Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp4678415imc;
        Mon, 25 Feb 2019 09:02:09 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ibcct/Cu0UgMqE36LOjtuLoute1T0ObixPb70Jup2fa5+8vHN0O5FE1oEZz3BeZ+GQqK6g3
X-Received: by 2002:a17:902:e01:: with SMTP id 1mr4438143plw.66.1551114128985;
        Mon, 25 Feb 2019 09:02:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551114128; cv=none;
        d=google.com; s=arc-20160816;
        b=uG9s12gMGlA7RHWgqRO4e/lITVSjNHbP96zkWIV+lOIVEaqW5rUpMkcsOmzQ1l9gKQ
         HmNjWnW7onkUtbxE2HU9b2k6pu1Mh4zTp4dW0DGwNE+ovpm0bZVMjqhSpsSE28S8DqQI
         BN6TWxaPYyH5x77iOiqZu2y3iTQc7oRImH/4bjtiMfCCnfk9jDPIkDwMfgixdf+bE2XZ
         aKxsR/aaRmAlAwmCEqBaThtSEmIJhGWanOYW5ddMhMQVQA2osXC8vBnGYpW3cXJZymCO
         GBLL/E/+iv3hFRO1heieWxIZSGeNPLmfBR2xgUYqHflXFVLL0ZlCGDBAwfaTJalj76JI
         JouQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=fw37tU+LNZHOvKdIAztuIbfp+4xwi2klt2Zgxp9NXUw=;
        b=xC7rTzz0sjyIRe1ZpthlfJ6WV5RTrtWObP8iAeTCgu6/IR3c3lobho01opDss8yFeq
         fxrEv75Lqgj8rqN1b+RloVW8si1YNSfVUoQVzrPG+NIeov+fK815oQCUFwKluFZfKoJD
         QXo/c89gx92Rcbg31pQ9qh8B8QeUrek5mjMUvyNU89/9ED82Wz8x281Om+lLEjV/X/AQ
         J46+tDa2iWkQgFRSvnD9Mn44uuzPUKjdF51QGRy9A37rb7gswVR06j3qyPvmyv8BJEDb
         WI3SqvsHAoIzkk+fSse2KoIg0hB66ANcsgbMFcSF7NRJgdUFWxQ/WzMhkZNbVu7z41n2
         ifCQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=fkCgTRCI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o2si9293633pgv.521.2019.02.25.09.01.52;
        Mon, 25 Feb 2019 09:02:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=fkCgTRCI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728475AbfBYRBU (ORCPT <rfc822;mailist1go@gmail.com>
        + 99 others); Mon, 25 Feb 2019 12:01:20 -0500
Received: from mail-lj1-f196.google.com ([209.85.208.196]:37313 "EHLO
        mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728028AbfBYRBT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Feb 2019 12:01:19 -0500
Received: by mail-lj1-f196.google.com with SMTP id a17so8058243ljd.4
        for <linux-kernel@vger.kernel.org>; Mon, 25 Feb 2019 09:01:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=fw37tU+LNZHOvKdIAztuIbfp+4xwi2klt2Zgxp9NXUw=;
        b=fkCgTRCIhak0c2EnwXj1zVVxvk9Jx5hwBS3CNf8U0KYdZgADoO6WmdKZkk459DdgNG
         b6DB4RbZtYQSh3IXUHTxHAB8iKDYHdJI4wrZ3KO2mCP7Mpoaf/S0isE1bUIhN9xbXpVE
         M38JO1CMwBJR81raAcfRbGeHjDHGSwuKIjWVc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=fw37tU+LNZHOvKdIAztuIbfp+4xwi2klt2Zgxp9NXUw=;
        b=kjYjm0ga4ASuS8/BxpG1FiahXHHA8oVFf9GwCbvAOOhttMnFbt5Og3o317FkRtLa8T
         RxxxFETwbz/BSKK8DykC6YtaSBkwN0CbK10fYNI+3D2PSddXjRtQFbB/tAPNS0yR6Mi6
         zbY3Q9U03votKTtfpUCrVBstL2mL6k9tCux7czSwvBUkd6wMFKSwkqCsnwILsTZa12hQ
         toW8+PaLE7wc4I0ewJNJqqR14Idnqz9RaJlHrWcyoJ8wo8gsMyA4yfak488C+SuAcB+b
         V6XAGpKb4oa8wcrNKHYZRlWexQIiKLFGaVs483SWBXwRjNp/8q2O1ldarZvN3V7q/tPf
         4OAQ==
X-Gm-Message-State: AHQUAuahaovYk2LZOx6R6jTAWnYHDKo6BqoamZ4VM5q4lXO1U56rMqYo
        pKa/RwU8X8r/gwQLn3fZ3jhTEjGIyyc=
X-Received: by 2002:a2e:4715:: with SMTP id u21mr10261414lja.156.1551114076146;
        Mon, 25 Feb 2019 09:01:16 -0800 (PST)
Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com. [209.85.208.180])
        by smtp.gmail.com with ESMTPSA id 13sm2631442lju.27.2019.02.25.09.01.14
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 25 Feb 2019 09:01:14 -0800 (PST)
Received: by mail-lj1-f180.google.com with SMTP id l5so8072475lje.1
        for <linux-kernel@vger.kernel.org>; Mon, 25 Feb 2019 09:01:14 -0800 (PST)
X-Received: by 2002:a2e:208a:: with SMTP id g10mr10539201lji.135.1551114073725;
 Mon, 25 Feb 2019 09:01:13 -0800 (PST)
MIME-Version: 1.0
References: <155110348217.21156.3874419272673328527.stgit@devbox>
 <155110354092.21156.13871336589042178985.stgit@devbox> <20190225150603.GE32494@hirez.programming.kicks-ass.net>
In-Reply-To: <20190225150603.GE32494@hirez.programming.kicks-ass.net>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Mon, 25 Feb 2019 09:00:57 -0800
X-Gmail-Original-Message-ID: <CAHk-=wgNctC6PoCH9HE3hWFGq+5qBt0nsh+STDguD=jV9ovcag@mail.gmail.com>
Message-ID: <CAHk-=wgNctC6PoCH9HE3hWFGq+5qBt0nsh+STDguD=jV9ovcag@mail.gmail.com>
Subject: Re: [RFC PATCH 2/4] uaccess: Add non-pagefault user-space read functions
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     Masami Hiramatsu <mhiramat@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Ingo Molnar <mingo@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Changbin Du <changbin.du@gmail.com>,
        Jann Horn <jannh@google.com>,
        Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@kernel.org>,
        Alexei Starovoitov <alexei.starovoitov@gmail.com>,
        Nadav Amit <namit@vmware.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Feb 25, 2019 at 7:06 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> Would something like so work for people?

Looks reasonable to me.

> Why not keep it simple:
>
>         mm_segment_t old_fs = get_fs();
>
>         set_fs(USER_DS);
>         ret = __strncpy...();
>         set_fs(old_fd);
>
>         return ret;

So none of this code looks sane. First odd, there's no real reason to
use __get_user(). The thing should never be used. It does the whole
stac/clac for every byte.

In the copy_from_user() case, I suggested re-doing it as one common
routine without the set_fs() dance for the "already there" case to
simplify error handling. Here it doesn't do that.

But honestly, I think for the strncpy case, we could just do

  long strncpy_from_unsafe_user(char *dst, const void __user *src, long count)
  {
      long ret;
      mm_segment_t old_fs = get_fs();

      set_fs(USER_DS);
      pagefault_disable();
      ret = strncpy_from_user(dst, src, count);
      pagefault_enable();
      set_fs(old_fs);
      return ret;
  }

and be done with it. Efficient and simple.

Note: the above will *only* work for actual user addresses, because
strncpy_from_user() does that proper range check.

                  Linus