iov_iter/hardening: move object size checks to inlined part

Al Viro · Al Viro · commit aa28de275a24 · 2017-06-29T22:21:22.000-04:00
There we actually have useful information about object sizes.
Note: this patch has them done for all iov_iter flavours.
Right now we do them twice in iovec case, but that'll change
very shortly.

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
diff --git a/include/linux/uio.h b/include/linux/uio.h
@@ -10,6 +10,7 @@
 #define __LINUX_UIO_H
 
 #include <linux/kernel.h>
+#include <linux/thread_info.h>
 #include <uapi/linux/uio.h>
 
 struct page;
@@ -91,11 +92,58 @@ size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
 			 struct iov_iter *i);
 size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
 			 struct iov_iter *i);
-size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i);
-size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i);
-bool copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i);
-size_t copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i);
-bool copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i);
+
+size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i);
+size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i);
+bool _copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i);
+size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i);
+bool _copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i);
+
+static __always_inline __must_check
+size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
+{
+	if (unlikely(!check_copy_size(addr, bytes, true)))
+		return bytes;
+	else
+		return _copy_to_iter(addr, bytes, i);
+}
+
+static __always_inline __must_check
+size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
+{
+	if (unlikely(!check_copy_size(addr, bytes, false)))
+		return bytes;
+	else
+		return _copy_from_iter(addr, bytes, i);
+}
+
+static __always_inline __must_check
+bool copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
+{
+	if (unlikely(!check_copy_size(addr, bytes, false)))
+		return false;
+	else
+		return _copy_from_iter_full(addr, bytes, i);
+}
+
+static __always_inline __must_check
+size_t copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
+{
+	if (unlikely(!check_copy_size(addr, bytes, false)))
+		return bytes;
+	else
+		return _copy_from_iter_nocache(addr, bytes, i);
+}
+
+static __always_inline __must_check
+bool copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
+{
+	if (unlikely(!check_copy_size(addr, bytes, false)))
+		return false;
+	else
+		return _copy_from_iter_full_nocache(addr, bytes, i);
+}
+
 size_t iov_iter_zero(size_t bytes, struct iov_iter *);
 unsigned long iov_iter_alignment(const struct iov_iter *i);
 unsigned long iov_iter_gap_alignment(const struct iov_iter *i);
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
@@ -535,7 +535,7 @@ static size_t copy_pipe_to_iter(const void *addr, size_t bytes,
 	return bytes;
 }
 
-size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
+size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
 {
 	const char *from = addr;
 	if (unlikely(i->type & ITER_PIPE))
@@ -550,9 +550,9 @@ size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
 
 	return bytes;
 }
-EXPORT_SYMBOL(copy_to_iter);
+EXPORT_SYMBOL(_copy_to_iter);
 
-size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
+size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
 {
 	char *to = addr;
 	if (unlikely(i->type & ITER_PIPE)) {
@@ -569,9 +569,9 @@ size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
 
 	return bytes;
 }
-EXPORT_SYMBOL(copy_from_iter);
+EXPORT_SYMBOL(_copy_from_iter);
 
-bool copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
+bool _copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
 {
 	char *to = addr;
 	if (unlikely(i->type & ITER_PIPE)) {
@@ -594,9 +594,9 @@ bool copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
 	iov_iter_advance(i, bytes);
 	return true;
 }
-EXPORT_SYMBOL(copy_from_iter_full);
+EXPORT_SYMBOL(_copy_from_iter_full);
 
-size_t copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
+size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
 {
 	char *to = addr;
 	if (unlikely(i->type & ITER_PIPE)) {
@@ -613,9 +613,9 @@ size_t copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
 
 	return bytes;
 }
-EXPORT_SYMBOL(copy_from_iter_nocache);
+EXPORT_SYMBOL(_copy_from_iter_nocache);
 
-bool copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
+bool _copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
 {
 	char *to = addr;
 	if (unlikely(i->type & ITER_PIPE)) {
@@ -637,7 +637,7 @@ bool copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
 	iov_iter_advance(i, bytes);
 	return true;
 }
-EXPORT_SYMBOL(copy_from_iter_full_nocache);
+EXPORT_SYMBOL(_copy_from_iter_full_nocache);
 
 size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
 			 struct iov_iter *i)
@@ -663,7 +663,7 @@ size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
 	}
 	if (i->type & (ITER_BVEC|ITER_KVEC)) {
 		void *kaddr = kmap_atomic(page);
-		size_t wanted = copy_from_iter(kaddr + offset, bytes, i);
+		size_t wanted = _copy_from_iter(kaddr + offset, bytes, i);
 		kunmap_atomic(kaddr);
 		return wanted;
 	} else

Original file line number	Diff line number	Diff line change
`@@ -535,7 +535,7 @@ static size_t copy_pipe_to_iter(const void *addr, size_t bytes,`
`535`	`535`	`return bytes;`
`536`	`536`	`}`
`537`	`537`
`538`		`-size_t copy_to_iter(const void addr, size_t bytes, struct iov_iter i)`
	`538`	`+size_t _copy_to_iter(const void addr, size_t bytes, struct iov_iter i)`
`539`	`539`	`{`
`540`	`540`	`const char *from = addr;`
`541`	`541`	`if (unlikely(i->type & ITER_PIPE))`
`@@ -550,9 +550,9 @@ size_t copy_to_iter(const void addr, size_t bytes, struct iov_iter i)`
`550`	`550`
`551`	`551`	`return bytes;`
`552`	`552`	`}`
`553`		`-EXPORT_SYMBOL(copy_to_iter);`
	`553`	`+EXPORT_SYMBOL(_copy_to_iter);`
`554`	`554`
`555`		`-size_t copy_from_iter(void addr, size_t bytes, struct iov_iter i)`
	`555`	`+size_t _copy_from_iter(void addr, size_t bytes, struct iov_iter i)`
`556`	`556`	`{`
`557`	`557`	`char *to = addr;`
`558`	`558`	`if (unlikely(i->type & ITER_PIPE)) {`
`@@ -569,9 +569,9 @@ size_t copy_from_iter(void addr, size_t bytes, struct iov_iter i)`
`569`	`569`
`570`	`570`	`return bytes;`
`571`	`571`	`}`
`572`		`-EXPORT_SYMBOL(copy_from_iter);`
	`572`	`+EXPORT_SYMBOL(_copy_from_iter);`
`573`	`573`
`574`		`-bool copy_from_iter_full(void addr, size_t bytes, struct iov_iter i)`
	`574`	`+bool _copy_from_iter_full(void addr, size_t bytes, struct iov_iter i)`
`575`	`575`	`{`
`576`	`576`	`char *to = addr;`
`577`	`577`	`if (unlikely(i->type & ITER_PIPE)) {`
`@@ -594,9 +594,9 @@ bool copy_from_iter_full(void addr, size_t bytes, struct iov_iter i)`
`594`	`594`	`iov_iter_advance(i, bytes);`
`595`	`595`	`return true;`
`596`	`596`	`}`
`597`		`-EXPORT_SYMBOL(copy_from_iter_full);`
	`597`	`+EXPORT_SYMBOL(_copy_from_iter_full);`
`598`	`598`
`599`		`-size_t copy_from_iter_nocache(void addr, size_t bytes, struct iov_iter i)`
	`599`	`+size_t _copy_from_iter_nocache(void addr, size_t bytes, struct iov_iter i)`
`600`	`600`	`{`
`601`	`601`	`char *to = addr;`
`602`	`602`	`if (unlikely(i->type & ITER_PIPE)) {`
`@@ -613,9 +613,9 @@ size_t copy_from_iter_nocache(void addr, size_t bytes, struct iov_iter i)`
`613`	`613`
`614`	`614`	`return bytes;`
`615`	`615`	`}`
`616`		`-EXPORT_SYMBOL(copy_from_iter_nocache);`
	`616`	`+EXPORT_SYMBOL(_copy_from_iter_nocache);`
`617`	`617`
`618`		`-bool copy_from_iter_full_nocache(void addr, size_t bytes, struct iov_iter i)`
	`618`	`+bool _copy_from_iter_full_nocache(void addr, size_t bytes, struct iov_iter i)`
`619`	`619`	`{`
`620`	`620`	`char *to = addr;`
`621`	`621`	`if (unlikely(i->type & ITER_PIPE)) {`
`@@ -637,7 +637,7 @@ bool copy_from_iter_full_nocache(void addr, size_t bytes, struct iov_iter i)`
`637`	`637`	`iov_iter_advance(i, bytes);`
`638`	`638`	`return true;`
`639`	`639`	`}`
`640`		`-EXPORT_SYMBOL(copy_from_iter_full_nocache);`
	`640`	`+EXPORT_SYMBOL(_copy_from_iter_full_nocache);`
`641`	`641`
`642`	`642`	`size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,`
`643`	`643`	`struct iov_iter *i)`
`@@ -663,7 +663,7 @@ size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,`
`663`	`663`	`}`
`664`	`664`	`if (i->type & (ITER_BVEC\|ITER_KVEC)) {`
`665`	`665`	`void *kaddr = kmap_atomic(page);`
`666`		`- size_t wanted = copy_from_iter(kaddr + offset, bytes, i);`
	`666`	`+ size_t wanted = _copy_from_iter(kaddr + offset, bytes, i);`
`667`	`667`	`kunmap_atomic(kaddr);`
`668`	`668`	`return wanted;`
`669`	`669`	`} else`