Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp18188ybp; Tue, 8 Oct 2019 13:17:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqxmJIrgJ7BWTl6KBfveGdutQgEJBrpKkQgL0YcxpO5S2/+y3H/Vy9jGyAyZqba2bi7lmK8K X-Received: by 2002:aa7:cd5a:: with SMTP id v26mr35056278edw.256.1570565836132; Tue, 08 Oct 2019 13:17:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570565836; cv=none; d=google.com; s=arc-20160816; b=zQa1QI6xMmwURR3ybYQUkUoPrY1EKQaBIT7KwBr2td/bGXWJIxefwCX8EEaIUdXjeC j3Fe4D1B3g+D/NlEgi6bWTTp53ymmIhfQaN71jKMXhw13rhroj1Lqqd5yb1aGS8JQPor ooLNnGosniH4BNFgySWymAis6WwAZMHwcZJ8HKhIbqq2ZKyfSAKhXPKOpZmNS54Nxg4G XhIBuSNswtsAEO1LthSFpKFQok0iCCKsQvJqH77sOJ621OGhH24b/VjGLSdYPyvn3F7h GsM8ShRcWYR6njtjP9uuuLxg4LDAXsWXIfbkf7lfiSBsdkFkwkyA5bKG9bHlJF5I8QzM na2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=nELwvm/q9zgffuEqCs7pH4UPxUvQ3Uaw20GeSItq/ds=; b=06nocrAL+4FQcjm1BkJAaIPOQMBBmxiEtrNp0yoXET+uXGTkEnFlo66dpdVkw2bsgk EUntBsRs2tZLTx9eHOlRDFcNf59Zkb3x3O5wjYRibYPVlbFMiornKfn9X7ZxFeQTrQNe a+Hzcc+tJ6QeqY63Qk0wvEK/LEy1hmlNd5WXNZficIC+XvzMB7agX4XCV+FARiJWYePv 6BMJdvfcdxrSgjBn2a0Cvqz5kyVQKzIja5J+iS5amAiIuWu52A4zBFLuo/SMDHYj6baL 24FLA2o+aCIN17UslJY3HsOoSESuhniV8C5ML/ru3eQGCR6DaWLzacIGbz02H7JQRWFZ MNrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d9si60909edb.371.2019.10.08.13.16.52; Tue, 08 Oct 2019 13:17:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730722AbfJHUQT (ORCPT + 99 others); Tue, 8 Oct 2019 16:16:19 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:34422 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727570AbfJHUQT (ORCPT ); Tue, 8 Oct 2019 16:16:19 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.2 #3 (Red Hat Linux)) id 1iHvu4-0001qR-Ey; Tue, 08 Oct 2019 20:16:17 +0000 Date: Tue, 8 Oct 2019 21:16:16 +0100 From: Al Viro To: Linus Torvalds Cc: Guenter Roeck , Linux Kernel Mailing List , linux-fsdevel Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Message-ID: <20191008201616.GW26530@ZenIV.linux.org.uk> References: <5f06c138-d59a-d811-c886-9e73ce51924c@roeck-us.net> <20191007012437.GK26530@ZenIV.linux.org.uk> <20191007025046.GL26530@ZenIV.linux.org.uk> <20191008195858.GV26530@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191008195858.GV26530@ZenIV.linux.org.uk> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 08, 2019 at 08:58:58PM +0100, Al Viro wrote: > That's powerpc. And while the constant-sized bits are probably pretty > useless there as well, note the allow_read_from_user()/prevent_read_from_user() > part. Looks suspiciously similar to user_access_begin()/user_access_end()... > > The difference is, they have separate "for read" and "for write" primitives > and they want the range in their user_access_end() analogue. Separating > the read and write isn't a problem for callers (we want them close to > the actual memory accesses). Passing the range to user_access_end() just > might be tolerable, unless it makes you throw up... BTW, another related cleanup is futex_atomic_op_inuser() and arch_futex_atomic_op_inuser(). In the former we have if (!access_ok(uaddr, sizeof(u32))) return -EFAULT; ret = arch_futex_atomic_op_inuser(op, oparg, &oldval, uaddr); if (ret) return ret; and in the latter we've got STAC/CLAC pairs stuck into inlined bits on x86. As well as allow_write_to_user(uaddr, sizeof(*uaddr)) on ppc... I don't see anything in x86 one objtool would've barfed if we pulled STAC/CLAC out and turned access_ok() into user_access_begin(), with matching user_access_end() right after the call of arch_futex_atomic_op_inuser(). Everything is inlined there and no scary memory accesses would get into the scope (well, we do have if (!ret) *oval = oldval; in the very end of arch_futex_atomic_op_inuser() there, but oval is the address of a local variable in the sole caller; if we run with kernel stack on ring 3 page, we are deeply fucked *and* wouldn't have survived that far into futex_atomic_op_inuser() anyway ;-)