Source of usercopy.c - linux-imx - PHYTEC BitBucket (Stash)

Raw file
Source viewDiff to previous
​x
 
/*
 * This implements the various checks for CONFIG_HARDENED_USERCOPY*,
 * which are designed to protect kernel memory from needless exposure
 * and overwrite under many unintended conditions. This code is based
 * on PAX_USERCOPY, which is:
 *
 * Copyright (C) 2001-2016 PaX Team, Bradley Spengler, Open Source
 * Security Inc.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
​
#include <linux/mm.h>
#include <linux/slab.h>
#include <linux/sched.h>
#include <linux/sched/task.h>
#include <linux/sched/task_stack.h>
#include <linux/thread_info.h>
#include <linux/atomic.h>
#include <linux/jump_label.h>
#include <asm/sections.h>
​
/*
 * Checks if a given pointer and length is contained by the current
 * stack frame (if possible).
 *
 * Returns:
 *  NOT_STACK: not at all on the stack
 *  GOOD_FRAME: fully within a valid stack frame
 *  GOOD_STACK: fully on the stack (when can't do frame-checking)
 *  BAD_STACK: error condition (invalid stack position or bad stack frame)
 */
static noinline int check_stack_object(const void *obj, unsigned long len)
{
    const void * const stack = task_stack_page(current);
    const void * const stackend = stack + THREAD_SIZE;
    int ret;
​
    /* Object is not on the stack at all. */
    if (obj + len <= stack || stackend <= obj)
        return NOT_STACK;
​
    /*
     * Reject: object partially overlaps the stack (passing the
     * the check above means at least one end is within the stack,
     * so if this check fails, the other end is outside the stack).
     */
    if (obj < stack || stackend < obj + len)
        return BAD_STACK;
​
    /* Check if object is safely within a valid frame. */
    ret = arch_within_stack_frames(stack, stackend, obj, len);
    if (ret)
        return ret;
​
    return GOOD_STACK;
}
​
/*
 * If these functions are reached, then CONFIG_HARDENED_USERCOPY has found
 * an unexpected state during a copy_from_user() or copy_to_user() call.
 * There are several checks being performed on the buffer by the
 * __check_object_size() function. Normal stack buffer usage should never
 * trip the checks, and kernel text addressing will always trip the check.
 * For cache objects, it is checking that only the whitelisted range of
 * bytes for a given cache is being accessed (via the cache's usersize and
 * useroffset fields). To adjust a cache whitelist, use the usercopy-aware
 * kmem_cache_create_usercopy() function to create the cache (and
 * carefully audit the whitelist range).
 */
void usercopy_warn(const char *name, const char *detail, bool to_user,
           unsigned long offset, unsigned long len)
{
    WARN_ONCE(1, "Bad or missing usercopy whitelist? Kernel memory %s attempt detected %s %s%s%s%s (offset %lu, size %lu)!\n",
         to_user ? "exposure" : "overwrite",
         to_user ? "from" : "to",
         name ? : "unknown?!",
         detail ? " '" : "", detail ? : "", detail ? "'" : "",
         offset, len);
}
​
void __noreturn usercopy_abort(const char *name, const char *detail,
                   bool to_user, unsigned long offset,
                   unsigned long len)
{
    pr_emerg("Kernel memory %s attempt detected %s %s%s%s%s (offset %lu, size %lu)!\n",
         to_user ? "exposure" : "overwrite",
         to_user ? "from" : "to",