Received: by 2002:a25:730a:0:0:0:0:0 with SMTP id o10csp2815649ybc;
        Thu, 10 Oct 2019 13:00:04 -0700 (PDT)
X-Google-Smtp-Source: APXvYqycyR+ldwAu4ynow9WVYJCNNIwVLeobkvQD2Ar5QWZwQnXTxS2ZlBeXVofvQYHOd86dGJno
X-Received: by 2002:a17:906:8317:: with SMTP id j23mr9721951ejx.314.1570737604474;
        Thu, 10 Oct 2019 13:00:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570737604; cv=none;
        d=google.com; s=arc-20160816;
        b=G9zrDpJybyq2kx4wdctNH9r4X61N0EihDWYpkJN9VTg8Fi0irWLUXckUF8ibqR6mjx
         Q6YMkwiw2c1VnCf7C1zzwFwPyOxewVRksTojledKGLx68qxN7E5bXk7IjF/6LccUfLW5
         fsAwjqLgTliJcAZFlcpxgzR4cIP+YAQfwgMExopwd7JyvDRKQ/qjVYhMUvovSeJBgOgF
         9lvRUXfBUp+94N8txAnnA+8LOIqs9hBp24KokXe3Ews5bNuembvE//Hgv1wP4nr/lTb5
         YHFvEYwQ4dKAoZ8xn5hMbCTpyq3bEJzGpFI3dnP+uUFEn9DUvg04I2osExB/DbpIj14o
         r5Dw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=xLU1QcdxsCt4xx/IQvwcV/I81Z2QkvtonkhpdcLthHg=;
        b=pCMp0ETr4jS9OC9OVyWqgs1NS4UJvfM/h7LE7zoKUjzWWUPnCsffGv65RGRh99O5UK
         9FHBCz28qPcF5O7cIx5MqPUYSxurrMnHhgNl1eoSMKlq5clUoQ5b1eyqZJRA6dr6erDE
         JmhTXD1Wjiq+KbiFH1k1J20kNXaleoEVAdLRb6f8i3m4MIcmXf7rrJTULEfCHzKsYn/I
         8jFWO1eLbHNcMfGXZz6pFJtOgLhrPoQIU2pQzsuLPjPMNxMlFaSk2g524FtzOam2wvBO
         gLnSKLypnNN1Fq+/WJL3EaG7kBXkbuJHHKqSvzfHCs+jVzsyKlGIvvF6GDmkI8tf3YJv
         jLUw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p9si4124160edc.96.2019.10.10.12.59.20;
        Thu, 10 Oct 2019 13:00:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726509AbfJJTzI (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Thu, 10 Oct 2019 15:55:08 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:40740 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725867AbfJJTzI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Oct 2019 15:55:08 -0400
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92.2 #3 (Red Hat Linux))
        id 1iIeWe-00034C-H8; Thu, 10 Oct 2019 19:55:05 +0000
Date:   Thu, 10 Oct 2019 20:55:04 +0100
From:   Al Viro <viro@zeniv.linux.org.uk>
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Guenter Roeck <linux@roeck-us.net>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to
 unsafe_put_user()
Message-ID: <20191010195504.GI26530@ZenIV.linux.org.uk>
References: <5f06c138-d59a-d811-c886-9e73ce51924c@roeck-us.net>
 <CAHk-=whAQWEMADgxb_qAw=nEY4OnuDn6HU4UCSDMNT5ULKvg3g@mail.gmail.com>
 <20191007012437.GK26530@ZenIV.linux.org.uk>
 <CAHk-=whKJfX579+2f-CHc4_YmEmwvMe_Csr0+CPfLAsSAdfDoA@mail.gmail.com>
 <20191007025046.GL26530@ZenIV.linux.org.uk>
 <CAHk-=whraNSys_Lj=Ut1EA=CJEfw2Uothh+5-WL+7nDJBegWcQ@mail.gmail.com>
 <CAHk-=witTXMGsc9ZAK4hnKnd_O7u8b1eiou-6cfjt4aOcWvruQ@mail.gmail.com>
 <20191008032912.GQ26530@ZenIV.linux.org.uk>
 <CAHk-=wiAyZmsEp6oQQgHiuaDU0bLj=OVHSGV_OfvHRSXNPYABw@mail.gmail.com>
 <CAHk-=wgOWxqwqCFuP_Bw=Hxxf9njeHJs0OLNGNc63peNd=kRqw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHk-=wgOWxqwqCFuP_Bw=Hxxf9njeHJs0OLNGNc63peNd=kRqw@mail.gmail.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Oct 07, 2019 at 09:24:17PM -0700, Linus Torvalds wrote:
> On Mon, Oct 7, 2019 at 9:09 PM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > Try the attached patch, and then count the number of "rorx"
> > instructions in the kernel. Hint: not many. On my personal config,
> > this triggers 15 times in the whole kernel build (not counting
> > modules).
> 
> .. and four of them are in perf_callchain_user(), and are due to those
> "__copy_from_user_nmi()" with either 4-byte or 8-byte copies.
> 
> It might as well just use __get_user() instead.
> 
> The point being that the silly code in the header files is just
> pointless. We shouldn't do it.

FWIW, the one that looks the most potentiall sensitive in that bunch is
arch/x86/kvm/paging_tmpl.h:388:         if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte))))
in the bowels of KVM page fault handling.  I would be very surprised if
the rest would be detectable...

Anyway, another question you way: what do you think of try/catch approaches
to __get_user() blocks, like e.g. restore_sigcontext() is doing?

Should that be available outside of arch/*?  For that matter, would
it be a good idea to convert get_user_ex() users in arch/x86 to
unsafe_get_user()?