On 31/08/2023 16:25, Luca Vizzarro wrote:
Hello!
Here is patch series v5 incoming for the explicit capability checking series for issue #7[1].
This patch series can be found on my fork[2].
Kind regards, Luca
[1] https://git.morello-project.org/morello/kernel/linux/-/issues/7 [2] https://git.morello-project.org/Sevenarth/linux/-/commits/morello/gup-checks...
v5:
- rephrased commit descriptions
- changed explicit checks for the USB code to be performed only when performing DMA transfers
v4:
- rebased onto morello/next
- rephrased commit descriptions and notes left in the code
- signature of first_iovec_segment has been updated to return a pointer instead of an address and the appropriate changes have been made
- read+write checks have been combined together in the same if statement
- unlikely check has been removed where appropriate
- the USB User Request Block buffer is now checked against both write and read permissions according to the transfer direction as indicated by is_in
- a leftover from v2 at io_uring/rsrc.c:1249 has been reverted back to original
v3:
- rebased onto morello/next
- amended commit description for "gup: Add explicit capability checks"
- refactored mm/gup.c
- refactored lib/iov_iter.c
- removed bpf patch
- moved USB Request Block explicit check to proc_do_submiturb
- removed explicit check in get_futex_key
- changed prototype of io_uring_cmd_import_fixed and io_import_fixed to use a pointer type and adjusted the relevant castings
- fixed io_uring_cmd_import_fixed prototype for !defined(CONFIG_IO_URING)
- refactored explicit check in io_uring/kbuf.c:io_register_pbuf_ring(..)
- removed explicit check from io_uring/kbuf.c:io_add_buffers(..)
- rephrased the no explicit check needed note in io_sqe_buffer_register
- reverted "struct io_mapped_ubuf" to use u64
- removed explicit check from io_uring_cmd_prep
- updated TODO for the NVMe driver
Luca Vizzarro (7): gup: Add explicit capability checks iov_iter: Add explicit capability checks usb: core: Fix copy of URB from userspace usb: core: Add explicit capability checks futex: Add explicit capability checks io_uring: Add explicit capability checks nvme: Add TODO for PCuABI implementation
Looking good, now applied on next, thanks!
I made a couple of tweaks to commit messages: in patch 4, clarified that DMA is not necessarily used to copy the data, and in patch 6, added a reference to the PCuABI spec.
Running the liburing tests returned a few -EFAULT failures, which turned out to be caused by invalid casts in liburing. This shows that explicit checking works as expected; all tests pass after fixing the casts.
Kevin
drivers/nvme/host/ioctl.c | 1 + drivers/usb/core/devio.c | 10 ++++++++-- include/linux/io_uring.h | 6 +++--- include/linux/pagemap.h | 2 +- io_uring/kbuf.c | 26 +++++++++++++------------- io_uring/net.c | 3 +-- io_uring/rsrc.c | 14 ++++++++++++-- io_uring/rsrc.h | 2 +- io_uring/rw.c | 3 +-- io_uring/uring_cmd.c | 2 +- kernel/futex/core.c | 11 ++++++++--- lib/iov_iter.c | 31 ++++++++++++++++++++++++------- mm/gup.c | 6 ++++-- 13 files changed, 78 insertions(+), 39 deletions(-)