On Mon, Dec 13, 2021 at 12:47:58PM -0800, Kees Cook wrote:
> On Mon, Dec 13, 2021 at 08:27:42PM +0000, Matthew Wilcox wrote:
> > On Mon, Dec 13, 2021 at 07:18:57PM +0000, William Kucharski wrote:
> > > I like these, but a quick question:
> > >
> > > Since the usercopy_abort() calls are all because the offset exceeds the page
> > > size, is there a reason why you don't specifically state that via the detail
> > > parameter rather than just supply a NULL pointer?
> >
> > Hmm ... I'd defer to Kees on this, because I'm not familiar with
> > usercopy_abort() usage, but the only places which use the detail
> > parameter today are slab/slub, which use it to pass the name of
> > the slab. I think the user is supposed to infer that we overran the
> > end of the page based on the offset & length values.
>
> I agree that leaving it NULL is best here. The "detail" is really about
> adding more information about which thing it was, which for slab makes
> sense, but most other stuff there isn't really anything to quickly
> distinguish one from another (i.e. vmap is all vmap).
There _is_ a bit more information in the vmap case (not in the kmap
or compound page case). You can see it in /proc/vmallocinfo. We
could pass it in like this?
if (is_vmalloc_addr(ptr)) {
struct vm_struct *vm = find_vm_area(ptr);
+ char sym[100];
unsigned long offset;
if (!vm) {
..
+ if (vm->caller)
+ snprintf(sym, sizeof(sym), "%pS", vm->caller);
offset = ptr - vm->addr;
if (offset + n > vm->size)
- usercopy_abort("vmalloc", NULL, to_user, offset, n);
+ usercopy_abort("vmalloc", vm->caller ? sym : NULL,
+ to_user, offset, n);
return;
