From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02D47C433DF for ; Fri, 29 May 2020 13:37:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D873D206F1 for ; Fri, 29 May 2020 13:37:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726638AbgE2Nht (ORCPT ); Fri, 29 May 2020 09:37:49 -0400 Received: from verein.lst.de ([213.95.11.211]:33056 "EHLO verein.lst.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726476AbgE2Nht (ORCPT ); Fri, 29 May 2020 09:37:49 -0400 Received: by verein.lst.de (Postfix, from userid 2407) id B6E8C68B02; Fri, 29 May 2020 15:37:44 +0200 (CEST) Date: Fri, 29 May 2020 15:37:44 +0200 From: Christoph Hellwig To: Al Viro Cc: Christoph Hellwig , Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: Re: [PATCH 09/14] fs: don't change the address limit for ->write_iter in __kernel_write Message-ID: <20200529133744.GA654@lst.de> References: <20200528054043.621510-1-hch@lst.de> <20200528054043.621510-10-hch@lst.de> <20200528190052.GM23230@ZenIV.linux.org.uk> <20200529055736.GB6788@lst.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200529055736.GB6788@lst.de> User-Agent: Mutt/1.5.17 (2007-11-01) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: On Fri, May 29, 2020 at 07:57:36AM +0200, Christoph Hellwig wrote: > On Thu, May 28, 2020 at 08:00:52PM +0100, Al Viro wrote: > > On Thu, May 28, 2020 at 07:40:38AM +0200, Christoph Hellwig wrote: > > > If we write to a file that implements ->write_iter there is no need > > > to change the address limit if we send a kvec down. Implement that > > > case, and prefer it over using plain ->write with a changed address > > > limit if available. > > > > Umm... It needs a comment along the lines of "weird shits like > > /dev/sg that currently check for uaccess_kernel() will just > > have to make sure they never switch to ->write_iter()" > > sg and hid has the uaccess_kernel because it accesses userspace memory not > in the range passed to it. Something using write_iter/read_iter should > never access any memory outside the iter passed to. rdma has it because > it uses write as a bidirectional interface, which obviously can't work at > all with an iter. So I'm not sure what we should comment on, but if > you have a desire and a proposal for a comment I'll happily add it. And looking over all three again they actually comment why they check uaccess_kernel. More importantly if someone switched them to the ->write_iter carelessly that means the uaccess outside of the range would actually aways fail now as we didn't allow access to userspace memory, so this should show up when testing instantly.