Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp178351ybf;
        Thu, 27 Feb 2020 18:43:08 -0800 (PST)
X-Google-Smtp-Source: APXvYqx1fa3nUaubtjm/S2wiCVshXCfrOOi+7XGrYyi1rna/NsOCnfeQCdjZwKnxe+mgA3Z7UNBc
X-Received: by 2002:a9d:5e18:: with SMTP id d24mr1649211oti.155.1582857788526;
        Thu, 27 Feb 2020 18:43:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582857788; cv=none;
        d=google.com; s=arc-20160816;
        b=rfc7T6HjpUgyh7jHfTvBCejUwzvz/hY1mSsjrhFyZrBF6WpsstJJpPu4PLPI7LvOrv
         Np2CaYa0Qpn+pSopynaDZQH44GKsOmEm4bCqv3oEoYzeZfbbD3JBaasClSUbQjLxRnUX
         YLrJHbgwe+byawn3cBdE6sGRT5q0RgJRvsgddT1MzloqWjdLUP4Rr+a4PDTqKw2LdhYb
         lgepDNcKt/MecXevUl5I3PLf+4dgg7s1bXe/qwc65JqKyW9jM5wXPl03ZGlWLYogrbic
         uPQgRlEE1nX+znf9uCcEE5vLj9Iv104ejh5dp1q86I9zQIvp9+oFckIO5QwLM9qnEWvV
         /8bA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=SVhRGz+3DcDzU1Ha2pvts5FzZy/+QHF1f/pR5Dd8W6Y=;
        b=yK38iSN2QwSZO8tlJGgjrAWF7Qf1x1fBwbeRzseffTFSaRIRejIYkpXlaga/Xrkqdp
         K7nGYCcz2O/RhdVrzrQFfww21UpdrUw0XOI9NKW3N7fBTZhUnguZChw1FeFcJQ80Pj/5
         WjAWTZudIv03n7g6W7GOS8FPz+ze/0WE0fsQPxMUgarwsI4g5jjYfxHrepiP5e63Lups
         dssTpnmJnQ9QFYY1Sm1WCqT1jz5kN7L6VreMxBIWZxUUgPSG0HAVOGR32pUipMSu+kQJ
         Znc2+nrVlEjeXwyvtlww83A6zNb20Dt3keT8PkEZ/JHCE2yFvR2dDDzdeVjcuo5JR1ns
         VRTA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=Vb8DhHmu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k19si663338otr.52.2020.02.27.18.42.56;
        Thu, 27 Feb 2020 18:43:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=Vb8DhHmu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730569AbgB1CmH (ORCPT <rfc822;busarih159@gmail.com>
        + 99 others); Thu, 27 Feb 2020 21:42:07 -0500
Received: from bombadil.infradead.org ([198.137.202.133]:49346 "EHLO
        bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726943AbgB1CmH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 27 Feb 2020 21:42:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding:
        Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:
        Subject:Sender:Reply-To:Content-ID:Content-Description;
        bh=SVhRGz+3DcDzU1Ha2pvts5FzZy/+QHF1f/pR5Dd8W6Y=; b=Vb8DhHmuasRPL6xCh0EdgruJoj
        X1N+IjaB+8sXL8W5x9dSEFL93d76zfrZJqQCZ1UEdlxo9dWc0/DDLEe8Y07eQiWUG9iaqURsmgC6M
        zjUgmoqniXoTLc11IAULjTXdS5QapV4qKdlI4ey+phs3zLLu+e36G49+pYT99qDKGKJXB6Lcg6OV6
        dZdPZCysI7RyLwzsSehAlB5drPVciWwEmurONouiOzgfMx6wc4FTgwG/H0iXqqofnWU1Tg3Ylbato
        euVM1xICRkV0WHk0HJZpgNiWmLcW1yLm43r8+Jb8k9X5B4Ll9fX99PtWYiCpMiCOQHOngTFDI2Lxm
        rnzfmFGw==;
Received: from [2601:1c0:6280:3f0::19c2]
        by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux))
        id 1j7VbH-0000TZ-Gl; Fri, 28 Feb 2020 02:42:03 +0000
Subject: Re: [PATCH] drm/i915: Minimize uaccess exposure in
 i915_gem_execbuffer2_ioctl()
To:     Josh Poimboeuf <jpoimboe@redhat.com>,
        Al Viro <viro@zeniv.linux.org.uk>
Cc:     Chris Wilson <chris@chris-wilson.co.uk>,
        linux-kernel@vger.kernel.org,
        Peter Zijlstra <peterz@infradead.org>,
        intel-gfx@lists.freedesktop.org
References: <ed52cfb852d2772bf20f48614d75f1d1b1451995.1582841072.git.jpoimboe@redhat.com>
 <20200227223542.GE23230@ZenIV.linux.org.uk>
 <20200228010342.3j3awgvvgvitif7z@treble>
From:   Randy Dunlap <rdunlap@infradead.org>
Message-ID: <ea7b1ae2-560d-e9ff-32bf-5068de05f954@infradead.org>
Date:   Thu, 27 Feb 2020 18:42:02 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <20200228010342.3j3awgvvgvitif7z@treble>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2/27/20 5:03 PM, Josh Poimboeuf wrote:
> On Thu, Feb 27, 2020 at 10:35:42PM +0000, Al Viro wrote:
>> On Thu, Feb 27, 2020 at 04:08:26PM -0600, Josh Poimboeuf wrote:
>>> With CONFIG_CC_OPTIMIZE_FOR_SIZE, objtool reports:
>>>
>>>   drivers/gpu/drm/i915/gem/i915_gem_execbuffer.o: warning: objtool: i915_gem_execbuffer2_ioctl()+0x5b7: call to gen8_canonical_addr() with UACCESS enabled
>>>
>>> This means i915_gem_execbuffer2_ioctl() is calling gen8_canonical_addr()
>>> -- and indirectly, sign_extend64() -- from the user_access_begin/end
>>> critical region (i.e, with SMAP disabled).
>>>
>>> While it's probably harmless in this case, in general we like to avoid
>>> extra function calls in SMAP-disabled regions because it can open up
>>> inadvertent security holes.
>>>
>>> Fix it by moving the gen8_canonical_addr() conversion to a separate loop
>>> before user_access_begin() is called.
>>>
>>> Note that gen8_canonical_addr() is now called *before* masking off the
>>> PIN_OFFSET_MASK bits.  That should be ok because it just does a sign
>>> extension and ignores the masked lower bits anyway.
>>
>> How painful would it be to inline the damn thing?
>> <looks>
>> static inline u64 gen8_canonical_addr(u64 address)
>> {
>>         return sign_extend64(address, GEN8_HIGH_ADDRESS_BIT);
>> }
>> static inline __s64 sign_extend64(__u64 value, int index)
>> {
>>         __u8 shift = 63 - index;
>>         return (__s64)(value << shift) >> shift;
>> }
>>
>> What the hell?  Josh, what kind of .config do you have that these are
>> _not_ inlined?
> 
> I think this was seen with CONFIG_CC_OPTIMIZE_FOR_SIZE, which tends to

so the commit message correctly says.

> ignore inline.
> 
>> And why not mark gen8_canonical_addr() __always_inline?
> 
> Right, marking those two functions as __always_inline is the other
> option.  The problem is, if you keep doing it, eventually you end up
> with __always_inline-itis spreading all over the place.  And it affects
> all the other callers, at least in the CONFIG_CC_OPTIMIZE_FOR_SIZE case.
> At least this fix is localized.
> 
> But I agree my patch isn't ideal either.

fwiw,
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested


thanks.
-- 
~Randy