Linux-parisc archive on lore.kernel.org
 help / color / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Christoph Hellwig <hch@lst.de>
Cc: "the arch/x86 maintainers" <x86@kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-parisc@vger.kernel.org,
	linux-um <linux-um@lists.infradead.org>,
	Netdev <netdev@vger.kernel.org>,
	bpf@vger.kernel.org, Linux-MM <linux-mm@kvack.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 12/20] maccess: remove strncpy_from_unsafe
Date: Tue, 19 May 2020 09:25:57 -0700
Message-ID: <CAHk-=whE_C2JF0ywF09iMBWtquEfMM3aSxCeLrb5S75EdHr1JA@mail.gmail.com> (raw)
In-Reply-To: <20200519134449.1466624-13-hch@lst.de>

On Tue, May 19, 2020 at 6:45 AM Christoph Hellwig <hch@lst.de> wrote:
>
> +       if (IS_ENABLED(CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE) &&
> +           compat && (unsigned long)unsafe_ptr < TASK_SIZE)
> +               ret = strncpy_from_user_nofault(dst, user_ptr, size);
> +       else
> +               ret = strncpy_from_kernel_nofault(dst, unsafe_ptr, size);

These conditionals are completely illegible.

That's true in the next patch too.

Stop using "IS_ENABLED(config)" to make very complex conditionals.

A clear #ifdef is much better if the alternative is a conditional that
is completely impossible to actually understand and needs multiple
lines to read.

If you made this a simple helper (called "bpf_strncpy_from_unsafe()"
with that "compat" flag, perhaps?), it would be much more legible as

  /*
   * Big comment goes here about the compat behavior and
   * non-overlapping address spaces and ambiguous pointers.
   */
  static long bpf_strncpy_from_legacy(void *dest, const void
*unsafe_ptr, long size, bool legacy)
  {
  #ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
        if (legacy && addr < TASK_SIZE)
            return strncpy_from_user_nofault(dst, (const void __user
*) unsafe_ptr, size);
  #endif

        return strncpy_from_kernel_nofault(dst, unsafe_ptr, size);
  }

and then you'd just use

        if (bpf_strncpy_from_unsafe(dst, unsafe_ptr, size, compat) < 0)
                memset(dst, 0, size);

and avoid any complicated conditionals, goto's, and make the code much
easier to understand thanks to having a big comment about the legacy
case.

In fact, separately I'd probably want that "compat" naming to be
scrapped entirely in that file.

"compat" generally means something very specific and completely
different in the kernel: it's the "I'm a 32-bit binary on a 64-bit
kernel" compatibility case.

Here, it's literally "BPF legacy behavior", not that kind of "compat" thing.

But that renaming is separate, although I'd start the ball rolling
with that "bpf_strncpy_from_legacy()" helper.

                Linus

  reply index

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-19 13:44 clean up and streamline probe_kernel_* and friends v3 Christoph Hellwig
2020-05-19 13:44 ` [PATCH 01/20] maccess: unexport probe_kernel_write and probe_user_write Christoph Hellwig
2020-05-19 13:44 ` [PATCH 02/20] maccess: remove various unused weak aliases Christoph Hellwig
2020-05-19 13:44 ` [PATCH 03/20] maccess: remove duplicate kerneldoc comments Christoph Hellwig
2020-05-19 13:44 ` [PATCH 04/20] maccess: clarify " Christoph Hellwig
2020-05-19 13:44 ` [PATCH 05/20] maccess: update the top of file comment Christoph Hellwig
2020-05-19 13:44 ` [PATCH 06/20] maccess: rename strncpy_from_unsafe_user to strncpy_from_user_nofault Christoph Hellwig
2020-05-19 13:44 ` [PATCH 07/20] maccess: rename strncpy_from_unsafe_strict to strncpy_from_kernel_nofault Christoph Hellwig
2020-05-19 13:44 ` [PATCH 08/20] maccess: rename strnlen_unsafe_user to strnlen_user_nofault Christoph Hellwig
2020-05-19 13:44 ` [PATCH 09/20] maccess: remove probe_read_common and probe_write_common Christoph Hellwig
2020-05-19 13:44 ` [PATCH 10/20] maccess: unify the probe kernel arch hooks Christoph Hellwig
2020-05-19 13:44 ` [PATCH 11/20] bpf: factor out a bpf_trace_copy_string helper Christoph Hellwig
2020-05-19 16:07   ` Linus Torvalds
2020-05-19 16:14     ` Christoph Hellwig
2020-05-19 16:36       ` Linus Torvalds
2020-05-19 13:44 ` [PATCH 12/20] maccess: remove strncpy_from_unsafe Christoph Hellwig
2020-05-19 16:25   ` Linus Torvalds [this message]
2020-05-19 16:41     ` Christoph Hellwig
2020-05-19 16:46       ` Linus Torvalds
2020-05-19 13:44 ` [PATCH 13/20] maccess: always use strict semantics for probe_kernel_read Christoph Hellwig
2020-05-19 16:33   ` Linus Torvalds
2020-05-20 11:11   ` Masami Hiramatsu
2020-05-20 11:13     ` Christoph Hellwig
2020-05-19 13:44 ` [PATCH 14/20] maccess: move user access routines together Christoph Hellwig
2020-05-19 13:44 ` [PATCH 15/20] maccess: allow architectures to provide kernel probing directly Christoph Hellwig
2020-05-19 13:44 ` [PATCH 16/20] x86: use non-set_fs based maccess routines Christoph Hellwig
2020-05-19 13:44 ` [PATCH 17/20] maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault Christoph Hellwig
2020-05-19 13:44 ` [PATCH 18/20] maccess: rename probe_user_{read,write} to copy_{from,to}_user_nofault Christoph Hellwig
2020-05-19 13:44 ` [PATCH 19/20] maccess: rename probe_kernel_address to get_kernel_nofault Christoph Hellwig
2020-05-19 13:44 ` [PATCH 20/20] maccess: return -ERANGE when copy_from_kernel_nofault_allowed fails Christoph Hellwig
2020-05-20 11:02   ` Masami Hiramatsu
2020-05-20 16:16     ` Christoph Hellwig
2020-05-19 16:34 ` clean up and streamline probe_kernel_* and friends v3 Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHk-=whE_C2JF0ywF09iMBWtquEfMM3aSxCeLrb5S75EdHr1JA@mail.gmail.com' \
    --to=torvalds@linux-foundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=hch@lst.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-parisc@vger.kernel.org \
    --cc=linux-um@lists.infradead.org \
    --cc=mhiramat@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-parisc archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-parisc/0 linux-parisc/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-parisc linux-parisc/ https://lore.kernel.org/linux-parisc \
		linux-parisc@vger.kernel.org
	public-inbox-index linux-parisc

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-parisc


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git