Received: by 10.192.165.156 with SMTP id m28csp250729imm; Tue, 17 Apr 2018 09:31:15 -0700 (PDT) X-Google-Smtp-Source: AIpwx49ngGEq5WPARpbpAWQ6EvfBkjm0HeiXAUJ4Qx2aQys2XAJgx7nUNd1UJQ2nm2SFIr1TBF85 X-Received: by 2002:a17:902:14b:: with SMTP id 69-v6mr2726877plb.184.1523982675247; Tue, 17 Apr 2018 09:31:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523982675; cv=none; d=google.com; s=arc-20160816; b=kYKqsfZIG7X07UsFDCMXG8/I+9K/MC9T6xdn3l/Rq8EYQZSI8qlGQ632kSXA7GWxQ2 9NAuR+x4Mbl6AD/yRjyHbmB/n2TEK7W4EOWm5nnzFSnf/f8/csL2Ryw1Loh1om3QAUJN Moi9mM+80TbjuoVJTCZ1R47RBZcUEf24E2gHeBISvFjsaKIaq6BW6aLYgGU4vHRJwpdy cJwRjnsCp07g7H/cNZWHrUpN2jIYuWr2U8Fgt8PH831NtQ/kjb0jJD5WBrZsO5H2IZGf NApswkQqkWutAinZuYg33mW5D4xqj3DxTUSgXz+5BGphkwRTIEiejnDH+DBzprHFa6++ 4o4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=+lc3JmUshJtuKA0C7UXkkY4uFQ8Xnn7R5h4wsYiVbV8=; b=A15qTan7vfq897GdeJzU+L7PPUk4VPUDGoMCcdFrWHEdi4UD/U2gEKKJf1cZJVz5g5 iTQPSz9LnxVMI8e2+sJ1vmHdznTnMnvVfL2WA/hKlkUBDJtsCbSqNwnv9zRGMX70tR5q SY9MdVWO1B31U1Uq97/9RExCdTqmy7J5qk9Eo1o/zkU5liIIDdjINg8p1b/d1ZwsbM1b GTE6tIOAtidI+fs0/Rkb176Tehff8msG0CZl4j4OrCHafTUi+2InDsAU1MhB37aDSb32 aToCpaEBnvajXrzE5KeW+uqcOpajdLwrZcDOf0C0TSXj71pdo9MyDOHcJCKAV6FrWe2f pzHg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o128si12431191pfg.5.2018.04.17.09.31.01; Tue, 17 Apr 2018 09:31:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754478AbeDQQ3Y (ORCPT + 99 others); Tue, 17 Apr 2018 12:29:24 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:35488 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755428AbeDQQIZ (ORCPT ); Tue, 17 Apr 2018 12:08:25 -0400 Received: from localhost (unknown [46.44.180.42]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id CCA1AE66; Tue, 17 Apr 2018 16:08:24 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Robin Murphy , Will Deacon , Catalin Marinas , Greg Hackmann , Mark Rutland Subject: [PATCH 4.9 17/66] arm64: uaccess: Dont bother eliding access_ok checks in __{get, put}_user Date: Tue, 17 Apr 2018 17:58:50 +0200 Message-Id: <20180417155646.597245647@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180417155645.868055442@linuxfoundation.org> References: <20180417155645.868055442@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mark Rutland From: Will Deacon commit 84624087dd7e3b482b7b11c170ebc1f329b3a218 upstream. access_ok isn't an expensive operation once the addr_limit for the current thread has been loaded into the cache. Given that the initial access_ok check preceding a sequence of __{get,put}_user operations will take the brunt of the miss, we can make the __* variants identical to the full-fat versions, which brings with it the benefits of address masking. The likely cost in these sequences will be from toggling PAN/UAO, which we can address later by implementing the *_unsafe versions. Reviewed-by: Robin Murphy Signed-off-by: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Mark Rutland [v4.9 backport] Tested-by: Greg Hackmann Signed-off-by: Greg Kroah-Hartman --- arch/arm64/include/asm/uaccess.h | 62 ++++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 26 deletions(-) --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -209,30 +209,35 @@ do { \ CONFIG_ARM64_PAN)); \ } while (0) -#define __get_user(x, ptr) \ +#define __get_user_check(x, ptr, err) \ ({ \ - int __gu_err = 0; \ - __get_user_err((x), (ptr), __gu_err); \ - __gu_err; \ + __typeof__(*(ptr)) __user *__p = (ptr); \ + might_fault(); \ + if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \ + __p = uaccess_mask_ptr(__p); \ + __get_user_err((x), __p, (err)); \ + } else { \ + (x) = 0; (err) = -EFAULT; \ + } \ }) #define __get_user_error(x, ptr, err) \ ({ \ - __get_user_err((x), (ptr), (err)); \ + __get_user_check((x), (ptr), (err)); \ (void)0; \ }) -#define __get_user_unaligned __get_user - -#define get_user(x, ptr) \ +#define __get_user(x, ptr) \ ({ \ - __typeof__(*(ptr)) __user *__p = (ptr); \ - might_fault(); \ - access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \ - __p = uaccess_mask_ptr(__p), __get_user((x), __p) : \ - ((x) = 0, -EFAULT); \ + int __gu_err = 0; \ + __get_user_check((x), (ptr), __gu_err); \ + __gu_err; \ }) +#define __get_user_unaligned __get_user + +#define get_user __get_user + #define __put_user_asm(instr, alt_instr, reg, x, addr, err, feature) \ asm volatile( \ "1:"ALTERNATIVE(instr " " reg "1, [%2]\n", \ @@ -277,30 +282,35 @@ do { \ CONFIG_ARM64_PAN)); \ } while (0) -#define __put_user(x, ptr) \ +#define __put_user_check(x, ptr, err) \ ({ \ - int __pu_err = 0; \ - __put_user_err((x), (ptr), __pu_err); \ - __pu_err; \ + __typeof__(*(ptr)) __user *__p = (ptr); \ + might_fault(); \ + if (access_ok(VERIFY_WRITE, __p, sizeof(*__p))) { \ + __p = uaccess_mask_ptr(__p); \ + __put_user_err((x), __p, (err)); \ + } else { \ + (err) = -EFAULT; \ + } \ }) #define __put_user_error(x, ptr, err) \ ({ \ - __put_user_err((x), (ptr), (err)); \ + __put_user_check((x), (ptr), (err)); \ (void)0; \ }) -#define __put_user_unaligned __put_user - -#define put_user(x, ptr) \ +#define __put_user(x, ptr) \ ({ \ - __typeof__(*(ptr)) __user *__p = (ptr); \ - might_fault(); \ - access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \ - __p = uaccess_mask_ptr(__p), __put_user((x), __p) : \ - -EFAULT; \ + int __pu_err = 0; \ + __put_user_check((x), (ptr), __pu_err); \ + __pu_err; \ }) +#define __put_user_unaligned __put_user + +#define put_user __put_user + extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n); extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n); extern unsigned long __must_check __copy_in_user(void __user *to, const void __user *from, unsigned long n);