_internal.h"
>=20
> +static int copy_user_compat_segment_list(struct kimage *image,
> +=09=09=09=09=09 unsigned long nr_segments,
> +=09=09=09=09=09 void __user *segments)
> +{
> +=09struct compat_kexec_segment __user *cs =3D segments;
> +=09struct compat_kexec_segment segment;
> +=09int i;
> +
> +=09for (i =3D 0; i < nr_segments; i++) {
> +=09=09if (copy_from_user(&segment, &cs[i], sizeof(segment)))
> +=09=09=09return -EFAULT;

How many segments are there?
The multiple copy_from_user() will be slow.

> +
> +=09=09image->segment[i] =3D (struct kexec_segment) {
> +=09=09=09.buf   =3D compat_ptr(segment.buf),
> +=09=09=09.bufsz =3D segment.bufsz,
> +=09=09=09.mem   =3D segment.mem,
> +=09=09=09.memsz =3D segment.memsz,
> +=09=09};
> +=09}
> +
> +=09return 0;
> +}
> +
> +
>  static int copy_user_segment_list(struct kimage *image,
>  =09=09=09=09  unsigned long nr_segments,
>  =09=09=09=09  struct kexec_segment __user *segments)
>  {
> -=09int ret;
>  =09size_t segment_bytes;
>=20
>  =09/* Read in the segments */
>  =09image->nr_segments =3D nr_segments;
>  =09segment_bytes =3D nr_segments * sizeof(*segments);

Should there be a bound check on nr_segments?
I can't see one in the code in this patch.

> -=09ret =3D copy_from_user(image->segment, segments, segment_bytes);
> -=09if (ret)
> -=09=09ret =3D -EFAULT;
> +=09if (in_compat_syscall())
> +=09=09return copy_user_compat_segment_list(image, nr_segments, segments)=
;
>=20
> -=09return ret;
> +=09if (copy_from_user(image->segment, segments, segment_bytes))
> +=09=09return -EFAULT;
> +
> +=09return 0;

An alternate sequence (which Eric will like even less!) is to
do a single copy_from_user() for the entire compat size array
into the 'normal' buffer and then do a reverse order conversion
of each array entry from 'compat' to '64 bit'.

=09David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1=
PT, UK
Registration No: 1397386 (Wales)