From: Linus Torvalds <torvalds@linux-foundation.org>
To: Tony Luck <tony.luck@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Guenter Roeck <linux@roeck-us.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user()
Date: Mon, 7 Oct 2019 12:08:52 -0700 [thread overview]
Message-ID: <CAHk-=wi3P2NvBNocyNFTAb-G08P0ASVihMVKmiw__oNU4V2M5g@mail.gmail.com> (raw)
In-Reply-To: <CA+8MBb+VKk0aQZaJ+tMbFV7+s37HrQ6pzy4sHDAA3yqS-3nVwA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 425 bytes --]
On Mon, Oct 7, 2019 at 11:36 AM Tony Luck <tony.luck@gmail.com> wrote:
>
> Late to this party ,,, but my ia64 console today is full of:
Hmm? I thought ia64 did unaligneds ok.
But regardless, this is my current (as yet untested) patch. This is
not the big user access cleanup that I hope Al will do, this is just a
"ok, x86 is the only one who wants a special unsafe_copy_to_user()
right now" patch.
Linus
[-- Attachment #2: patch.diff --]
[-- Type: text/x-patch, Size: 4604 bytes --]
arch/x86/include/asm/uaccess.h | 23 ++++++++++++++++++++++
fs/readdir.c | 44 ++----------------------------------------
include/linux/uaccess.h | 6 ++++--
3 files changed, 29 insertions(+), 44 deletions(-)
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 35c225ede0e4..61d93f062a36 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -734,5 +734,28 @@ do { \
if (unlikely(__gu_err)) goto err_label; \
} while (0)
+/*
+ * We want the unsafe accessors to always be inlined and use
+ * the error labels - thus the macro games.
+ */
+#define unsafe_copy_loop(dst, src, len, type, label) \
+ while (len >= sizeof(type)) { \
+ unsafe_put_user(*(type *)src,(type __user *)dst,label); \
+ dst += sizeof(type); \
+ src += sizeof(type); \
+ len -= sizeof(type); \
+ }
+
+#define unsafe_copy_to_user(_dst,_src,_len,label) \
+do { \
+ char __user *__ucu_dst = (_dst); \
+ const char *__ucu_src = (_src); \
+ size_t __ucu_len = (_len); \
+ unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u64, label); \
+ unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u32, label); \
+ unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u16, label); \
+ unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u8, label); \
+} while (0)
+
#endif /* _ASM_X86_UACCESS_H */
diff --git a/fs/readdir.c b/fs/readdir.c
index 19bea591c3f1..6e2623e57b2e 100644
--- a/fs/readdir.c
+++ b/fs/readdir.c
@@ -27,53 +27,13 @@
/*
* Note the "unsafe_put_user() semantics: we goto a
* label for errors.
- *
- * Also note how we use a "while()" loop here, even though
- * only the biggest size needs to loop. The compiler (well,
- * at least gcc) is smart enough to turn the smaller sizes
- * into just if-statements, and this way we don't need to
- * care whether 'u64' or 'u32' is the biggest size.
- */
-#define unsafe_copy_loop(dst, src, len, type, label) \
- while (len >= sizeof(type)) { \
- unsafe_put_user(get_unaligned((type *)src), \
- (type __user *)dst, label); \
- dst += sizeof(type); \
- src += sizeof(type); \
- len -= sizeof(type); \
- }
-
-/*
- * We avoid doing 64-bit copies on 32-bit architectures. They
- * might be better, but the component names are mostly small,
- * and the 64-bit cases can end up being much more complex and
- * put much more register pressure on the code, so it's likely
- * not worth the pain of unaligned accesses etc.
- *
- * So limit the copies to "unsigned long" size. I did verify
- * that at least the x86-32 case is ok without this limiting,
- * but I worry about random other legacy 32-bit cases that
- * might not do as well.
- */
-#define unsafe_copy_type(dst, src, len, type, label) do { \
- if (sizeof(type) <= sizeof(unsigned long)) \
- unsafe_copy_loop(dst, src, len, type, label); \
-} while (0)
-
-/*
- * Copy the dirent name to user space, and NUL-terminate
- * it. This should not be a function call, since we're doing
- * the copy inside a "user_access_begin/end()" section.
*/
#define unsafe_copy_dirent_name(_dst, _src, _len, label) do { \
char __user *dst = (_dst); \
const char *src = (_src); \
size_t len = (_len); \
- unsafe_copy_type(dst, src, len, u64, label); \
- unsafe_copy_type(dst, src, len, u32, label); \
- unsafe_copy_type(dst, src, len, u16, label); \
- unsafe_copy_type(dst, src, len, u8, label); \
- unsafe_put_user(0, dst, label); \
+ unsafe_put_user(0, dst+len, label); \
+ unsafe_copy_to_user(dst, src, len, label); \
} while (0)
diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
index e47d0522a1f4..d4ee6e942562 100644
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -355,8 +355,10 @@ extern long strnlen_unsafe_user(const void __user *unsafe_addr, long count);
#ifndef user_access_begin
#define user_access_begin(ptr,len) access_ok(ptr, len)
#define user_access_end() do { } while (0)
-#define unsafe_get_user(x, ptr, err) do { if (unlikely(__get_user(x, ptr))) goto err; } while (0)
-#define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0)
+#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0)
+#define unsafe_get_user(x,p,e) unsafe_op_wrap(__get_user(x,p),e)
+#define unsafe_put_user(x,p,e) unsafe_op_wrap(__put_user(x,p),e)
+#define unsafe_copy_to_user(d,s,l,e) unsafe_op_wrap(__copy_to_user(d,s,l),e)
static inline unsigned long user_access_save(void) { return 0UL; }
static inline void user_access_restore(unsigned long flags) { }
#endif
next prev parent reply other threads:[~2019-10-07 19:09 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-06 22:20 [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Guenter Roeck
2019-10-06 23:06 ` Linus Torvalds
2019-10-06 23:35 ` Linus Torvalds
2019-10-07 0:04 ` Guenter Roeck
2019-10-07 1:17 ` Linus Torvalds
2019-10-07 1:24 ` Al Viro
2019-10-07 2:06 ` Linus Torvalds
2019-10-07 2:50 ` Al Viro
2019-10-07 3:11 ` Linus Torvalds
2019-10-07 15:40 ` David Laight
2019-10-07 18:11 ` Linus Torvalds
2019-10-08 9:58 ` David Laight
2019-10-07 17:34 ` Al Viro
2019-10-07 18:13 ` Linus Torvalds
2019-10-07 18:22 ` Al Viro
2019-10-07 18:26 ` Linus Torvalds
2019-10-07 18:36 ` Tony Luck
2019-10-07 19:08 ` Linus Torvalds [this message]
2019-10-07 19:49 ` Tony Luck
2019-10-07 20:04 ` Linus Torvalds
2019-10-08 3:29 ` Al Viro
2019-10-08 4:09 ` Linus Torvalds
2019-10-08 4:14 ` Linus Torvalds
2019-10-08 5:02 ` Al Viro
2019-10-08 4:24 ` Linus Torvalds
2019-10-10 19:55 ` Al Viro
2019-10-10 22:12 ` Linus Torvalds
2019-10-11 0:11 ` Al Viro
2019-10-11 0:31 ` Linus Torvalds
2019-10-13 18:13 ` Al Viro
2019-10-13 18:43 ` Linus Torvalds
2019-10-13 19:10 ` Al Viro
2019-10-13 19:22 ` Linus Torvalds
2019-10-13 19:59 ` Al Viro
2019-10-13 20:20 ` Linus Torvalds
2019-10-15 3:46 ` Michael Ellerman
2019-10-15 18:08 ` Al Viro
2019-10-15 19:00 ` Linus Torvalds
2019-10-15 19:40 ` Al Viro
2019-10-15 20:18 ` Al Viro
2019-10-16 12:12 ` [RFC] change of calling conventions for arch_futex_atomic_op_inuser() Al Viro
2019-10-16 12:24 ` Thomas Gleixner
2019-10-16 20:25 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Al Viro
2019-10-17 19:36 ` [RFC][PATCHES] drivers/scsi/sg.c uaccess cleanups/fixes Al Viro
2019-10-17 19:39 ` [RFC PATCH 1/8] sg_ioctl(): fix copyout handling Al Viro
2019-10-17 19:39 ` [RFC PATCH 2/8] sg_new_write(): replace access_ok() + __copy_from_user() with copy_from_user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 3/8] sg_write(): __get_user() can fail Al Viro
2019-10-17 19:39 ` [RFC PATCH 4/8] sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t Al Viro
2019-10-17 19:39 ` [RFC PATCH 5/8] sg_new_write(): don't bother with access_ok Al Viro
2019-10-17 19:39 ` [RFC PATCH 6/8] sg_read(): get rid of access_ok()/__copy_..._user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 7/8] sg_write(): get rid of access_ok()/__copy_from_user()/__get_user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 8/8] SG_IO: get rid of access_ok() Al Viro
2019-10-17 21:44 ` [RFC][PATCHES] drivers/scsi/sg.c uaccess cleanups/fixes Douglas Gilbert
2019-11-05 4:54 ` Martin K. Petersen
2019-11-05 5:25 ` Al Viro
2019-11-06 4:29 ` Martin K. Petersen
2019-10-18 0:27 ` [RFC] csum_and_copy_from_user() semantics Al Viro
2019-10-25 14:01 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Thomas Gleixner
2019-10-08 4:57 ` Al Viro
2019-10-08 13:14 ` Greg KH
2019-10-08 15:29 ` Al Viro
2019-10-08 15:38 ` Greg KH
2019-10-08 17:06 ` Al Viro
2019-10-08 19:58 ` Al Viro
2019-10-08 20:16 ` Al Viro
2019-10-08 20:34 ` Al Viro
2019-10-07 2:30 ` Guenter Roeck
2019-10-07 3:12 ` Linus Torvalds
2019-10-07 0:23 ` Guenter Roeck
2019-10-07 4:04 ` Max Filippov
2019-10-07 12:16 ` Guenter Roeck
2019-10-07 19:21 ` Linus Torvalds
2019-10-07 20:29 ` Guenter Roeck
2019-10-07 23:27 ` Guenter Roeck
2019-10-08 6:28 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wi3P2NvBNocyNFTAb-G08P0ASVihMVKmiw__oNU4V2M5g@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=tony.luck@gmail.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.