--- /dev/null
+From cbacea6e6ec4db7ba8567077ee52a5532780425d Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Date: Thu, 1 Feb 2018 21:00:49 +0300
+Subject: compiler.h: Add read_word_at_a_time() function.
+
+[ Upstream commit 7f1e541fc8d57a143dd5df1d0a1276046e08c083 ]
+
+Sometimes we know that it's safe to do potentially out-of-bounds access
+because we know it won't cross a page boundary. Still, KASAN will
+report this as a bug.
+
+Add read_word_at_a_time() function which is supposed to be used in such
+cases. In read_word_at_a_time() KASAN performs relaxed check - only the
+first byte of access is validated.
+
+Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/compiler.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/include/linux/compiler.h b/include/linux/compiler.h
+index f490d8d93ec3..f84d332085c3 100644
+--- a/include/linux/compiler.h
++++ b/include/linux/compiler.h
+@@ -238,6 +238,7 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+ * required ordering.
+ */
+ #include <asm/barrier.h>
++#include <linux/kasan-checks.h>
+
+ #define __READ_ONCE(x, check) \
+ ({ \
+@@ -257,6 +258,13 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+ */
+ #define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
+
++static __no_kasan_or_inline
++unsigned long read_word_at_a_time(const void *addr)
++{
++ kasan_check_read(addr, 1);
++ return *(unsigned long *)addr;
++}
++
+ #define WRITE_ONCE(x, val) \
+ ({ \
+ union { typeof(x) __val; char __c[1]; } __u = \
+--
+2.20.1
+
--- /dev/null
+From 70f2f9bd8a7c3591180bc4d37e27a629fc142dc6 Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Date: Thu, 1 Feb 2018 21:00:48 +0300
+Subject: compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
+
+[ Upstream commit bdb5ac801af3d81d36732c2f640d6a1d3df83826 ]
+
+Instead of having two identical __read_once_size_nocheck() functions
+with different attributes, consolidate all the difference in new macro
+__no_kasan_or_inline and use it. No functional changes.
+
+Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/compiler.h | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/include/linux/compiler.h b/include/linux/compiler.h
+index a704d032713b..f490d8d93ec3 100644
+--- a/include/linux/compiler.h
++++ b/include/linux/compiler.h
+@@ -185,23 +185,21 @@ void __read_once_size(const volatile void *p, void *res, int size)
+
+ #ifdef CONFIG_KASAN
+ /*
+- * This function is not 'inline' because __no_sanitize_address confilcts
++ * We can't declare function 'inline' because __no_sanitize_address confilcts
+ * with inlining. Attempt to inline it may cause a build failure.
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
+ * '__maybe_unused' allows us to avoid defined-but-not-used warnings.
+ */
+-static __no_sanitize_address __maybe_unused
+-void __read_once_size_nocheck(const volatile void *p, void *res, int size)
+-{
+- __READ_ONCE_SIZE;
+-}
++# define __no_kasan_or_inline __no_sanitize_address __maybe_unused
+ #else
+-static __always_inline
++# define __no_kasan_or_inline __always_inline
++#endif
++
++static __no_kasan_or_inline
+ void __read_once_size_nocheck(const volatile void *p, void *res, int size)
+ {
+ __READ_ONCE_SIZE;
+ }
+-#endif
+
+ static __always_inline void __write_once_size(volatile void *p, void *res, int size)
+ {
+--
+2.20.1
+
--- /dev/null
+From e2c336969a279c72c0a653a203c06ec42d884d7f Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Date: Thu, 1 Feb 2018 21:00:50 +0300
+Subject: lib/strscpy: Shut up KASAN false-positives in strscpy()
+
+[ Upstream commit 1a3241ff10d038ecd096d03380327f2a0b5840a6 ]
+
+strscpy() performs the word-at-a-time optimistic reads. So it may may
+access the memory past the end of the object, which is perfectly fine
+since strscpy() doesn't use that (past-the-end) data and makes sure the
+optimistic read won't cross a page boundary.
+
+Use new read_word_at_a_time() to shut up the KASAN.
+
+Note that this potentially could hide some bugs. In example bellow,
+stscpy() will copy more than we should (1-3 extra uninitialized bytes):
+
+ char dst[8];
+ char *src;
+
+ src = kmalloc(5, GFP_KERNEL);
+ memset(src, 0xff, 5);
+ strscpy(dst, src, 8);
+
+Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ lib/string.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/string.c b/lib/string.c
+index 1530643edf00..33befc6ba3fa 100644
+--- a/lib/string.c
++++ b/lib/string.c
+@@ -203,7 +203,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
+ while (max >= sizeof(unsigned long)) {
+ unsigned long c, data;
+
+- c = *(unsigned long *)(src+res);
++ c = read_word_at_a_time(src+res);
+ if (has_zero(c, &data, &constants)) {
+ data = prep_zero_mask(c, data, &constants);
+ data = create_zero_mask(data);
+--
+2.20.1
+
net-mvmdio-allow-up-to-four-clocks-to-be-specified-for-orion-mdio.patch
dt-bindings-allow-up-to-four-clocks-for-orion-mdio.patch
dm-bufio-fix-deadlock-with-loop-device.patch
+compiler.h-kasan-avoid-duplicating-__read_once_size_.patch
+compiler.h-add-read_word_at_a_time-function.patch
+lib-strscpy-shut-up-kasan-false-positives-in-strscpy.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
