Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2582224ybb; Mon, 30 Mar 2020 08:55:55 -0700 (PDT) X-Google-Smtp-Source: ADFU+vucqdkgnJ9omTF8Jnd8ztxV47Hz36vfAIXGGNIX2btd4HbMAvz1cGYInHzcYiXJjnAhfvmv X-Received: by 2002:a05:6830:22d9:: with SMTP id q25mr9347977otc.164.1585583754886; Mon, 30 Mar 2020 08:55:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585583754; cv=none; d=google.com; s=arc-20160816; b=kOw+jRBGuJkAG+a5k3OBJqgxBRPR5TLilJAoZfyOMDa8c6AcRgrICfOJvVsToymUWw DEkbw2dwcUZLCIF6tIauDl885vUble6WDZ5u12MSTkEk0ViTajC5Mdbropye6ZSdP7+R 2jd5m9AJ/pCpjMFNSaF0EioyQrqPpd53XxWva9Hnrq3U1Zxvb1PApyiFOGXvegYksyBl 99jUCx8cxLH63BB1bRIoXENpKK+GJq7OSZDhW9/SvZPJXACr2DtN1O7NUC605nc24yxj CWOSK66p4hGJGZyAVp1rARUkHRGQ9nAGx0oyKOzVfGH3PRkJutx2KKFsbfs+X5dyRXI2 08JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=O1GNFfgOQCMvbb8ZHHy8aE7E5nhp85/CDLq0A8eLT7M=; b=sSLoJAf/RpKCSMLJhtJm9BWXHiXo7xN4huMGFwQr4ROoejh+i2bKPgiHqVYBgOmJd6 DFWVEtzOSN10FZBNOyggoEwskXYggRXwHS0VBQvabCv6mcRoHqLqMwHr0BKrjwrQS30U nyc4Yy1+US1ToDCO1b6IAgCYfjFdrLJP4rPygQHSlt3TTn72sHwqvct4dwCTbO9ZO3II InrYShFf95BFIUO6NcuyssJM9aFrmcfYH2KBLSEU8MtTSWcGvzHqsCleQu3i9z/l7Abl aRJpkJK0v0BlOeG+Y8+kKRkrW+eALSVg0xlEr1JQjqIFMUT7zDeaXmCd+fkZ/v4ZqvjL SVpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m5si6175294ooq.79.2020.03.30.08.55.40; Mon, 30 Mar 2020 08:55:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729685AbgC3Py1 convert rfc822-to-8bit (ORCPT + 99 others); Mon, 30 Mar 2020 11:54:27 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([146.101.78.151]:47850 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726497AbgC3Py0 (ORCPT ); Mon, 30 Mar 2020 11:54:26 -0400 Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-87-ODMv5bv9P12XgKJf7O7OVA-1; Mon, 30 Mar 2020 16:54:23 +0100 X-MC-Unique: ODMv5bv9P12XgKJf7O7OVA-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 30 Mar 2020 16:54:22 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Mon, 30 Mar 2020 16:54:22 +0100 From: David Laight To: 'Al Viro' , Ingo Molnar CC: Linus Torvalds , Thomas Gleixner , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "Borislav Petkov" Subject: RE: [RFC][PATCH 01/22] x86 user stack frame reads: switch to explicit __get_user() Thread-Topic: [RFC][PATCH 01/22] x86 user stack frame reads: switch to explicit __get_user() Thread-Index: AQHWBfOGBuGXOsXgxk+vqOM7n5IKaahhSkVQ Date: Mon, 30 Mar 2020 15:54:22 +0000 Message-ID: <0c08c4e00e4e4965969a16410e4e15d1@AcuMS.aculab.com> References: <20200323183620.GD23230@ZenIV.linux.org.uk> <20200323183819.250124-1-viro@ZenIV.linux.org.uk> <20200328104857.GA93574@gmail.com> <20200328115936.GA23230@ZenIV.linux.org.uk> <20200329092602.GB93574@gmail.com> <20200329175735.GC23230@ZenIV.linux.org.uk> In-Reply-To: <20200329175735.GC23230@ZenIV.linux.org.uk> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Al Viro > Sent: 29 March 2020 18:58 ... > [*] IMO compat_alloc_user_space() should die; this "grab some space on > user stack, copy the 32bit data structure into 64bit equivalent there, > complete with pointer chasing and creating 64bit equivalents of everything > that's referenced from that struct, then call native ioctl, then do the > reverse conversion" is just plain wrong. That native ioctl is going to > bring the structures we'd constructed back into the kernel space and > work with them there; we might as well separate the function that work > with the copied struct (usually we do have those anyway) and call those > instead the native ioctl. And skip the damn "copy the structures we'd > built into temp allocation on user stack, then have it copied back" > part. We have relatively few callers, thankfully. I helped rip the same 'stackgap' code out of netbsd many years ago. No only was it being used for system call compatibility, but also for security checks and rewriting filenames. Completely hopeless in a threaded program. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)