Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp116179img;
        Mon, 25 Feb 2019 19:03:03 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ibwr55ckcU9eqUHuj5FAJP6HFy/l5QaL3Ed2YuPB5TlrdhGhMZQbndM2c2pSIKeK73DViNa
X-Received: by 2002:a17:902:31c3:: with SMTP id x61mr23460212plb.113.1551150183499;
        Mon, 25 Feb 2019 19:03:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1551150183; cv=none;
        d=google.com; s=arc-20160816;
        b=sFlO4OexEBezgsx2DOdlq4TJ/Tu4fHbpq+tjK9IgL/lh4tyh8/0n6I9Erga/1Ahmb1
         k50AIQ//PbTSWHemUFfv/9J6oaWpgg3n+jWSq1DzmJ8Z2DCW0Io0OXh7qPoczkokiJiH
         6mh01Au+PmOmzkjIzgU7xNSqLF9ypDOUAR8Xw5gBFCfCp5wjm3J6uitj17wdeAPwbMqb
         t6M9XxQYqtiIdgFUWhKbJES2SxRmUIXwfyo+X3zIP0H3SEY1kJZ39VVSSzNTa3RzOhmm
         wPHl0EMwts9eLCPAlmwnbOZRP1sLxxXfvLB3F5HUlrTQpx9lDzKfOiCNH3hnKNgoXFMv
         9o6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=n32C7RllPe1fpsKLASFNc1TKdKtKT4gg6zSx10Koi3A=;
        b=nUllvwgjDGccMM0MIZjkCM5vD6oGmGI9J5IkxITjW8ZBIGyOtFi4vXx/Q/eTPBUXBx
         zGEq8dOG2yvtnUHvMt4c1mnIMDeEtOOnZTehCMi9J+r2zGaJk873U5soEFV+WniWBmDQ
         W2zKdItGp3fcDsCxfGi3oNdqbFUqmgp01O7C3F2YMTxb4XyBGOfM0MACTB1DfljcZLbx
         grkxgAqUwQ3aCE8BkPJIG6gEPhQ36hLd0KOWPSpbvFPtlhFEJyB9p6Whsu3i/MrajpQk
         B3Vrdz8/rMycpDLN9ML+CeC7RWt+k5Sdd6gsAJ8GD463JcvJHt78P1lB52hD/BtWCbw2
         qxsQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=AKIKGvdb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l15si11367387pfb.146.2019.02.25.19.02.35;
        Mon, 25 Feb 2019 19:03:03 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=AKIKGvdb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726185AbfBZDCF (ORCPT <rfc822;hackukernel@gmail.com>
        + 99 others); Mon, 25 Feb 2019 22:02:05 -0500
Received: from mail.kernel.org ([198.145.29.99]:59986 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725954AbfBZDCF (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Feb 2019 22:02:05 -0500
Received: from devnote (NE2965lan1.rev.em-net.ne.jp [210.141.244.193])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id AB67A21841;
        Tue, 26 Feb 2019 03:02:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1551150123;
        bh=QUGnFHsjQAYPEf/fWHg1f2Aj3+j0RMlKMEM5z0dakWI=;
        h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
        b=AKIKGvdb3r1iPXlVlpcCDVHPlNxSkWYKGQiCcP9s65MXozW1XCbbDyCmo4B9Vu6PQ
         KYnFJgllpDUcVFsEBtH3x/4Scr1iTExsqoU3x0WOA+Lb2+5huurcEaCblUFoYenolJ
         gjiwNkOVR5mVWOAJd4MtZ/wL+W3LM8aAxWSt++C4=
Date:   Tue, 26 Feb 2019 12:01:59 +0900
From:   Masami Hiramatsu <mhiramat@kernel.org>
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     Steven Rostedt <rostedt@goodmis.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        linux-kernel@vger.kernel.org,
        Andy Lutomirski <luto@amacapital.net>,
        Ingo Molnar <mingo@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Changbin Du <changbin.du@gmail.com>,
        Jann Horn <jannh@google.com>,
        Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@kernel.org>,
        Alexei Starovoitov <alexei.starovoitov@gmail.com>,
        Nadav Amit <namit@vmware.com>
Subject: Re: [RFC PATCH 2/4] uaccess: Add non-pagefault user-space read
 functions
Message-Id: <20190226120159.c346704961ff22d344f45e96@kernel.org>
In-Reply-To: <20190225150603.GE32494@hirez.programming.kicks-ass.net>
References: <155110348217.21156.3874419272673328527.stgit@devbox>
        <155110354092.21156.13871336589042178985.stgit@devbox>
        <20190225150603.GE32494@hirez.programming.kicks-ass.net>
X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Peter,

On Mon, 25 Feb 2019 16:06:03 +0100
Peter Zijlstra <peterz@infradead.org> wrote:

> On Mon, Feb 25, 2019 at 11:05:41PM +0900, Masami Hiramatsu wrote:
> 
> > +static __always_inline long __strncpy_from_unsafe_user(char *dst,
> > +			 const char __user *unsafe_addr, long count)
> > +{
> > +	if (!access_ok(unsafe_addr, count))
> > +		return -EFAULT;
> > +
> > +	return strncpy_from_unsafe_common(dst, unsafe_addr, count);
> > +}
> 
> Would something like so work for people?
> 
> ---
>  arch/x86/include/asm/uaccess.h |  8 +++++++-
>  include/linux/uaccess.h        | 18 ++++++++++++++++++
>  2 files changed, 25 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
> index 780f2b42c8ef..3125d129d3b6 100644
> --- a/arch/x86/include/asm/uaccess.h
> +++ b/arch/x86/include/asm/uaccess.h
> @@ -92,12 +92,18 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
>   * checks that the pointer is in the user space range - after calling
>   * this function, memory access functions may still return -EFAULT.
>   */
> -#define access_ok(addr, size)					\
> +#define access_ok(addr, size)						\
>  ({									\
>  	WARN_ON_IN_IRQ();						\
>  	likely(!__range_not_ok(addr, size, user_addr_max()));		\
>  })
>  
> +#define user_access_ok(addr, size)					\
> +({									\
> +	WARN_ON_ONCE(!segment_eq(get_fs(), USER_DS));			\
> +	likely(!__range_not_ok(addr, size, user_addr_max()));		\
> +})
> +
>  /*
>   * These are the main single-value transfer routines.  They automatically
>   * use the right size if we just have the right pointer type.
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 37b226e8df13..088f2ae09e14 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -10,6 +10,24 @@
>  
>  #include <asm/uaccess.h>
>  
> +/**
> + * user_access_ok: Checks if a user space pointer is valid
> + * @addr: User space pointer to start of block to check
> + * @size: Size of block to check
> + *
> + * Context: User context or explicit set_fs(USER_DS).
> + *
> + * This function is very much like access_ok(), except it (may) have different
> + * context validation. In general we must be very careful when using this.
> + */
> +#ifndef user_access_ok
> +#define user_access_ok(addr, size)					\
> +({									\
> +	WARN_ON_ONCE(!segment_eq(get_fs(), USER_DS));			\
> +	access_ok(addr, size);						\
> +})
> +#endif
> +
>  /*
>   * Architectures should provide two primitives (raw_copy_{to,from}_user())
>   * and get rid of their private instances of copy_{to,from}_user() and

Yeah, looks good to me. 

Thank you,


-- 
Masami Hiramatsu <mhiramat@kernel.org>