From ce1831fe2febf7a3a03fda43b41d7589caa022cd Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Sun, 12 Feb 2023 20:32:04 +0100 Subject: um: add __weak for exported functions If the exported glibc functions don't exist, we get link failures. Avoid that by adding __weak so they're allowed to not exist. Reported-by: Randy Dunlap Signed-off-by: Johannes Berg Acked-by: Randy Dunlap Tested-by: Randy Dunlap Signed-off-by: Richard Weinberger --- arch/um/os-Linux/user_syms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch') diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c index fd575ecbcaec..54722c7f884f 100644 --- a/arch/um/os-Linux/user_syms.c +++ b/arch/um/os-Linux/user_syms.c @@ -39,7 +39,7 @@ EXPORT_SYMBOL(printf); * good; so the versions of these symbols will always match */ #define EXPORT_SYMBOL_PROTO(sym) \ - int sym(void); \ + int sym(void) __weak; \ EXPORT_SYMBOL(sym); extern void readdir64(void) __attribute__((weak)); -- cgit v1.2.3 From 8c6174503c7b7134c22072b45f92724c8a959f06 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 10 Feb 2023 22:05:08 +0100 Subject: um: hostfs: define our own API boundary Instead of exporting the set of functions provided by glibc that are needed for hostfs_user.c, just build that into the kernel image whenever hostfs is built, and then export _those_ functions cleanly, to be independent of the libc implementation. Signed-off-by: Johannes Berg Signed-off-by: Richard Weinberger --- arch/um/os-Linux/user_syms.c | 70 -------------------------------------------- 1 file changed, 70 deletions(-) (limited to 'arch') diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c index 54722c7f884f..22ed13a9b3e7 100644 --- a/arch/um/os-Linux/user_syms.c +++ b/arch/um/os-Linux/user_syms.c @@ -34,81 +34,11 @@ EXPORT_SYMBOL(memset); EXPORT_SYMBOL(printf); -/* Here, instead, I can provide a fake prototype. Yes, someone cares: genksyms. - * However, the modules will use the CRC defined *here*, no matter if it is - * good; so the versions of these symbols will always match - */ -#define EXPORT_SYMBOL_PROTO(sym) \ - int sym(void) __weak; \ - EXPORT_SYMBOL(sym); - -extern void readdir64(void) __attribute__((weak)); -EXPORT_SYMBOL(readdir64); -extern void truncate64(void) __attribute__((weak)); -EXPORT_SYMBOL(truncate64); - #ifdef CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA EXPORT_SYMBOL(vsyscall_ehdr); EXPORT_SYMBOL(vsyscall_end); #endif -EXPORT_SYMBOL_PROTO(__errno_location); - -EXPORT_SYMBOL_PROTO(access); -EXPORT_SYMBOL_PROTO(open); -EXPORT_SYMBOL_PROTO(open64); -EXPORT_SYMBOL_PROTO(close); -EXPORT_SYMBOL_PROTO(read); -EXPORT_SYMBOL_PROTO(write); -EXPORT_SYMBOL_PROTO(dup2); -EXPORT_SYMBOL_PROTO(__xstat); -EXPORT_SYMBOL_PROTO(__lxstat); -EXPORT_SYMBOL_PROTO(__lxstat64); -EXPORT_SYMBOL_PROTO(__fxstat64); -EXPORT_SYMBOL_PROTO(lseek); -EXPORT_SYMBOL_PROTO(lseek64); -EXPORT_SYMBOL_PROTO(chown); -EXPORT_SYMBOL_PROTO(fchown); -EXPORT_SYMBOL_PROTO(truncate); -EXPORT_SYMBOL_PROTO(ftruncate64); -EXPORT_SYMBOL_PROTO(utime); -EXPORT_SYMBOL_PROTO(utimes); -EXPORT_SYMBOL_PROTO(futimes); -EXPORT_SYMBOL_PROTO(chmod); -EXPORT_SYMBOL_PROTO(fchmod); -EXPORT_SYMBOL_PROTO(rename); -EXPORT_SYMBOL_PROTO(__xmknod); - -EXPORT_SYMBOL_PROTO(symlink); -EXPORT_SYMBOL_PROTO(link); -EXPORT_SYMBOL_PROTO(unlink); -EXPORT_SYMBOL_PROTO(readlink); - -EXPORT_SYMBOL_PROTO(mkdir); -EXPORT_SYMBOL_PROTO(rmdir); -EXPORT_SYMBOL_PROTO(opendir); -EXPORT_SYMBOL_PROTO(readdir); -EXPORT_SYMBOL_PROTO(closedir); -EXPORT_SYMBOL_PROTO(seekdir); -EXPORT_SYMBOL_PROTO(telldir); - -EXPORT_SYMBOL_PROTO(ioctl); - -EXPORT_SYMBOL_PROTO(pread64); -EXPORT_SYMBOL_PROTO(pwrite64); - -EXPORT_SYMBOL_PROTO(statfs); -EXPORT_SYMBOL_PROTO(statfs64); - -EXPORT_SYMBOL_PROTO(getuid); - -EXPORT_SYMBOL_PROTO(fsync); -EXPORT_SYMBOL_PROTO(fdatasync); - -EXPORT_SYMBOL_PROTO(lstat64); -EXPORT_SYMBOL_PROTO(fstat64); -EXPORT_SYMBOL_PROTO(mknod); - /* Export symbols used by GCC for the stack protector. */ extern void __stack_smash_handler(void *) __attribute__((weak)); EXPORT_SYMBOL(__stack_smash_handler); -- cgit v1.2.3 From 6d708d1a0d81fe85a114766ff6beb3037fa77429 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 10 Feb 2023 22:05:09 +0100 Subject: um: don't export printf() Since printf() cannot be used in kernel threads (it uses too much stack space) don't export it for modules either. This should leave us exporting only things that are absolutely critical (such as memset and friends) and things that are injected by the compiler (stack guard and similar.) Signed-off-by: Johannes Berg Signed-off-by: Richard Weinberger --- arch/um/os-Linux/user_syms.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'arch') diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c index 22ed13a9b3e7..1e9e92740b32 100644 --- a/arch/um/os-Linux/user_syms.c +++ b/arch/um/os-Linux/user_syms.c @@ -18,7 +18,6 @@ extern size_t strlen(const char *); extern void *memmove(void *, const void *, size_t); extern void *memset(void *, int, size_t); -extern int printf(const char *, ...); /* If it's not defined, the export is included in lib/string.c.*/ #ifdef __HAVE_ARCH_STRSTR @@ -32,8 +31,6 @@ EXPORT_SYMBOL(memmove); EXPORT_SYMBOL(memset); #endif -EXPORT_SYMBOL(printf); - #ifdef CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA EXPORT_SYMBOL(vsyscall_ehdr); EXPORT_SYMBOL(vsyscall_end); -- cgit v1.2.3 From 5d90cf6dcc6a4cb85a51ffe007a8e34375799164 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 10 Feb 2023 22:05:10 +0100 Subject: um: further clean up user_syms Make some cleanups, add and fix some comments and document here that we shouldn't export (libc) symbols for "_user.c" code, rather such should work like hostfs does now. Signed-off-by: Johannes Berg Signed-off-by: Richard Weinberger --- arch/um/os-Linux/user_syms.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) (limited to 'arch') diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c index 1e9e92740b32..9b62a9d352b3 100644 --- a/arch/um/os-Linux/user_syms.c +++ b/arch/um/os-Linux/user_syms.c @@ -3,35 +3,36 @@ #include #include -/* Some of this are builtin function (some are not but could in the future), - * so I *must* declare good prototypes for them and then EXPORT them. - * The kernel code uses the macro defined by include/linux/string.h, - * so I undef macros; the userspace code does not include that and I - * add an EXPORT for the glibc one. +/* + * This file exports some critical string functions and compiler + * built-in functions (where calls are emitted by the compiler + * itself that we cannot avoid even in kernel code) to modules. + * + * "_user.c" code that previously used exports here such as hostfs + * really should be considered part of the 'hypervisor' and define + * its own API boundary like hostfs does now; don't add exports to + * this file for such cases. */ -#undef strlen -#undef strstr -#undef memcpy -#undef memset - -extern size_t strlen(const char *); -extern void *memmove(void *, const void *, size_t); -extern void *memset(void *, int, size_t); - /* If it's not defined, the export is included in lib/string.c.*/ #ifdef __HAVE_ARCH_STRSTR +#undef strstr EXPORT_SYMBOL(strstr); #endif #ifndef __x86_64__ +#undef memcpy extern void *memcpy(void *, const void *, size_t); EXPORT_SYMBOL(memcpy); +extern void *memmove(void *, const void *, size_t); EXPORT_SYMBOL(memmove); +#undef memset +extern void *memset(void *, int, size_t); EXPORT_SYMBOL(memset); #endif #ifdef CONFIG_ARCH_REUSE_HOST_VSYSCALL_AREA +/* needed for __access_ok() */ EXPORT_SYMBOL(vsyscall_ehdr); EXPORT_SYMBOL(vsyscall_end); #endif @@ -44,6 +45,6 @@ extern long __guard __attribute__((weak)); EXPORT_SYMBOL(__guard); #ifdef _FORTIFY_SOURCE -extern int __sprintf_chk(char *str, int flag, size_t strlen, const char *format); +extern int __sprintf_chk(char *str, int flag, size_t len, const char *format); EXPORT_SYMBOL(__sprintf_chk); #endif -- cgit v1.2.3 From fc54a4f15988e228cf88f888483e985c5f35031e Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 10 Feb 2023 22:05:11 +0100 Subject: um: prevent user code in modules By not doing the user code cflags mangling we can simply break the build for any user code sneaking into modules. Signed-off-by: Johannes Berg Signed-off-by: Richard Weinberger --- arch/um/scripts/Makefile.rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'arch') diff --git a/arch/um/scripts/Makefile.rules b/arch/um/scripts/Makefile.rules index a4dfa7d7636e..a8b7d9dab0a6 100644 --- a/arch/um/scripts/Makefile.rules +++ b/arch/um/scripts/Makefile.rules @@ -4,8 +4,8 @@ # =========================================================================== USER_SINGLE_OBJS := \ - $(foreach f,$(patsubst %.o,%,$(obj-y) $(obj-m)),$($(f)-objs)) -USER_OBJS += $(filter %_user.o,$(obj-y) $(obj-m) $(USER_SINGLE_OBJS)) + $(foreach f,$(patsubst %.o,%,$(obj-y)),$($(f)-objs)) +USER_OBJS += $(filter %_user.o,$(obj-y) $(USER_SINGLE_OBJS)) USER_OBJS := $(foreach file,$(USER_OBJS),$(obj)/$(file)) $(USER_OBJS:.o=.%): \ -- cgit v1.2.3 From 6032aca0deb9c138df122192f8ef02de1fdccf25 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Fri, 14 Apr 2023 15:46:39 +0200 Subject: um: make stub data pages size tweakable There's a lot of code here that hard-codes that the data is a single page, and right now that seems to be sufficient, but to make it easier to change this in the future, add a new STUB_DATA_PAGES constant and use it throughout the code. Signed-off-by: Johannes Berg Signed-off-by: Richard Weinberger --- arch/um/include/shared/as-layout.h | 3 ++- arch/um/kernel/skas/clone.c | 5 +++-- arch/um/kernel/skas/mmu.c | 6 +++--- arch/um/kernel/um_arch.c | 10 +++++++--- arch/um/os-Linux/skas/process.c | 6 +++--- arch/x86/um/shared/sysdep/stub_32.h | 8 ++++---- arch/x86/um/shared/sysdep/stub_64.h | 8 ++++---- arch/x86/um/stub_segv.c | 2 +- 8 files changed, 27 insertions(+), 21 deletions(-) (limited to 'arch') diff --git a/arch/um/include/shared/as-layout.h b/arch/um/include/shared/as-layout.h index 9a0bd648d872..9ec3015bc5e2 100644 --- a/arch/um/include/shared/as-layout.h +++ b/arch/um/include/shared/as-layout.h @@ -23,7 +23,8 @@ #define STUB_START stub_start #define STUB_CODE STUB_START #define STUB_DATA (STUB_CODE + UM_KERN_PAGE_SIZE) -#define STUB_END (STUB_DATA + UM_KERN_PAGE_SIZE) +#define STUB_DATA_PAGES 1 /* must be a power of two */ +#define STUB_END (STUB_DATA + STUB_DATA_PAGES * UM_KERN_PAGE_SIZE) #ifndef __ASSEMBLY__ diff --git a/arch/um/kernel/skas/clone.c b/arch/um/kernel/skas/clone.c index ff5061f29167..62435187dda4 100644 --- a/arch/um/kernel/skas/clone.c +++ b/arch/um/kernel/skas/clone.c @@ -24,11 +24,12 @@ void __attribute__ ((__section__ (".__syscall_stub"))) stub_clone_handler(void) { - struct stub_data *data = get_stub_page(); + struct stub_data *data = get_stub_data(); long err; err = stub_syscall2(__NR_clone, CLONE_PARENT | CLONE_FILES | SIGCHLD, - (unsigned long)data + UM_KERN_PAGE_SIZE / 2); + (unsigned long)data + + STUB_DATA_PAGES * UM_KERN_PAGE_SIZE / 2); if (err) { data->parent_err = err; goto done; diff --git a/arch/um/kernel/skas/mmu.c b/arch/um/kernel/skas/mmu.c index 125df465e8ea..656fe16c9b63 100644 --- a/arch/um/kernel/skas/mmu.c +++ b/arch/um/kernel/skas/mmu.c @@ -21,7 +21,7 @@ int init_new_context(struct task_struct *task, struct mm_struct *mm) unsigned long stack = 0; int ret = -ENOMEM; - stack = get_zeroed_page(GFP_KERNEL); + stack = __get_free_pages(GFP_KERNEL | __GFP_ZERO, ilog2(STUB_DATA_PAGES)); if (stack == 0) goto out; @@ -52,7 +52,7 @@ int init_new_context(struct task_struct *task, struct mm_struct *mm) out_free: if (to_mm->id.stack != 0) - free_page(to_mm->id.stack); + free_pages(to_mm->id.stack, ilog2(STUB_DATA_PAGES)); out: return ret; } @@ -74,6 +74,6 @@ void destroy_context(struct mm_struct *mm) } os_kill_ptraced_process(mmu->id.u.pid, 1); - free_page(mmu->id.stack); + free_pages(mmu->id.stack, ilog2(STUB_DATA_PAGES)); free_ldt(mmu); } diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c index 8dcda617b8bf..0a23a98d4ca0 100644 --- a/arch/um/kernel/um_arch.c +++ b/arch/um/kernel/um_arch.c @@ -326,9 +326,13 @@ int __init linux_main(int argc, char **argv) add_arg(DEFAULT_COMMAND_LINE_CONSOLE); host_task_size = os_get_top_address(); - /* reserve two pages for the stubs */ - host_task_size -= 2 * PAGE_SIZE; - stub_start = host_task_size; + /* reserve a few pages for the stubs (taking care of data alignment) */ + /* align the data portion */ + BUILD_BUG_ON(!is_power_of_2(STUB_DATA_PAGES)); + stub_start = (host_task_size - 1) & ~(STUB_DATA_PAGES * PAGE_SIZE - 1); + /* another page for the code portion */ + stub_start -= PAGE_SIZE; + host_task_size = stub_start; /* * TASK_SIZE needs to be PGDIR_SIZE aligned or else exit_mmap craps diff --git a/arch/um/os-Linux/skas/process.c b/arch/um/os-Linux/skas/process.c index b1ea53285af1..9464833e741a 100644 --- a/arch/um/os-Linux/skas/process.c +++ b/arch/um/os-Linux/skas/process.c @@ -262,7 +262,7 @@ static int userspace_tramp(void *stack) if (stack != NULL) { fd = phys_mapping(uml_to_phys(stack), &offset); addr = mmap((void *) STUB_DATA, - UM_KERN_PAGE_SIZE, PROT_READ | PROT_WRITE, + STUB_DATA_PAGES * UM_KERN_PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_SHARED, fd, offset); if (addr == MAP_FAILED) { printk(UM_KERN_ERR "mapping segfault stack at 0x%lx failed, errno = %d\n", @@ -277,7 +277,7 @@ static int userspace_tramp(void *stack) (unsigned long) stub_segv_handler - (unsigned long) __syscall_stub_start; - set_sigstack((void *) STUB_DATA, UM_KERN_PAGE_SIZE); + set_sigstack((void *) STUB_DATA, STUB_DATA_PAGES * UM_KERN_PAGE_SIZE); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_ONSTACK | SA_NODEFER | SA_SIGINFO; sa.sa_sigaction = (void *) v; @@ -515,7 +515,7 @@ static int __init init_thread_regs(void) thread_regs[REGS_IP_INDEX] = STUB_CODE + (unsigned long) stub_clone_handler - (unsigned long) __syscall_stub_start; - thread_regs[REGS_SP_INDEX] = STUB_DATA + UM_KERN_PAGE_SIZE - + thread_regs[REGS_SP_INDEX] = STUB_DATA + STUB_DATA_PAGES * UM_KERN_PAGE_SIZE - sizeof(void *); #ifdef __SIGNAL_FRAMESIZE thread_regs[REGS_SP_INDEX] -= __SIGNAL_FRAMESIZE; diff --git a/arch/x86/um/shared/sysdep/stub_32.h b/arch/x86/um/shared/sysdep/stub_32.h index 4c6c2be0c899..38fa894b65d0 100644 --- a/arch/x86/um/shared/sysdep/stub_32.h +++ b/arch/x86/um/shared/sysdep/stub_32.h @@ -89,19 +89,19 @@ static inline void remap_stack_and_trap(void) "addl %4,%%ebx ; movl %%eax, (%%ebx) ;" "int $3" : : - "g" (~(UM_KERN_PAGE_SIZE - 1)), + "g" (~(STUB_DATA_PAGES * UM_KERN_PAGE_SIZE - 1)), "g" (STUB_MMAP_NR), "g" (UML_STUB_FIELD_FD), "g" (UML_STUB_FIELD_OFFSET), "g" (UML_STUB_FIELD_CHILD_ERR), - "c" (UM_KERN_PAGE_SIZE), + "c" (STUB_DATA_PAGES * UM_KERN_PAGE_SIZE), "d" (PROT_READ | PROT_WRITE), "S" (MAP_FIXED | MAP_SHARED) : "memory"); } -static __always_inline void *get_stub_page(void) +static __always_inline void *get_stub_data(void) { unsigned long ret; @@ -109,7 +109,7 @@ static __always_inline void *get_stub_page(void) "movl %%esp,%0 ;" "andl %1,%0" : "=a" (ret) - : "g" (~(UM_KERN_PAGE_SIZE - 1))); + : "g" (~(STUB_DATA_PAGES * UM_KERN_PAGE_SIZE - 1))); return (void *)ret; } diff --git a/arch/x86/um/shared/sysdep/stub_64.h b/arch/x86/um/shared/sysdep/stub_64.h index 92ea1670cf1c..2de1c8f88173 100644 --- a/arch/x86/um/shared/sysdep/stub_64.h +++ b/arch/x86/um/shared/sysdep/stub_64.h @@ -98,18 +98,18 @@ static inline void remap_stack_and_trap(void) "int3" : : "g" (STUB_MMAP_NR), - "g" (~(UM_KERN_PAGE_SIZE - 1)), + "g" (~(STUB_DATA_PAGES * UM_KERN_PAGE_SIZE - 1)), "g" (MAP_FIXED | MAP_SHARED), "g" (UML_STUB_FIELD_FD), "g" (UML_STUB_FIELD_OFFSET), "g" (UML_STUB_FIELD_CHILD_ERR), - "S" (UM_KERN_PAGE_SIZE), + "S" (STUB_DATA_PAGES * UM_KERN_PAGE_SIZE), "d" (PROT_READ | PROT_WRITE) : __syscall_clobber, "r10", "r8", "r9"); } -static __always_inline void *get_stub_page(void) +static __always_inline void *get_stub_data(void) { unsigned long ret; @@ -117,7 +117,7 @@ static __always_inline void *get_stub_page(void) "movq %%rsp,%0 ;" "andq %1,%0" : "=a" (ret) - : "g" (~(UM_KERN_PAGE_SIZE - 1))); + : "g" (~(STUB_DATA_PAGES * UM_KERN_PAGE_SIZE - 1))); return (void *)ret; } diff --git a/arch/x86/um/stub_segv.c b/arch/x86/um/stub_segv.c index f7eefba034f9..040668b989b5 100644 --- a/arch/x86/um/stub_segv.c +++ b/arch/x86/um/stub_segv.c @@ -11,7 +11,7 @@ void __attribute__ ((__section__ (".__syscall_stub"))) stub_segv_handler(int sig, siginfo_t *info, void *p) { - struct faultinfo *f = get_stub_page(); + struct faultinfo *f = get_stub_data(); ucontext_t *uc = p; GET_FAULTINFO_FROM_MC(*f, &uc->uc_mcontext); -- cgit v1.2.3