From: Daniel Borkmann <daniel@iogearbox.net>
To: Christoph Hellwig <hch@infradead.org>
Cc: Alexei Starovoitov <ast@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
x86@kernel.org, linux-kernel@vger.kernel.org,
bpf@vger.kernel.org, bgregg@netflix.com
Subject: Re: Question on "uaccess: Add strict non-pagefault kernel-space read function"
Date: Tue, 7 Apr 2020 11:03:23 +0200 [thread overview]
Message-ID: <2adc77e1-e84d-f303-fd88-133ec950c33f@iogearbox.net> (raw)
In-Reply-To: <20200404093105.GA445@infradead.org>
On 4/4/20 11:31 AM, Christoph Hellwig wrote:
> On Fri, Apr 03, 2020 at 04:20:24PM +0200, Daniel Borkmann wrote:
>> With crazy old functions I presume you mean the old bpf_probe_read()
>> which is mapped to BPF_FUNC_probe_read helper or something else entirely?
>
> I couldn't care less about bpf, this is about the kernel API.
>
> What I mean is that your new probe_kernel_read_strict and
> strncpy_from_unsafe_strict helpers are good and useful. But for this
> to actually make sense we need to get rid of the non-strict versions,
> and we also need to get rid of some of the weak alias magic.
Yeah agree, the probe_kernel_read() should do the strict checks by default
and there would need to be some way to opt-out for the legacy helpers to
not break. So it would end up looking like the below ...
long __probe_kernel_read(void *dst, const void *src, size_t size)
{
long ret = -EFAULT;
mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
if (kernel_range_ok(src, size))
ret = probe_read_common(dst, (__force const void __user *)src, size);
set_fs(old_fs);
return ret;
}
... where archs with non-overlapping user and kernel address range would
only end up having to implementing kernel_range_ok() check. Or, instead of
a generic kernel_range_ok() this could perhaps be more probing-specific as
in probe_kernel_range_ok() where this would then also cover the special
cases we seem to have in parisc and um. Then, this would allow to get rid
of all the __weak aliasing as well which may just be confusing. I could look
into coming up with something along these lines. Thoughts?
next prev parent reply other threads:[~2020-04-07 9:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-03 13:35 Question on "uaccess: Add strict non-pagefault kernel-space read function" Christoph Hellwig
2020-04-03 14:20 ` Daniel Borkmann
2020-04-04 9:31 ` Christoph Hellwig
2020-04-07 9:03 ` Daniel Borkmann [this message]
2020-04-07 9:33 ` Christoph Hellwig
2020-04-08 0:15 ` Daniel Borkmann
2020-04-03 19:07 ` Thomas Gleixner
2020-04-03 19:09 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2adc77e1-e84d-f303-fd88-133ec950c33f@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@kernel.org \
--cc=bgregg@netflix.com \
--cc=bpf@vger.kernel.org \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).