From: Thomas Gleixner <tglx@linutronix.de>
To: "Frank Ch. Eigler" <fche@redhat.com>
Cc: David Smith <dsmith@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Ingo Molnar <mingo@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [RFC][PATCH] x86: Verify access_ok() context
Date: Thu, 19 Jan 2017 21:50:36 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.20.1701192139490.5358@nanos> (raw)
In-Reply-To: <20170119202218.GB20931@redhat.com>
On Thu, 19 Jan 2017, Frank Ch. Eigler wrote:
> Hi, Thomas -
>
> On Thu, Jan 19, 2017 at 07:12:48PM +0100, Thomas Gleixner wrote:
> > [...]
> > It does matter very much, because the fact that the warning triggers tells
> > me that it's placed in code which is NOT executed in task context.
> > [...]
> > We are not papering over problems.
>
> Understood. We were interpreting the comments around access_ok to
> mean that the underlying hazard condition was different (stricter)
> than in_task(). If the warning could be made to match that hazard
> condition more precisely, then safe but non-in_task() callers can use
> access_ok() without the warning.
Well, if you are not in thread context then the check is pointless:
__range_not_ok(addr, size, user_addr_max())
and:
#define user_addr_max() (current->thread.addr_limit.seg)
So what guarantees when you are not in context of current, i.e. in thread
context, that the addr/size which is checked against the limits of current
actually belongs to current?
I assume this is about systemtap modules. Can you please explain what you
are trying to achieve? I guess you know that you actually access current,
but then we need a seperate special function and not relaxing of the
checks.
Thanks,
tglx
next prev parent reply other threads:[~2017-01-19 21:14 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-22 9:57 [RFC][PATCH] x86: Verify access_ok() context Peter Zijlstra
2016-11-22 17:28 ` Andy Lutomirski
2016-11-22 19:37 ` Peter Zijlstra
2016-11-22 19:42 ` Linus Torvalds
2016-12-05 10:27 ` Peter Zijlstra
2017-01-16 20:27 ` David Smith
2017-01-16 21:14 ` Thomas Gleixner
2017-01-18 22:16 ` David Smith
2017-01-19 0:19 ` Andy Lutomirski
2017-01-19 15:37 ` David Smith
2017-01-20 8:24 ` Peter Zijlstra
2017-01-20 8:50 ` Thomas Gleixner
2017-01-19 18:12 ` Thomas Gleixner
2017-01-19 20:22 ` Frank Ch. Eigler
2017-01-19 20:50 ` Thomas Gleixner [this message]
2017-01-19 21:27 ` Frank Ch. Eigler
2017-01-19 22:20 ` Peter Zijlstra
2017-01-19 23:04 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1701192139490.5358@nanos \
--to=tglx@linutronix.de \
--cc=dsmith@redhat.com \
--cc=fche@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).