Received: by 2002:ac0:b08d:0:0:0:0:0 with SMTP id l13csp4750974imc; Mon, 25 Feb 2019 10:17:39 -0800 (PST) X-Google-Smtp-Source: AHgI3IZ7Rjo81qvqwQpFV34R2rmYA63HHiMDtU09Q3VZ3nb5P7wCe4orDUMpy+Q2uT5hUUgjkUAa X-Received: by 2002:a63:1060:: with SMTP id 32mr16074029pgq.126.1551118659706; Mon, 25 Feb 2019 10:17:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551118659; cv=none; d=google.com; s=arc-20160816; b=Tqjd5uj0iWuyN5oKMvPJsjUzJuJ9wRMzlpbiIc2oeZiT+ULoUrSOhwOhX7M9lDvdQU bcX3ON5LuAPiVgWFJzWpAxD73EaGXyNUHDewrSM/sOONz25iqj57dx0T2zLd5WM/C4PT 61O/4BUEON8pD304+WOSJyKjzmDRqAE5oZ4kFrBZ3DdWNj8TNwycMcxvWtTgcV4dToRs apYJzM0ybChJ6/WYave7ZvszQt7VR2sMF99H/+mioPdolq5p/FCt3fsxv21vZupsS/qZ v8PQRSf67GxJ7TjKCquAUrFc7BB3HDwv+crjRMPHcOUmDAh0UxBHMpfHGH+ZZqJ8H7SC ALCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=WulbX6+7r2fXhbcXQM5CkgIFVwaw2y9guZ9UVHRNNJA=; b=iqU41fo+G4PfxbqmYAQVO1XGqFusObYwpUf8xCzE3OlqvJUrqmVdjoWVcP0wyDgCV2 OgvVlxMkS8DSiiYrK0j8j2Y0IY/mnb8JTIjJUVge6SuruLIPKJ+NMnK+FgTT+fTqDnvn avNOiA9A2/8FwumqYlGgrTDr95myrhGutlK3gMJWc0G+lzF7QVWN+Q4cKhBYrC7B/yYF QlV2HiYod/q+enI0YnZTw6vAASt4JCUThrfG762rlCcwRNONTpure6p4WC+GIWqA9v2V l0GMI1I5wWR/3nn+T0YTW1lKe+8i+ML8keSA3sa4ys4Iq7ELpl3K0j8vooceGh02o/+l Rhqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="NYj5I/Hc"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r75si11886659pfc.136.2019.02.25.10.17.24; Mon, 25 Feb 2019 10:17:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="NYj5I/Hc"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728845AbfBYSQf (ORCPT + 99 others); Mon, 25 Feb 2019 13:16:35 -0500 Received: from mail.kernel.org ([198.145.29.99]:35120 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725936AbfBYSQf (ORCPT ); Mon, 25 Feb 2019 13:16:35 -0500 Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 48A05217F4 for ; Mon, 25 Feb 2019 18:16:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1551118594; bh=sUmXborKR9L/2IbHxrvDCJBIawuflLI0cGtgvZ4I56o=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=NYj5I/HcIRRXJXCQAkIxxj+MxyB7+JIRR1E9kDbmwonUvZ9axqLd2UsXmyAf2Wy3Y V9ryOvsp8tYUXRIB0tdYlcr7KE5QL0dSPLGOPNImNumA1gizhiDR+jGTHjDrF1cEmX oyzjGiinvtcoxo2HArGFJ9tv5NRzwFe/zLYonwHg= Received: by mail-wm1-f44.google.com with SMTP id v26so125702wmh.3 for ; Mon, 25 Feb 2019 10:16:34 -0800 (PST) X-Gm-Message-State: AHQUAubHQVR4Ek6qyUYt3Bxooc+hccgOZrZVz7MauHt+bYKbsSExwzj/ 0V7ebwjvg4EpXo9UCH2TlQUZm4UyB5WJ+Mf8zjHEhA== X-Received: by 2002:a7b:c84b:: with SMTP id c11mr79655wml.108.1551118592647; Mon, 25 Feb 2019 10:16:32 -0800 (PST) MIME-Version: 1.0 References: <155110348217.21156.3874419272673328527.stgit@devbox> <155110354092.21156.13871336589042178985.stgit@devbox> <20190225150603.GE32494@hirez.programming.kicks-ass.net> In-Reply-To: From: Andy Lutomirski Date: Mon, 25 Feb 2019 10:16:20 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 2/4] uaccess: Add non-pagefault user-space read functions To: Linus Torvalds Cc: Peter Zijlstra , Masami Hiramatsu , Steven Rostedt , Linux List Kernel Mailing , Ingo Molnar , Andrew Morton , Changbin Du , Jann Horn , Kees Cook , Andy Lutomirski , Alexei Starovoitov , Nadav Amit Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 25, 2019 at 9:01 AM Linus Torvalds wrote: > > On Mon, Feb 25, 2019 at 7:06 AM Peter Zijlstra wrote: > > > > Would something like so work for people? > > Looks reasonable to me. > > > Why not keep it simple: > > > > mm_segment_t old_fs = get_fs(); > > > > set_fs(USER_DS); > > ret = __strncpy...(); > > set_fs(old_fd); > > > > return ret; > > So none of this code looks sane. First odd, there's no real reason to > use __get_user(). The thing should never be used. It does the whole > stac/clac for every byte. > > In the copy_from_user() case, I suggested re-doing it as one common > routine without the set_fs() dance for the "already there" case to > simplify error handling. Here it doesn't do that. > > But honestly, I think for the strncpy case, we could just do > > long strncpy_from_unsafe_user(char *dst, const void __user *src, long count) > { > long ret; > mm_segment_t old_fs = get_fs(); > > set_fs(USER_DS); > pagefault_disable(); > ret = strncpy_from_user(dst, src, count); > pagefault_enable(); > set_fs(old_fs); > return ret; > } > > and be done with it. Efficient and simple. > > Note: the above will *only* work for actual user addresses, because > strncpy_from_user() does that proper range check. > Can we also stick the nmi_uaccess_okay() thing in here and kill an extra bird with the same stone? Basically, this is "I have no idea what context I'm in, but I want to try to read a string from current's address space, so do your best." In which case, we need to handle the fact that we might be in KERNEL_DS *and* we need to handle the fact that CR3 might be wrong.