Re: [PATCH] mm: unexport globally copy_to_kernel_nofault

From: Andrey Konovalov
Date: Sun Jun 22 2025 - 09:00:55 EST

Next message: Marc Zyngier: "Re: [PATCH v5 3/6] KVM: arm64: Use SMCCC 1.2 in host FF-A handler"
Previous message: Gary Guo: "[PATCH v4 5/5] MAINTAINERS: update atomic infrastructure entry to include Rust"
In reply to: Sabyrzhan Tasbolatov: "[PATCH] mm: unexport globally copy_to_kernel_nofault"
Next in thread: Sabyrzhan Tasbolatov: "[PATCH v2] mm: unexport globally copy_to_kernel_nofault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 22, 2025 at 7:19 AM Sabyrzhan Tasbolatov
<snovitoll@xxxxxxxxx> wrote:
>
> `copy_to_kernel_nofault()` is an internal helper which should not be
> visible to loadable modules – exporting it would give exploit code a
> cheap oracle to probe kernel addresses. Instead, keep the helper
> un-exported and compile the kunit case that exercises it only when
> `mm/kasan/kasan_test.o` is linked into vmlinux.
>
> Fixes: ca79a00bb9a8 ("kasan: migrate copy_user_test to kunit")
> Suggested-by: Christoph Hellwig <hch@xxxxxxxxxxxxx>
> Suggested-by: Marco Elver <elver@xxxxxxxxxx>
> Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@xxxxxxxxx>
> ---
> mm/kasan/kasan_test_c.c | 4 ++++
> mm/maccess.c | 1 -
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
> index 5f922dd38ffa..094ecd27b707 100644
> --- a/mm/kasan/kasan_test_c.c
> +++ b/mm/kasan/kasan_test_c.c
> @@ -1977,6 +1977,7 @@ static void rust_uaf(struct kunit *test)
> KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf());
> }
>
> +#ifndef MODULE

Would be great to have a comment here explaining the ifndef.

> static void copy_to_kernel_nofault_oob(struct kunit *test)
> {
> char *ptr;
> @@ -2011,6 +2012,7 @@ static void copy_to_kernel_nofault_oob(struct kunit *test)
>
> kfree(ptr);
> }
> +#endif /* !MODULE */
>
> static void copy_user_test_oob(struct kunit *test)
> {
> @@ -2131,7 +2133,9 @@ static struct kunit_case kasan_kunit_test_cases[] = {
> KUNIT_CASE(match_all_not_assigned),
> KUNIT_CASE(match_all_ptr_tag),
> KUNIT_CASE(match_all_mem_tag),
> +#ifndef MODULE
> KUNIT_CASE(copy_to_kernel_nofault_oob),
> +#endif
> KUNIT_CASE(rust_uaf),
> KUNIT_CASE(copy_user_test_oob),
> {}
> diff --git a/mm/maccess.c b/mm/maccess.c
> index 831b4dd7296c..486559d68858 100644
> --- a/mm/maccess.c
> +++ b/mm/maccess.c
> @@ -82,7 +82,6 @@ long copy_to_kernel_nofault(void *dst, const void *src, size_t size)
> pagefault_enable();
> return -EFAULT;
> }
> -EXPORT_SYMBOL_GPL(copy_to_kernel_nofault);
>
> long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
> {
> --
> 2.34.1
>

Other than that:

Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxx>

Thank you!

Next message: Marc Zyngier: "Re: [PATCH v5 3/6] KVM: arm64: Use SMCCC 1.2 in host FF-A handler"
Previous message: Gary Guo: "[PATCH v4 5/5] MAINTAINERS: update atomic infrastructure entry to include Rust"
In reply to: Sabyrzhan Tasbolatov: "[PATCH] mm: unexport globally copy_to_kernel_nofault"
Next in thread: Sabyrzhan Tasbolatov: "[PATCH v2] mm: unexport globally copy_to_kernel_nofault"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]