From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Guenter Roeck <linux@roeck-us.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user()
Date: Tue, 8 Oct 2019 21:16:16 +0100 [thread overview]
Message-ID: <20191008201616.GW26530@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20191008195858.GV26530@ZenIV.linux.org.uk>
On Tue, Oct 08, 2019 at 08:58:58PM +0100, Al Viro wrote:
> That's powerpc. And while the constant-sized bits are probably pretty
> useless there as well, note the allow_read_from_user()/prevent_read_from_user()
> part. Looks suspiciously similar to user_access_begin()/user_access_end()...
>
> The difference is, they have separate "for read" and "for write" primitives
> and they want the range in their user_access_end() analogue. Separating
> the read and write isn't a problem for callers (we want them close to
> the actual memory accesses). Passing the range to user_access_end() just
> might be tolerable, unless it makes you throw up...
BTW, another related cleanup is futex_atomic_op_inuser() and
arch_futex_atomic_op_inuser(). In the former we have
if (!access_ok(uaddr, sizeof(u32)))
return -EFAULT;
ret = arch_futex_atomic_op_inuser(op, oparg, &oldval, uaddr);
if (ret)
return ret;
and in the latter we've got STAC/CLAC pairs stuck into inlined bits
on x86. As well as allow_write_to_user(uaddr, sizeof(*uaddr)) on
ppc...
I don't see anything in x86 one objtool would've barfed if we pulled
STAC/CLAC out and turned access_ok() into user_access_begin(),
with matching user_access_end() right after the call of
arch_futex_atomic_op_inuser(). Everything is inlined there and
no scary memory accesses would get into the scope (well, we do
have
if (!ret)
*oval = oldval;
in the very end of arch_futex_atomic_op_inuser() there, but oval
is the address of a local variable in the sole caller; if we run
with kernel stack on ring 3 page, we are deeply fucked *and*
wouldn't have survived that far into futex_atomic_op_inuser() anyway ;-)
next prev parent reply other threads:[~2019-10-08 20:16 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-06 22:20 [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Guenter Roeck
2019-10-06 23:06 ` Linus Torvalds
2019-10-06 23:35 ` Linus Torvalds
2019-10-07 0:04 ` Guenter Roeck
2019-10-07 1:17 ` Linus Torvalds
2019-10-07 1:24 ` Al Viro
2019-10-07 2:06 ` Linus Torvalds
2019-10-07 2:50 ` Al Viro
2019-10-07 3:11 ` Linus Torvalds
2019-10-07 15:40 ` David Laight
2019-10-07 18:11 ` Linus Torvalds
2019-10-08 9:58 ` David Laight
2019-10-07 17:34 ` Al Viro
2019-10-07 18:13 ` Linus Torvalds
2019-10-07 18:22 ` Al Viro
2019-10-07 18:26 ` Linus Torvalds
2019-10-07 18:36 ` Tony Luck
2019-10-07 19:08 ` Linus Torvalds
2019-10-07 19:49 ` Tony Luck
2019-10-07 20:04 ` Linus Torvalds
2019-10-08 3:29 ` Al Viro
2019-10-08 4:09 ` Linus Torvalds
2019-10-08 4:14 ` Linus Torvalds
2019-10-08 5:02 ` Al Viro
2019-10-08 4:24 ` Linus Torvalds
2019-10-10 19:55 ` Al Viro
2019-10-10 22:12 ` Linus Torvalds
2019-10-11 0:11 ` Al Viro
2019-10-11 0:31 ` Linus Torvalds
2019-10-13 18:13 ` Al Viro
2019-10-13 18:43 ` Linus Torvalds
2019-10-13 19:10 ` Al Viro
2019-10-13 19:22 ` Linus Torvalds
2019-10-13 19:59 ` Al Viro
2019-10-13 20:20 ` Linus Torvalds
2019-10-15 3:46 ` Michael Ellerman
2019-10-15 18:08 ` Al Viro
2019-10-15 19:00 ` Linus Torvalds
2019-10-15 19:40 ` Al Viro
2019-10-15 20:18 ` Al Viro
2019-10-16 12:12 ` [RFC] change of calling conventions for arch_futex_atomic_op_inuser() Al Viro
2019-10-16 12:24 ` Thomas Gleixner
2019-10-16 20:25 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Al Viro
2019-10-18 0:27 ` [RFC] csum_and_copy_from_user() semantics Al Viro
2019-10-25 14:01 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Thomas Gleixner
2019-10-08 4:57 ` Al Viro
2019-10-08 13:14 ` Greg KH
2019-10-08 15:29 ` Al Viro
2019-10-08 15:38 ` Greg KH
2019-10-08 17:06 ` Al Viro
2019-10-08 19:58 ` Al Viro
2019-10-08 20:16 ` Al Viro [this message]
2019-10-08 20:34 ` Al Viro
2019-10-07 2:30 ` Guenter Roeck
2019-10-07 3:12 ` Linus Torvalds
2019-10-07 0:23 ` Guenter Roeck
2019-10-07 4:04 ` Max Filippov
2019-10-07 12:16 ` Guenter Roeck
2019-10-07 19:21 ` Linus Torvalds
2019-10-07 20:29 ` Guenter Roeck
2019-10-07 23:27 ` Guenter Roeck
2019-10-08 6:28 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191008201616.GW26530@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).