Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp3991978imc; Sun, 24 Feb 2019 18:42:18 -0800 (PST) X-Google-Smtp-Source: AHgI3IamUe17edkSaYOLUuHwJt3TlWzsLjdqU7v+GXJe1lCWvDkrj0pKlMPJB0f9QlTiiHNnnr7V X-Received: by 2002:a62:2b88:: with SMTP id r130mr4493710pfr.93.1551062538157; Sun, 24 Feb 2019 18:42:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551062538; cv=none; d=google.com; s=arc-20160816; b=ujWEWctrvn3fVdDHsqOPlgA5q6/SczDh9cayBP2AsYhvBU03wNNysORVcSxOCdzlW4 Cd/4tn8WIq/9VyE+TOqHivZXga8QV8VyQlPUiHzfMVRUGtwvi0/H9R2fNCuRNJLb6NKh 3pNlO3NJeEg4omIzAPnyLz3ibTmMuSJJp4/kf095CXVd7deNmdNfAf68ZTlOHETGYx4y 4urdUT+xdM9KjTWOntHhbrbzcp1baFpW48I3qL+T+Sgdvh6NMXBaXWWQVH62JJo0zsYM IwQ/FrcUYPbgHdC+H756zq9NTxVW63SSRJ+7Cuw+ViAm8arNPArv7omymqUr78rlxnkd ByJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=6wL+h6TwRB3/LtPsBj7w5fc3sJ5OxspcCAfQxFkPvqs=; b=aigpvW9z3Ray9lAP3ux3LJh/D5VBJWiSktAe7wHpzU2y83Q484O6mVCA3g7qShH6xC RfxE/sYs4vaqSZnYkq1bHL5yL8Zc8+gZuYt94HxyKyyR2MD3RXw1f1AUXvoTjsnveIB7 CdY847PPK8YX0fM/iRUUaZRf8vCyWWeJkRq9dkkBbquyZfG1+rjEvePDmUyCAC67dvcA W+wuGdo7kdsqwPx64D7wpw0+OEK1YLCo8m6CiCST6sSF5lToD4VezMnlkgg/OxmT7GwF 2RceZYEbh2+XXN2vIxNIdFd+fRPJ15FUt1kfjEDHCUx7hDq1fC4u2IQsOyRJRdyXTJ3H 2IOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uBmjJADd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s18si8176501plr.186.2019.02.24.18.42.02; Sun, 24 Feb 2019 18:42:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uBmjJADd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728500AbfBYCka (ORCPT + 99 others); Sun, 24 Feb 2019 21:40:30 -0500 Received: from mail.kernel.org ([198.145.29.99]:49894 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726539AbfBYCka (ORCPT ); Sun, 24 Feb 2019 21:40:30 -0500 Received: from devnote (NE2965lan1.rev.em-net.ne.jp [210.141.244.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 56B7F2084D; Mon, 25 Feb 2019 02:40:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1551062429; bh=qoRAjveM0XTLRDPokfSxIhJeOuEBNISgXrzrF+KZeOE=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=uBmjJADdIvxUCQa/j3ZalKKjBzQqrUqEXPN0ASQGTJFHs1mPVB7yDCAAvQq8no0oj HFv3GnyMS3TvEVdPcUYb9XBlMBiEZL8HaZfgLcP6HMpVOT470ZYXC/vG3TP/YLa+4d /EmLanfKqUnjTYO+fvLJFSSD/poCNuVa3w2jsxlw= Date: Mon, 25 Feb 2019 11:40:25 +0900 From: Masami Hiramatsu To: Linus Torvalds Cc: Andy Lutomirski , Steven Rostedt , Linux List Kernel Mailing , Ingo Molnar , Andrew Morton , stable , Changbin Du , Jann Horn , Kees Cook , Peter Zijlstra Subject: Re: [PATCH 1/2 v2] kprobe: Do not use uaccess functions to access kernel memory that can fault Message-Id: <20190225114025.902c9031075e2f1fc55369a3@kernel.org> In-Reply-To: References: <20190215174712.372898450@goodmis.org> <20190215191949.04604191@gandalf.local.home> <20190219111802.1d6dbaa3@gandalf.local.home> <20190219140330.5dd9e876@gandalf.local.home> <20190220171019.5e81a4946b56982f324f7c45@kernel.org> <20190220094926.0ab575b3@gandalf.local.home> <20190222172745.2c7205d62003c0a858e33278@kernel.org> <20190222173509.88489b7c5d1bf0e2ec2382ee@kernel.org> <20190223124746.d021973004c7c892c3b3fde1@kernel.org> <20190223194421.725a03fd@oasis.local.home> <20190225001757.519f40cd088c05fdd00a9397@kernel.org> X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 24 Feb 2019 09:26:45 -0800 Linus Torvalds wrote: > On Sun, Feb 24, 2019 at 7:18 AM Masami Hiramatsu wrote: > > > > On Sat, 23 Feb 2019 20:38:03 -0800 > > Andy Lutomirski wrote: > > > > > > Can we just get rid of this might_sleep()? access_ok() doesn't sleep > > > as far as I know. > > > > Hmm, which might_sleep() would you pointed? What I talked was a > > WARN_ON_ONCE(!in_task()) in access_ok() on x86 (only!), and in_task() just > > checks preempt_count. > > So the in_task() check does kind of make sense. Using "access_ok()" > outside of task context is certainly an odd thing, for several > reasons. The main one being simply that outside of task context, the > whole "which task" question is open, and you don't know if the task is > the active one, and so it's not clear if whatever task you interrupt > might have done "set_fs()" or not. Ah I got it. Usual case access_ok() in IRQ handler is strange. > > So PeterZ isn't wrong: > > > I guess PeterZ assumed that access_ok() is used only with user space access > > APIs (e.g. copy_from_user) which can cause page-fault and locks mm (and might > > sleep :)), but now we are trying to use access_ok() with new functions which > > disables page-fault and just return -EFAULT. > > .. but in this case, if we do it all *within* code that saves and > restores the user access flag with get_fs/set_fs, access_ok() would be > ok and it doesn't have the above issue. > > So access_ok() in _general_ is absolutely not safe to do from > interrupts, but within the context of probing user memory from a > tracing event it just happens to be ok. Hmm, but user can specify user-memory access from the tracing event which is located in interrupt handler. So I understand that it is safe only if we correctly setup access flag with get_fs/set_fs, is that correct? > It would be lovely to have a special macro for this, and keep the > warning for the general case, but because this is a "every > architecture needs to build their own" it's probably too painful. Agreed. > > PeterZ, do you remember the particular use case that triggered that > commit 7c4788950ba5 ("x86/uaccess, sched/preempt: Verify access_ok() > context")? > > Linus Thank you, -- Masami Hiramatsu