1 files changed, 18 insertions, 3 deletions
diff --git a/mm/usercopy.c b/mm/usercopy.c
index a562dd094ace..e9e9325f7638 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -59,13 +59,28 @@ static noinline int check_stack_object(const void *obj, unsigned long len)
 }
 /*
- * If this function is reached, then CONFIG_HARDENED_USERCOPY has found an
+ * If these functions are reached, then CONFIG_HARDENED_USERCOPY has found
- * unexpected state during a copy_from_user() or copy_to_user() call.
+ * an unexpected state during a copy_from_user() or copy_to_user() call.
 * There are several checks being performed on the buffer by the
 * __check_object_size() function. Normal stack buffer usage should never
 * trip the checks, and kernel text addressing will always trip the check.
- * For cache objects, copies must be within the object size.
+ * For cache objects, it is checking that only the whitelisted range of
+ * bytes for a given cache is being accessed (via the cache's usersize and
+ * useroffset fields). To adjust a cache whitelist, use the usercopy-aware
+ * kmem_cache_create_usercopy() function to create the cache (and
+ * carefully audit the whitelist range).
 */
+void usercopy_warn(const char *name, const char *detail, bool to_user,
+                   unsigned long offset, unsigned long len)
+{
+        WARN_ONCE(1, "Bad or missing usercopy whitelist? Kernel memory %s attempt detected %s %s%s%s%s (offset %lu, size %lu)!\n",
+                 to_user ? "exposure" : "overwrite",
+                 to_user ? "from" : "to",
+                 name ? : "unknown?!",
+                 detail ? " '" : "", detail ? : "", detail ? "'" : "",
+                 offset, len);
+}
 void __noreturn usercopy_abort(const char *name, const char *detail,
                               bool to_user, unsigned long offset,
                               unsigned long len)

diff --git a/mm/usercopy.c b/mm/usercopy.c index a562dd094ace..e9e9325f7638 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c
@@ -59,13 +59,28 @@ static noinline int check_stack_object(const void *obj, unsigned long len)
59	}	59	}
60		60
61	/*	61	/*
62	* If this function is reached, then CONFIG_HARDENED_USERCOPY has found an	62	* If these functions are reached, then CONFIG_HARDENED_USERCOPY has found
63	* unexpected state during a copy_from_user() or copy_to_user() call.	63	* an unexpected state during a copy_from_user() or copy_to_user() call.
64	* There are several checks being performed on the buffer by the	64	* There are several checks being performed on the buffer by the
65	* __check_object_size() function. Normal stack buffer usage should never	65	* __check_object_size() function. Normal stack buffer usage should never
66	* trip the checks, and kernel text addressing will always trip the check.	66	* trip the checks, and kernel text addressing will always trip the check.
67	* For cache objects, copies must be within the object size.	67	* For cache objects, it is checking that only the whitelisted range of
		68	* bytes for a given cache is being accessed (via the cache's usersize and
		69	* useroffset fields). To adjust a cache whitelist, use the usercopy-aware
		70	* kmem_cache_create_usercopy() function to create the cache (and
		71	* carefully audit the whitelist range).
68	*/	72	*/
		73	void usercopy_warn(const char name, const char detail, bool to_user,
		74	unsigned long offset, unsigned long len)
		75	{
		76	WARN_ONCE(1, "Bad or missing usercopy whitelist? Kernel memory %s attempt detected %s %s%s%s%s (offset %lu, size %lu)!\n",
		77	to_user ? "exposure" : "overwrite",
		78	to_user ? "from" : "to",
		79	name ? : "unknown?!",
		80	detail ? " '" : "", detail ? : "", detail ? "'" : "",
		81	offset, len);
		82	}
		83
69	void __noreturn usercopy_abort(const char name, const char detail,	84	void __noreturn usercopy_abort(const char name, const char detail,
70	bool to_user, unsigned long offset,	85	bool to_user, unsigned long offset,
71	unsigned long len)	86	unsigned long len)