Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp3778885ybp; Sun, 6 Oct 2019 20:13:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqx7XIgMvgesM+Z4176K4QJ4Lhzgu+FcbpMYrfSz7eTpbPKCh3AwhxXqBBXvnkLUVnWw/UZE X-Received: by 2002:a17:907:2126:: with SMTP id qo6mr22344124ejb.256.1570418013144; Sun, 06 Oct 2019 20:13:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570418013; cv=none; d=google.com; s=arc-20160816; b=D8j0H3MilWPxIEL8zQRADDJ0n2ztamCXtj6lyqQtUTU8VunaC6fBwffaV+C0qYoL17 7KxaMl/gc2sp+y9iavkT4q2jbsMhI0guSWrxW9GKWM4IgZKSyTidEZyjQqqNnkAs0IrF Ulj+djgMo5/vjYpxx+3u6thrsjmEzQVPEVGMX3rGc+57kXAGvdYRu8r+60flJG/+FY9+ ORz+wD4G6fwcGPLcur1/ziuPiwIjHfhb0j5PjdKg+ffA8351W4xVKfW+MFAkk0CVXVvb 0Gen1DhAPRvSNVX1PnQhTPiJpS2WKL5GvnwzfPbPqsYxk2lvBZfxI9mBvy14pJ1BoQty VY9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=YDcKffdvuqawza0UsRIeKoMOjxaGrHiLDaMxMP7R+Og=; b=pwR4HmqZ3xajTDm0pd7NvhOjCHPBIuqIjZztti6m6H8vMKZERNtNuFgyQETN3PSspq VMtKekioHBKtXm9VapoYRGt8Y+4F16+t8PrOKaqP9/F+FNIR8BOXLKdTMQdnXeBa2b+y IWbtLbCM2LfJmh4PNFaadhpaa9YgTdto7tG9ZNeNdsqn7PBMK/GMTEKtgLMG9jnr5XlU YtxpklKfJFQDLZx2NJcffKP4rnQhSL+4eBWUqYcZ09d2xWGbx34aQEjRAd7dZt5tiNtR n568YTze3MuSXINCWyftQyKYavT2RCEC07yJ+sHgJIOfVrb8CUSwyUPlKcDPCY7lfkzt xraQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=TzkUcPe3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g25si5268424ejr.409.2019.10.06.20.12.56; Sun, 06 Oct 2019 20:13:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=TzkUcPe3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726960AbfJGDMD (ORCPT + 99 others); Sun, 6 Oct 2019 23:12:03 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:45334 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726797AbfJGDMC (ORCPT ); Sun, 6 Oct 2019 23:12:02 -0400 Received: by mail-lj1-f195.google.com with SMTP id q64so11945307ljb.12 for ; Sun, 06 Oct 2019 20:12:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YDcKffdvuqawza0UsRIeKoMOjxaGrHiLDaMxMP7R+Og=; b=TzkUcPe3jgWRh63W6pegVfsKQkTjDOVY+VCfmpEGgY5jThNrnZLxkzh36wG3e9K0PT UVSwX/FKj0M3kXvbCaiJ0Era2CeA3A+JZE6Tnc3rENEv3b79wlor4kWQoydgdwj/K0Wp DhxQAvxugbDUkuztHE62XrzM6B3I9zvnIS6Gk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YDcKffdvuqawza0UsRIeKoMOjxaGrHiLDaMxMP7R+Og=; b=b1PDEWUAKsNuILafFu4WGdHz9ew0789/Id39dV9C6826FDcU1GQQGy8nlq03ZoXsiW bfBapq4GSs1iiMHTu96c/etZT8v9lmFdwUAH510eQVXWnUKfBN3HKdS6oRL82BmXP2Jc vZYFvStQrDsBnHd0hS1d/QA5o3bivEvlxPr7l9HTjmtzhF34fA9LRsqnhjKl22okdIQY zH45Y1Aw5XPQqscMVP4/a3nStsQ7eASVPmbDV7NzwlghlFYOGWIDfgUEENaf3suEuTsm pcN9HreWo1Hy79A3Hud7+yZyRAYddcVUdCG2iXFh5xkxloRCrqX9ZePGJaJHPTTycfy6 VR4w== X-Gm-Message-State: APjAAAV8kzo12m4swEVgASHuflsyKl/s/RnjFT3wGy57EI2c3FKrz6F8 MOhPjA7HWdRTy4QN3Ilfd1vaOWx680w= X-Received: by 2002:a2e:252:: with SMTP id 79mr16396965ljc.188.1570417920124; Sun, 06 Oct 2019 20:12:00 -0700 (PDT) Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com. [209.85.208.172]) by smtp.gmail.com with ESMTPSA id l7sm2806448lji.46.2019.10.06.20.11.58 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 06 Oct 2019 20:11:59 -0700 (PDT) Received: by mail-lj1-f172.google.com with SMTP id f5so11954333ljg.8 for ; Sun, 06 Oct 2019 20:11:58 -0700 (PDT) X-Received: by 2002:a2e:86d5:: with SMTP id n21mr16761156ljj.1.1570417918300; Sun, 06 Oct 2019 20:11:58 -0700 (PDT) MIME-Version: 1.0 References: <20191006222046.GA18027@roeck-us.net> <5f06c138-d59a-d811-c886-9e73ce51924c@roeck-us.net> <20191007012437.GK26530@ZenIV.linux.org.uk> <20191007025046.GL26530@ZenIV.linux.org.uk> In-Reply-To: <20191007025046.GL26530@ZenIV.linux.org.uk> From: Linus Torvalds Date: Sun, 6 Oct 2019 20:11:42 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() To: Al Viro Cc: Guenter Roeck , Linux Kernel Mailing List , linux-fsdevel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 6, 2019 at 7:50 PM Al Viro wrote: > > Out of those, only __copy_to_user_inatomic(), __copy_to_user(), > _copy_to_user() and iov_iter.c:copyout() can be called on > any architecture. > > The last two should just do user_access_begin()/user_access_end() > instead of access_ok(). __copy_to_user_inatomic() has very few callers as well: Yeah, good points. It looks like it would be better to just change over semantics entirely to the unsafe_copy_user() model. > So few, in fact, that I wonder if we want to keep it at all; the only > thing stopping me from "let's remove it" is that I don't understand > the i915 side of things. Where does it do an equivalent of access_ok()? Honestly, if you have to ask, I think the answer is: just add one. Every single time we've had people who optimized things to try to avoid the access_ok(), they just caused bugs and problems. In this case, I think it's done a few callers up in i915_gem_pread_ioctl(): if (!access_ok(u64_to_user_ptr(args->data_ptr), args->size)) return -EFAULT; but honestly, trying to optimize away another "access_ok()" is just not worth it. I'd rather have an extra one than miss one. > And mm/maccess.c one is __probe_kernel_write(), so presumably we don't > want stac/clac there at all... Yup. > So do we want to bother with separation between raw_copy_to_user() and > unsafe_copy_to_user()? After all, __copy_to_user() also has only few > callers, most of them in arch/* No, you're right. Just switch over. > I'll take a look into that tomorrow - half-asleep right now... Thanks. No huge hurry. Linus