Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4640562ybp; Mon, 7 Oct 2019 11:27:29 -0700 (PDT) X-Google-Smtp-Source: APXvYqyeORG/pXDZ8ejrg1pS61a0QFyNqQ853JBmdohy4Zl/kGfd5YVJUEwIbjL3AuSrnSjxwmKZ X-Received: by 2002:aa7:dcd7:: with SMTP id w23mr29645973edu.170.1570472848909; Mon, 07 Oct 2019 11:27:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570472848; cv=none; d=google.com; s=arc-20160816; b=rbig2fyy5AT/9zSCKUNLUJE/4kMUHCjeSAc0hW2AVb0APNFxkpAC3TWkziG4AVKQdC SJPZsDiYIwY5FnaU+gzntH4qX1HHRUZcXI483gTuUvgGj9X4Z9NA2iSvfPcVvChIxc2C qroOoSABdz/O93KMG4f7FgU3E7a4PCDvOQ0cR8vB0HlX4LnoivNkzYyEUhTi9Xmp8IFv dJvjs3tWApM7LNRx0n/PavLifR/csMRuEwgHFMxM48FTrW9I9UbvakPGqsG96dT06Rcy Wel4hLxyrQrbaHPwjIchkzYQHYwL1Gb8Km3S9rles2mZpuPnmmON541YzexGBg20peiy qtVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=J7Vyfz7UunT8KOMcxUj/KmQkAWydtzjl94OFb9852io=; b=iOQda2KLhDrErre1EWDnEIcG/m5f74Cqy0z2zkONERR1HnqZhLf9UU/IPSnWbBLrUI NyJ7VsT7jA8MVC8VK6sfDcb6m6AfbMo8Qf/TiYcHEC9Jyo1F1DUb4jAKiRbTAnd4CwuJ g/ljdHaBBclwT3uP3ucp1tONBH3wArHOTQ9ZdGmzD9hBiIW5H9SjGliJ7y3qZxX6WPb3 TQl5wssgcUorsm1nUFWTryyPeYtn+tVzJKx2e2Zg3t3ESX37X4qMUWOn6ty/FQYUGgzC p7T5loafgW1d7D7sIPtJwr1zM26xZQ8TEQUugknxW843fin0MrMtp7wIJNgcHUCdsQ/G 0J6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=ZUn2yZzw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id se14si7535140ejb.322.2019.10.07.11.27.02; Mon, 07 Oct 2019 11:27:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=ZUn2yZzw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728839AbfJGS0z (ORCPT + 99 others); Mon, 7 Oct 2019 14:26:55 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:40508 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728250AbfJGS0z (ORCPT ); Mon, 7 Oct 2019 14:26:55 -0400 Received: by mail-lf1-f65.google.com with SMTP id d17so9986978lfa.7 for ; Mon, 07 Oct 2019 11:26:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=J7Vyfz7UunT8KOMcxUj/KmQkAWydtzjl94OFb9852io=; b=ZUn2yZzwcywqCxfn/AooAu387VR/0wKoIuT2JKs4AdSOiBNTdCv38NkIJUhxDyBMvm CxtfD2syu3hHc4adBEBg4Ms4tb9HKuwIqUen1FqsmJsnDmMRUSO48rcpHdmThYY1FDYF 3ZvrBHe0Vp5A5d6MZRxEURRDKHOtBXvn6vAcA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=J7Vyfz7UunT8KOMcxUj/KmQkAWydtzjl94OFb9852io=; b=rY9Jaug+KTQFZ0bU+yCIUgpneWaxv0dbZ2ulxJpN2iog131sZ0sbB0ctrWXqJBEfxu wNGbgMEAjsTgnQfoUF3Qfx78QWqcqCVZvdqFPRFJBIxU6bPb4C55ia3vD31Mk/8oFXy3 RItZ4oZMBtl/Da5T2v5BjkKQZ/36xlJULYSUsaKh7XTJppmmfUyVH+Bf2gdd9y6ZZLkV OIRlMfw4YcQyZpoEGkXJTBHXLqqENIJ8+So50qQ1rwmdMSMX2hbn4dlGlM1KNCNyvhAl UJ2dcyfrKgzdOq+1gi6GayFkLKgxVsQ9Uy/9wfPFto6pHYUkSzWosxtE1T7TXykqW8kc 94fw== X-Gm-Message-State: APjAAAVZqOpnjbub7FoJXUwzNqNuFymhw2WQs9Vv5dI8R/PwAEmWuQuq 6kZMVYGBalw3zjbYL8hdS9DJyw9I1VM= X-Received: by 2002:a19:7b03:: with SMTP id w3mr11208685lfc.16.1570472812959; Mon, 07 Oct 2019 11:26:52 -0700 (PDT) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com. [209.85.167.49]) by smtp.gmail.com with ESMTPSA id c69sm3390543ljf.32.2019.10.07.11.26.52 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 07 Oct 2019 11:26:52 -0700 (PDT) Received: by mail-lf1-f49.google.com with SMTP id t8so9941387lfc.13 for ; Mon, 07 Oct 2019 11:26:52 -0700 (PDT) X-Received: by 2002:a19:741a:: with SMTP id v26mr17755031lfe.79.1570472811673; Mon, 07 Oct 2019 11:26:51 -0700 (PDT) MIME-Version: 1.0 References: <20191006222046.GA18027@roeck-us.net> <5f06c138-d59a-d811-c886-9e73ce51924c@roeck-us.net> <20191007012437.GK26530@ZenIV.linux.org.uk> <20191007025046.GL26530@ZenIV.linux.org.uk> In-Reply-To: From: Linus Torvalds Date: Mon, 7 Oct 2019 11:26:35 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() To: Al Viro Cc: Guenter Roeck , Linux Kernel Mailing List , linux-fsdevel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 6, 2019 at 8:11 PM Linus Torvalds wrote: > > > > > The last two should just do user_access_begin()/user_access_end() > > instead of access_ok(). __copy_to_user_inatomic() has very few callers as well: > > Yeah, good points. Looking at it some more this morning, I think it's actually pretty painful. The good news is that right now x86 is the only architecture that does that user_access_begin(), so we don't need to worry about anything else. Apparently the ARM people haven't had enough performance problems with the PAN bit for them to care. We can have a fallback wrapper for unsafe_copy_to_user() for other architectures that just does the __copy_to_user(). But on x86, if we move the STAC/CLAC out of the low-level copy routines and into the callers, we'll have a _lot_ of churn. I thought it would be mostly a "teach objtool" thing, but we have lots of different versions of it. Not just the 32-bit vs 64-bit, it's embedded in all the low-level asm implementations. And we don't want the regular "copy_to/from_user()" to then have to add the STAC/CLAC at the call-site. So then we'd want to un-inline copy_to_user() entirely. Which all sounds like a really good idea, don't get me wrong. I think we inline it way too aggressively now. But it'sa _big_ job. So we probably _should_ - remove INLINE_COPY_TO/FROM_USER - remove all the "small constant size special cases". - make "raw_copy_to/from_user()" have the "unsafe" semantics and make the out-of-line copy in lib/usercopy.c be the only real interface - get rid of a _lot_ of oddities but looking at just how much churn this is, I suspect that for 5.4 it's a bit late to do quite that much cleanup. I hope you prove me wrong. But I'll look at a smaller change to just make x86 use the current special copy loop (as "unsafe_copy_to_user()") and have everybody else do the trivial wrapper. Because we definitely should do that cleanup (it also fixes the whole "atomic copy in kernel space" issue that you pointed to that doesn't actually want STAC/CLAC at all), but it just looks fairly massive to me. Linus