linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Arnd Bergmann <arnd@kernel.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	linux-arch <linux-arch@vger.kernel.org>,
	 Alexander Viro <viro@zeniv.linux.org.uk>,
	Andrew Morton <akpm@linux-foundation.org>,
	 Borislav Petkov <bp@alien8.de>, Brian Gerst <brgerst@gmail.com>,
	Ingo Molnar <mingo@kernel.org>,  "H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	 Linux ARM <linux-arm-kernel@lists.infradead.org>,
	 Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Linux-MM <linux-mm@kvack.org>,
	kexec@lists.infradead.org
Subject: Re: [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load
Date: Tue, 18 May 2021 09:44:20 +0200	[thread overview]
Message-ID: <CAK8P3a0ecwY1hwDqhW7DyQMGR1a7xiQND=1s7Pd9OP7i5+hoWg@mail.gmail.com> (raw)
In-Reply-To: <YKNhXQ883lRbqQGA@infradead.org>

On Tue, May 18, 2021 at 8:40 AM Christoph Hellwig <hch@infradead.org> wrote:
>
> On Mon, May 17, 2021 at 10:57:24PM -0500, Eric W. Biederman wrote:
> > We open ourselves up to bugs whenever we lie to the type system.
> >
> > Skimming through the code it looks like it should be possible
> > to not need the in_compat_syscall and the casts to the wrong
> > type by changing the order of the code a little bit.

There are obviously other ways of doing the same. The reason for doing it
this specific way is so I can eliminate the compat entry point entirely in
patch 4/4.

> What kind of bug do you expect?  We must only copy from user addresses
> once anyway.  I've never seen bugs due the use of in_compat_syscall,
> but plenty due to cruft code trying to avoid it.

Right, I've used the same approach of passing a native-typed __user pointer
and converting it in a copy_from_user/copy_to_user wrapper in a number of
other places, as this tends to produce the most readable version by
concentrating the tricky logic in the one place that already has to be careful.

Most of the bugs I've seen with compat code are from duplicated code paths
that diverge over time when a bugfix for the native version is applied
incorrectly
or not at all to the compat version.

        Arnd

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2021-05-18  7:47 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-17 20:33 [PATCH v3 0/4] compat: remove compat_alloc_user_space callers Arnd Bergmann
2021-05-17 20:33 ` [PATCH v3 1/4] kexec: simplify compat_sys_kexec_load Arnd Bergmann
2021-05-18  3:57   ` Eric W. Biederman
2021-05-18  6:40     ` Christoph Hellwig
2021-05-18  7:44       ` Arnd Bergmann [this message]
2021-05-18  6:38   ` Christoph Hellwig
2021-05-18  7:47     ` Arnd Bergmann
2021-05-18 13:41   ` Eric W. Biederman
2021-05-18 14:05     ` Arnd Bergmann
2021-05-18 14:17       ` Arnd Bergmann
2021-05-18 16:01         ` Eric W. Biederman
2021-05-18 22:45         ` Eric W. Biederman
2021-05-19  9:55           ` Arnd Bergmann
2021-05-18 20:47   ` David Laight
2021-05-17 20:33 ` [PATCH v3 2/4] mm: simplify compat_sys_move_pages Arnd Bergmann
2021-05-18  6:42   ` Christoph Hellwig
2021-05-18 20:49   ` David Laight
2021-05-19 13:41     ` Arnd Bergmann
2021-05-17 20:33 ` [PATCH v3 3/4] mm: simplify compat numa syscalls Arnd Bergmann
2021-05-18  6:52   ` Christoph Hellwig
2021-05-17 20:33 ` [PATCH v3 4/4] compat: remove some compat entry points Arnd Bergmann
2021-05-18  6:55   ` Christoph Hellwig
2021-05-19 20:33   ` Thomas Gleixner
2021-05-19 21:00     ` Arnd Bergmann
2021-05-20  9:21       ` Arnd Bergmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAK8P3a0ecwY1hwDqhW7DyQMGR1a7xiQND=1s7Pd9OP7i5+hoWg@mail.gmail.com' \
    --to=arnd@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=bp@alien8.de \
    --cc=brgerst@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=hch@infradead.org \
    --cc=hpa@zytor.com \
    --cc=kexec@lists.infradead.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mingo@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).