diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-03 07:22:12 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-03 07:22:12 +0300 |
| commit | 642e7fd23353e22290e3d51719fcb658dc252342 (patch) | |
| tree | 93688d5ff15836d8e5b0e097748f7fabb13a303a /net/compat.c | |
| parent | 21035965f60b0502fc6537b232839389bb4ce664 (diff) | |
| parent | c9a211951c7c79cfb5de888d7d9550872868b086 (diff) | |
| download | linux-642e7fd23353e22290e3d51719fcb658dc252342.tar.xz | |
Merge branch 'syscalls-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux
Pull removal of in-kernel calls to syscalls from Dominik Brodowski:
"System calls are interaction points between userspace and the kernel.
Therefore, system call functions such as sys_xyzzy() or
compat_sys_xyzzy() should only be called from userspace via the
syscall table, but not from elsewhere in the kernel.
At least on 64-bit x86, it will likely be a hard requirement from
v4.17 onwards to not call system call functions in the kernel: It is
better to use use a different calling convention for system calls
there, where struct pt_regs is decoded on-the-fly in a syscall wrapper
which then hands processing over to the actual syscall function. This
means that only those parameters which are actually needed for a
specific syscall are passed on during syscall entry, instead of
filling in six CPU registers with random user space content all the
time (which may cause serious trouble down the call chain). Those
x86-specific patches will be pushed through the x86 tree in the near
future.
Moreover, rules on how data may be accessed may differ between kernel
data and user data. This is another reason why calling sys_xyzzy() is
generally a bad idea, and -- at most -- acceptable in arch-specific
code.
This patchset removes all in-kernel calls to syscall functions in the
kernel with the exception of arch/. On top of this, it cleans up the
three places where many syscalls are referenced or prototyped, namely
kernel/sys_ni.c, include/linux/syscalls.h and include/linux/compat.h"
* 'syscalls-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux: (109 commits)
bpf: whitelist all syscalls for error injection
kernel/sys_ni: remove {sys_,sys_compat} from cond_syscall definitions
kernel/sys_ni: sort cond_syscall() entries
syscalls/x86: auto-create compat_sys_*() prototypes
syscalls: sort syscall prototypes in include/linux/compat.h
net: remove compat_sys_*() prototypes from net/compat.h
syscalls: sort syscall prototypes in include/linux/syscalls.h
kexec: move sys_kexec_load() prototype to syscalls.h
x86/sigreturn: use SYSCALL_DEFINE0
x86: fix sys_sigreturn() return type to be long, not unsigned long
x86/ioport: add ksys_ioperm() helper; remove in-kernel calls to sys_ioperm()
mm: add ksys_readahead() helper; remove in-kernel calls to sys_readahead()
mm: add ksys_mmap_pgoff() helper; remove in-kernel calls to sys_mmap_pgoff()
mm: add ksys_fadvise64_64() helper; remove in-kernel call to sys_fadvise64_64()
fs: add ksys_fallocate() wrapper; remove in-kernel calls to sys_fallocate()
fs: add ksys_p{read,write}64() helpers; remove in-kernel calls to syscalls
fs: add ksys_truncate() wrapper; remove in-kernel calls to sys_truncate()
fs: add ksys_sync_file_range helper(); remove in-kernel calls to syscall
kernel: add ksys_setsid() helper; remove in-kernel call to sys_setsid()
kernel: add ksys_unshare() helper; remove in-kernel calls to sys_unshare()
...
Diffstat (limited to 'net/compat.c')
| -rw-r--r-- | net/compat.c | 136 |
1 files changed, 97 insertions, 39 deletions
diff --git a/net/compat.c b/net/compat.c index 22381719718c..5ae7437d3853 100644 --- a/net/compat.c +++ b/net/compat.c @@ -383,8 +383,8 @@ static int compat_sock_setsockopt(struct socket *sock, int level, int optname, return sock_setsockopt(sock, level, optname, optval, optlen); } -COMPAT_SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname, - char __user *, optval, unsigned int, optlen) +static int __compat_sys_setsockopt(int fd, int level, int optname, + char __user *optval, unsigned int optlen) { int err; struct socket *sock = sockfd_lookup(fd, &err); @@ -410,6 +410,12 @@ COMPAT_SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname, return err; } +COMPAT_SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname, + char __user *, optval, unsigned int, optlen) +{ + return __compat_sys_setsockopt(fd, level, optname, optval, optlen); +} + static int do_get_sock_timeout(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { @@ -503,8 +509,9 @@ int compat_sock_get_timestampns(struct sock *sk, struct timespec __user *usersta } EXPORT_SYMBOL(compat_sock_get_timestampns); -COMPAT_SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname, - char __user *, optval, int __user *, optlen) +static int __compat_sys_getsockopt(int fd, int level, int optname, + char __user *optval, + int __user *optlen) { int err; struct socket *sock = sockfd_lookup(fd, &err); @@ -530,6 +537,12 @@ COMPAT_SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname, return err; } +COMPAT_SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname, + char __user *, optval, int __user *, optlen) +{ + return __compat_sys_getsockopt(fd, level, optname, optval, optlen); +} + struct compat_group_req { __u32 gr_interface; struct __kernel_sockaddr_storage gr_group @@ -734,38 +747,72 @@ static unsigned char nas[21] = { }; #undef AL -COMPAT_SYSCALL_DEFINE3(sendmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags) +static inline long __compat_sys_sendmsg(int fd, + struct compat_msghdr __user *msg, + unsigned int flags) { - return __sys_sendmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT); + return __sys_sendmsg(fd, (struct user_msghdr __user *)msg, + flags | MSG_CMSG_COMPAT, false); +} + +COMPAT_SYSCALL_DEFINE3(sendmsg, int, fd, struct compat_msghdr __user *, msg, + unsigned int, flags) +{ + return __compat_sys_sendmsg(fd, msg, flags); +} + +static inline long __compat_sys_sendmmsg(int fd, + struct compat_mmsghdr __user *mmsg, + unsigned int vlen, unsigned int flags) +{ + return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, + flags | MSG_CMSG_COMPAT, false); } COMPAT_SYSCALL_DEFINE4(sendmmsg, int, fd, struct compat_mmsghdr __user *, mmsg, unsigned int, vlen, unsigned int, flags) { - return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT); + return __compat_sys_sendmmsg(fd, mmsg, vlen, flags); +} + +static inline long __compat_sys_recvmsg(int fd, + struct compat_msghdr __user *msg, + unsigned int flags) +{ + return __sys_recvmsg(fd, (struct user_msghdr __user *)msg, + flags | MSG_CMSG_COMPAT, false); +} + +COMPAT_SYSCALL_DEFINE3(recvmsg, int, fd, struct compat_msghdr __user *, msg, + unsigned int, flags) +{ + return __compat_sys_recvmsg(fd, msg, flags); } -COMPAT_SYSCALL_DEFINE3(recvmsg, int, fd, struct compat_msghdr __user *, msg, unsigned int, flags) +static inline long __compat_sys_recvfrom(int fd, void __user *buf, + compat_size_t len, unsigned int flags, + struct sockaddr __user *addr, + int __user *addrlen) { - return __sys_recvmsg(fd, (struct user_msghdr __user *)msg, flags | MSG_CMSG_COMPAT); + return __sys_recvfrom(fd, buf, len, flags | MSG_CMSG_COMPAT, addr, + addrlen); } COMPAT_SYSCALL_DEFINE4(recv, int, fd, void __user *, buf, compat_size_t, len, unsigned int, flags) { - return sys_recv(fd, buf, len, flags | MSG_CMSG_COMPAT); + return __compat_sys_recvfrom(fd, buf, len, flags, NULL, NULL); } COMPAT_SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, buf, compat_size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int __user *, addrlen) { - return sys_recvfrom(fd, buf, len, flags | MSG_CMSG_COMPAT, addr, addrlen); + return __compat_sys_recvfrom(fd, buf, len, flags, addr, addrlen); } -COMPAT_SYSCALL_DEFINE5(recvmmsg, int, fd, struct compat_mmsghdr __user *, mmsg, - unsigned int, vlen, unsigned int, flags, - struct compat_timespec __user *, timeout) +static int __compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, + unsigned int vlen, unsigned int flags, + struct compat_timespec __user *timeout) { int datagrams; struct timespec ktspec; @@ -785,6 +832,13 @@ COMPAT_SYSCALL_DEFINE5(recvmmsg, int, fd, struct compat_mmsghdr __user *, mmsg, return datagrams; } +COMPAT_SYSCALL_DEFINE5(recvmmsg, int, fd, struct compat_mmsghdr __user *, mmsg, + unsigned int, vlen, unsigned int, flags, + struct compat_timespec __user *, timeout) +{ + return __compat_sys_recvmmsg(fd, mmsg, vlen, flags, timeout); +} + COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args) { u32 a[AUDITSC_ARGS]; @@ -810,68 +864,72 @@ COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args) switch (call) { case SYS_SOCKET: - ret = sys_socket(a0, a1, a[2]); + ret = __sys_socket(a0, a1, a[2]); break; case SYS_BIND: - ret = sys_bind(a0, compat_ptr(a1), a[2]); + ret = __sys_bind(a0, compat_ptr(a1), a[2]); break; case SYS_CONNECT: - ret = sys_connect(a0, compat_ptr(a1), a[2]); + ret = __sys_connect(a0, compat_ptr(a1), a[2]); break; case SYS_LISTEN: - ret = sys_listen(a0, a1); + ret = __sys_listen(a0, a1); break; case SYS_ACCEPT: - ret = sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), 0); + ret = __sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), 0); break; case SYS_GETSOCKNAME: - ret = sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2])); + ret = __sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2])); break; case SYS_GETPEERNAME: - ret = sys_getpeername(a0, compat_ptr(a1), compat_ptr(a[2])); + ret = __sys_getpeername(a0, compat_ptr(a1), compat_ptr(a[2])); break; case SYS_SOCKETPAIR: - ret = sys_socketpair(a0, a1, a[2], compat_ptr(a[3])); + ret = __sys_socketpair(a0, a1, a[2], compat_ptr(a[3])); break; case SYS_SEND: - ret = sys_send(a0, compat_ptr(a1), a[2], a[3]); + ret = __sys_sendto(a0, compat_ptr(a1), a[2], a[3], NULL, 0); break; case SYS_SENDTO: - ret = sys_sendto(a0, compat_ptr(a1), a[2], a[3], compat_ptr(a[4]), a[5]); + ret = __sys_sendto(a0, compat_ptr(a1), a[2], a[3], + compat_ptr(a[4]), a[5]); break; case SYS_RECV: - ret = compat_sys_recv(a0, compat_ptr(a1), a[2], a[3]); + ret = __compat_sys_recvfrom(a0, compat_ptr(a1), a[2], a[3], + NULL, NULL); break; case SYS_RECVFROM: - ret = compat_sys_recvfrom(a0, compat_ptr(a1), a[2], a[3], - compat_ptr(a[4]), compat_ptr(a[5])); + ret = __compat_sys_recvfrom(a0, compat_ptr(a1), a[2], a[3], + compat_ptr(a[4]), + compat_ptr(a[5])); break; case SYS_SHUTDOWN: - ret = sys_shutdown(a0, a1); + ret = __sys_shutdown(a0, a1); break; case SYS_SETSOCKOPT: - ret = compat_sys_setsockopt(a0, a1, a[2], - compat_ptr(a[3]), a[4]); + ret = __compat_sys_setsockopt(a0, a1, a[2], + compat_ptr(a[3]), a[4]); break; case SYS_GETSOCKOPT: - ret = compat_sys_getsockopt(a0, a1, a[2], - compat_ptr(a[3]), compat_ptr(a[4])); + ret = __compat_sys_getsockopt(a0, a1, a[2], + compat_ptr(a[3]), + compat_ptr(a[4])); break; case SYS_SENDMSG: - ret = compat_sys_sendmsg(a0, compat_ptr(a1), a[2]); + ret = __compat_sys_sendmsg(a0, compat_ptr(a1), a[2]); break; case SYS_SENDMMSG: - ret = compat_sys_sendmmsg(a0, compat_ptr(a1), a[2], a[3]); + ret = __compat_sys_sendmmsg(a0, compat_ptr(a1), a[2], a[3]); break; case SYS_RECVMSG: - ret = compat_sys_recvmsg(a0, compat_ptr(a1), a[2]); + ret = __compat_sys_recvmsg(a0, compat_ptr(a1), a[2]); break; case SYS_RECVMMSG: - ret = compat_sys_recvmmsg(a0, compat_ptr(a1), a[2], a[3], - compat_ptr(a[4])); + ret = __compat_sys_recvmmsg(a0, compat_ptr(a1), a[2], a[3], + compat_ptr(a[4])); break; case SYS_ACCEPT4: - ret = sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), a[3]); + ret = __sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), a[3]); break; default: ret = -EINVAL; |