Received: by 2002:a25:730a:0:0:0:0:0 with SMTP id o10csp6159795ybc; Tue, 8 Oct 2019 12:59:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqwsMcirm4x0QkMNUJvendFGMc/4rgoHTtXWSrHb5/rmpukunQXakdlt9hKM+K+jlyeg6j18 X-Received: by 2002:a50:b6aa:: with SMTP id d39mr34819217ede.16.1570564778982; Tue, 08 Oct 2019 12:59:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570564778; cv=none; d=google.com; s=arc-20160816; b=BHOK5ZXA9BWOv9fT6LnIGY22sBeL5pYApIPhtf+V4O/a4r7nx5+9dgOiypq7/FrWtQ JgsDzpG/teczJUGQRXxvrBJtiTYFRiuaIIe0ktZgQsJCiegcz9mZG3iWb1EDDBtLXajD K7g9Qq7wjS8bl/SmZMh2f5fUdWMBfGSVRMoe2D/PbHA8K3Cn4UEoISVsC2p2Nz4UUhAI zR6CA7ghlO1jgUAhNMdoxfDaq1CjTMLKV0cJ/kpokLRXUAPU2HXUE2gKYw8cPJQ73g94 AigUfRcEGz5442bWCW3BR+ZU9kBLJEw+B92XBfX1iu9yU0k2vjg6+cPCwtTBqTmcMq64 eXnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=MDzTt6S/ohD3s+pYULcnr1jt2dTlaPGk1riakoYhh98=; b=m1UrH43PbNjpniBIZua4JXKQWqsUQa66jeGP/DFwvsANWwjQyNMOQaLN8KufLT9+Jy NwS/abEqQYbaKBVlXOCnNnNEJO9diOH81GfG2MVXPkOYre309TC1oxZI/IRWbLrDXpEQ EzHVghb4cBjFVcCzcU3zGbHBJmVSIC5eqFhr00dbPATqbMgHUJiNAZpbMxaoqKZyGPhp K4qahEndgSHrar7OF0YRck3BoBO7cBMTRFad8qLu5cchQjoKigK8hBrTnYCHjP2s0r+e 992H43tZO9sW4do916gbDNr6ZBaey5AZPYBht1SNaz/mpAeU7WQ+ogzfsy+7tlUNCa5C PL5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ox10si9554893ejb.325.2019.10.08.12.59.15; Tue, 08 Oct 2019 12:59:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730344AbfJHT7C (ORCPT + 99 others); Tue, 8 Oct 2019 15:59:02 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:34206 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729436AbfJHT7C (ORCPT ); Tue, 8 Oct 2019 15:59:02 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.2 #3 (Red Hat Linux)) id 1iHvdK-0001OS-Ea; Tue, 08 Oct 2019 19:58:58 +0000 Date: Tue, 8 Oct 2019 20:58:58 +0100 From: Al Viro To: Linus Torvalds Cc: Guenter Roeck , Linux Kernel Mailing List , linux-fsdevel Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Message-ID: <20191008195858.GV26530@ZenIV.linux.org.uk> References: <20191006222046.GA18027@roeck-us.net> <5f06c138-d59a-d811-c886-9e73ce51924c@roeck-us.net> <20191007012437.GK26530@ZenIV.linux.org.uk> <20191007025046.GL26530@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 07, 2019 at 11:26:35AM -0700, Linus Torvalds wrote: > The good news is that right now x86 is the only architecture that does > that user_access_begin(), so we don't need to worry about anything > else. Apparently the ARM people haven't had enough performance > problems with the PAN bit for them to care. Take a look at this: static inline unsigned long raw_copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long ret; if (__builtin_constant_p(n) && (n <= 8)) { ret = 1; switch (n) { case 1: barrier_nospec(); __get_user_size(*(u8 *)to, from, 1, ret); break; case 2: barrier_nospec(); __get_user_size(*(u16 *)to, from, 2, ret); break; case 4: barrier_nospec(); __get_user_size(*(u32 *)to, from, 4, ret); break; case 8: barrier_nospec(); __get_user_size(*(u64 *)to, from, 8, ret); break; } if (ret == 0) return 0; } barrier_nospec(); allow_read_from_user(from, n); ret = __copy_tofrom_user((__force void __user *)to, from, n); prevent_read_from_user(from, n); return ret; } That's powerpc. And while the constant-sized bits are probably pretty useless there as well, note the allow_read_from_user()/prevent_read_from_user() part. Looks suspiciously similar to user_access_begin()/user_access_end()... The difference is, they have separate "for read" and "for write" primitives and they want the range in their user_access_end() analogue. Separating the read and write isn't a problem for callers (we want them close to the actual memory accesses). Passing the range to user_access_end() just might be tolerable, unless it makes you throw up...