uaccess: Introduce ucopysize.h

The object size sanity checking macros that uaccess.h and uio.h use
have been living in thread_info.h for historical reasons. Needing to
use jump labels for these checks, however, introduces a header include
loop under certain conditions. The dependencies for the object checking
macros are very limited, but they are used by separate header files,
so introduce a new header that can be used directly by uaccess.h and
uio.h. As a result, this also means thread_info.h (which is rather large)
and be removed from those headers.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202502281153.TG2XK5SI-lkp@intel.com/
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/MAINTAINERS b/MAINTAINERS
index 25c86f47353de25c88291cc7fd6c4e9bfb12d5c4..a1900962ced93be6d9f0ffbfdfc4d5b4c2003a2b 100644 (file)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -12586,6 +12586,7 @@ F:      Documentation/ABI/testing/sysfs-kernel-warn_count
 F:     arch/*/configs/hardening.config
 F:     include/linux/overflow.h
 F:     include/linux/randomize_kstack.h
+F:     include/linux/ucopysize.h
 F:     kernel/configs/hardening.config
 F:     lib/usercopy_kunit.c
 F:     mm/usercopy.c

diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index cf2446c9c30d443de5235f27b160c00cc06a8050..dd925d84fa46c1c45be9e86b6fa5811773c04278 100644 (file)
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -217,54 +217,6 @@ static inline int arch_within_stack_frames(const void * const stack,
 }
 #endif
 
-#ifdef CONFIG_HARDENED_USERCOPY
-extern void __check_object_size(const void *ptr, unsigned long n,
-                                       bool to_user);
-
-static __always_inline void check_object_size(const void *ptr, unsigned long n,
-                                             bool to_user)
-{
-       if (!__builtin_constant_p(n))
-               __check_object_size(ptr, n, to_user);
-}
-#else
-static inline void check_object_size(const void *ptr, unsigned long n,
-                                    bool to_user)
-{ }
-#endif /* CONFIG_HARDENED_USERCOPY */
-
-extern void __compiletime_error("copy source size is too small")
-__bad_copy_from(void);
-extern void __compiletime_error("copy destination size is too small")
-__bad_copy_to(void);
-
-void __copy_overflow(int size, unsigned long count);
-
-static inline void copy_overflow(int size, unsigned long count)
-{
-       if (IS_ENABLED(CONFIG_BUG))
-               __copy_overflow(size, count);
-}
-
-static __always_inline __must_check bool
-check_copy_size(const void *addr, size_t bytes, bool is_source)
-{
-       int sz = __builtin_object_size(addr, 0);
-       if (unlikely(sz >= 0 && sz < bytes)) {
-               if (!__builtin_constant_p(bytes))
-                       copy_overflow(sz, bytes);
-               else if (is_source)
-                       __bad_copy_from();
-               else
-                       __bad_copy_to();
-               return false;
-       }
-       if (WARN_ON_ONCE(bytes > INT_MAX))
-               return false;
-       check_object_size(addr, bytes, is_source);
-       return true;
-}
-
 #ifndef arch_setup_new_exec
 static inline void arch_setup_new_exec(void) { }
 #endif

diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
index e9c702c1908daa61f18645cc6d18f81ddc4ed35e..7c06f4795670466ba3b8213e14976fe996303663 100644 (file)
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -7,7 +7,7 @@
 #include <linux/minmax.h>
 #include <linux/nospec.h>
 #include <linux/sched.h>
-#include <linux/thread_info.h>
+#include <linux/ucopysize.h>
 
 #include <asm/uaccess.h>
 

diff --git a/include/linux/ucopysize.h b/include/linux/ucopysize.h
new file mode 100644 (file)
index 0000000..b3e1b87
--- /dev/null
+++ b/include/linux/ucopysize.h
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* Perform sanity checking for object sizes for uaccess.h and uio.h. */
+#ifndef __LINUX_UCOPYSIZE_H__
+#define __LINUX_UCOPYSIZE_H__
+
+#include <linux/bug.h>
+
+#ifdef CONFIG_HARDENED_USERCOPY
+extern void __check_object_size(const void *ptr, unsigned long n,
+                                       bool to_user);
+
+static __always_inline void check_object_size(const void *ptr, unsigned long n,
+                                             bool to_user)
+{
+       if (!__builtin_constant_p(n))
+               __check_object_size(ptr, n, to_user);
+}
+#else
+static inline void check_object_size(const void *ptr, unsigned long n,
+                                    bool to_user)
+{ }
+#endif /* CONFIG_HARDENED_USERCOPY */
+
+extern void __compiletime_error("copy source size is too small")
+__bad_copy_from(void);
+extern void __compiletime_error("copy destination size is too small")
+__bad_copy_to(void);
+
+void __copy_overflow(int size, unsigned long count);
+
+static inline void copy_overflow(int size, unsigned long count)
+{
+       if (IS_ENABLED(CONFIG_BUG))
+               __copy_overflow(size, count);
+}
+
+static __always_inline __must_check bool
+check_copy_size(const void *addr, size_t bytes, bool is_source)
+{
+       int sz = __builtin_object_size(addr, 0);
+       if (unlikely(sz >= 0 && sz < bytes)) {
+               if (!__builtin_constant_p(bytes))
+                       copy_overflow(sz, bytes);
+               else if (is_source)
+                       __bad_copy_from();
+               else
+                       __bad_copy_to();
+               return false;
+       }
+       if (WARN_ON_ONCE(bytes > INT_MAX))
+               return false;
+       check_object_size(addr, bytes, is_source);
+       return true;
+}
+
+#endif /* __LINUX_UCOPYSIZE_H__ */

diff --git a/include/linux/uio.h b/include/linux/uio.h
index 8ada84e85447aa49f6fbabdcd1143d7ec1f11f0e..49ece9e1888f6546fd963605f2310f8128b5ea7c 100644 (file)
--- a/include/linux/uio.h
+++ b/include/linux/uio.h
@@ -6,8 +6,8 @@
 #define __LINUX_UIO_H
 
 #include <linux/kernel.h>
-#include <linux/thread_info.h>
 #include <linux/mm_types.h>
+#include <linux/ucopysize.h>
 #include <uapi/linux/uio.h>
 
 struct page;

diff --git a/mm/usercopy.c b/mm/usercopy.c
index 83c164aba6e0f697f6c7d34cd930cb67218e3194..16d63bd010aff85a6d4d34b16d7f87a901d283da 100644 (file)
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -17,7 +17,7 @@
 #include <linux/sched.h>
 #include <linux/sched/task.h>
 #include <linux/sched/task_stack.h>
-#include <linux/thread_info.h>
+#include <linux/ucopysize.h>
 #include <linux/vmalloc.h>
 #include <linux/atomic.h>
 #include <linux/jump_label.h>