Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp32970imm; Mon, 4 Jun 2018 12:29:27 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJvW6J7wS1AbwYyPLpny/5jb4jmVb1YfPfpz00oP9qo7A8g8qf2KEZaxTqe4NFevjugI2Lp X-Received: by 2002:a17:902:1e4:: with SMTP id b91-v6mr23136198plb.155.1528140567466; Mon, 04 Jun 2018 12:29:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528140567; cv=none; d=google.com; s=arc-20160816; b=AfakgjmEH+SlMnm/18456wkIIXrpdWkYXTxtjBzAgUB2Cypx0IHktR+CrpQDHlaxfK TQAHbuOX0K6q1kGwey3yF0fEOFjN8nd9DwDBdQgbxYjRauPRUFRs7/FkOtPvYKkD01/V 47jAuk5krZcsAIxU1vdQBwzw49X5XhI80euhrfBpv6J2HVC83bqo6h7qxROFiCVAxFDS BvXXtLPXanHbUBopTky25obpluP7RWIj9fs9XKiQrvmRIS20rG/av3Dkuo7Dr6BPW0fs 4kn+sAsXWD2ssOR0Aaj4ITRd/HuJ9YlyZxDIQQz+D5rbGjb/X9CQNDT8MZ+rfqZxzMru TssA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=twmE4FK7z+eljsFNLxMdlg6oGd5GPjPg3YdtyelGuqs=; b=jze2pkZyS/JXB2OrxCAuPs5QUtHs3bZkp7aDhj1Z04kQBnhW2LukskbL5p2Oaw1TWc xbWX1B7yNM/CaUqczSMEDZQCwD3nBEnJ5uQGDURgU0sVLs/ahgNdRQQLrw4V8r0954TU uMflGyCdE8Pq8h4junio0p2rsygeOHf2+ENFdadQ+VlpPLXDpxjhZ0tEYTsUUsj95STC dFJE/TcTIdzmSs/LZYOy+mkKY1cYEAuismh/F9o5F7C37zTYxarnAL9azXViCj8gPy1F MOKKBUmcUqvUKO0188ou34yPPE9t9rIaE59ajyBrJf+qJBBMRpF1u//jPWfSidJDL/vE lakw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@wdc.com header.s=dkim.wdc.com header.b=Bo8y7syz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3-v6si45562527plp.594.2018.06.04.12.29.12; Mon, 04 Jun 2018 12:29:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@wdc.com header.s=dkim.wdc.com header.b=Bo8y7syz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751307AbeFDT2t (ORCPT + 99 others); Mon, 4 Jun 2018 15:28:49 -0400 Received: from esa2.hgst.iphmx.com ([68.232.143.124]:52938 "EHLO esa2.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751201AbeFDT2s (ORCPT ); Mon, 4 Jun 2018 15:28:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1528141119; x=1559677119; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=fENGlfdci5EdDbnPdVXUyRbBTcQupzlsN09AQlmt3UI=; b=Bo8y7syz5C0or8J581QJXNsfRhDiY8Bg6/97mUPRudps7TdI1K6jv//D CGjpiytz18QiYZcOuADgkkY8gzTH61NdCgqB0kclgKnHSuf4TmHoChUmn /R5L4+3pDefhuB/GkX4jRVRFCFCbGbNZRCi7CcIm7EvJx33R8i8sZq75w pLGqa/7osW0wQbUochBAXaQ4obBhMF/JFqXvRgKi0IxzhWzINo0D2tXgG LEsRAELpQUXovyq8PxRPUIggP34tQ4IDmBJeXSBEchqqxVXdg8WCcOABy kTg/y6QepdQxgkuKscV0vtGVfR+4vZ5z7TCisDclZVciuPD5F4Y/aE6i/ g==; X-IronPort-AV: E=Sophos;i="5.49,476,1520870400"; d="scan'208";a="176491398" Received: from h199-255-45-15.hgst.com (HELO uls-op-cesaep02.wdc.com) ([199.255.45.15]) by ob1.hgst.iphmx.com with ESMTP; 05 Jun 2018 03:38:39 +0800 Received: from uls-op-cesaip01.wdc.com ([10.248.3.36]) by uls-op-cesaep02.wdc.com with ESMTP; 04 Jun 2018 12:18:51 -0700 Received: from c02v91rdhtd5.sdcorp.global.sandisk.com (HELO [10.196.157.210]) ([10.196.157.210]) by uls-op-cesaip01.wdc.com with ESMTP; 04 Jun 2018 12:28:48 -0700 Subject: Re: [PATCH 3/3] riscv: fix __user annotation for __copy_user() To: Luc Van Oostenryck Cc: Palmer Dabbelt , "linux-riscv@lists.infradead.org" , "linux-kernel@vger.kernel.org" , Albert Ou References: <20180601152123.47256-1-luc.vanoostenryck@gmail.com> <20180601152123.47256-4-luc.vanoostenryck@gmail.com> <235fec3e-be2e-874a-8313-e7390fcdca74@wdc.com> <20180604190927.7jrdlulgowt5umce@ltop.local> From: Atish Patra Message-ID: <6a0ab99d-6e4d-eb80-bc4d-854d154ae827@wdc.com> Date: Mon, 4 Jun 2018 12:28:47 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180604190927.7jrdlulgowt5umce@ltop.local> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/4/18 12:09 PM, Luc Van Oostenryck wrote: > On Mon, Jun 04, 2018 at 11:46:50AM -0700, Atish Patra wrote: >> On 6/1/18 8:22 AM, Luc Van Oostenryck wrote: >>> __copy_user() is a function, written in assembly, used to copy >>> memory between kernel & user space. As such its to & from args >>> may both take a user pointer or a kernel pointer. >>> >>> However the prototype for this function declare these two args >>> as 'void __user *', which is no more & no less correct than >>> declaring them as 'void *'. In fact theer is no possible correct >> >> /s/theer/there >> >>> annotation for such a function. >>> >>> The problem is worked around here by declaring these args as >>> unsigned long and casting them to the right type in each of >>> two callers raw_copy_{to,from}_user() as some kind of cast would >>> be needed anyway. >>> >>> Note: another solution, maybe cleaner but slightly more complex, >>> would be to declare two version of __copy_user, >>> either in the asm file or via an alias, each having already >>> the correct typing for raw_copy_{to,from}_user(). >>> >> >> I feel that would be a better solution as it is implemented similarly >> in ARM as well. >> >> I am unable to understand how "unsigned long" is better than "void*". >> x86 implementation has both arguments as void*. Can you please clarify ? > > "better" is quite relative and it must be understood that sparse > allow to cast pointers o fany kinds to and from unsigned long > without any warnings (while doing a cast between different address > space will emit a warning unless you use '__force'). > Got it. > As I tried to explain here above, the fact that this function is > declared as taking 2 __user pointers requires to use of casts > (ugly casts with __force) to get over the __user. By declaring > them as taking unsigned long, you still have to use casts but, IMO, > it's cleaner > Thanks for the detailed explanation. > Note: they're generic pointers/addresses anyway, they can't be > dereferenced anyway so unsigned is as good as a plain void* > or a void __user* > Note: using unsigned long here, fundamentally to bypass the __user, > is the same as casting a const pointer back to a plain pointer > via an intermediate cast to unsigned long. People can argue > that's kinda cheating, and they would be right of course, but > using __force or declaring twice the function with two different > names and prototype is also a form of cheating. > Note: if this would be my code, I would choose the solution with > two declarations. I prefer that as well. Regards, Atish > > > Best regards, > -- Luc >