Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4167835ybb; Tue, 7 Apr 2020 02:04:20 -0700 (PDT) X-Google-Smtp-Source: APiQypJ9BYdeaV17gvRnuV1ozek5MG2oECgjpogKUWqo8wRzAeWfkAAR5Reuwi7Q9A54ox9xATdN X-Received: by 2002:a05:6808:6cb:: with SMTP id m11mr860553oih.130.1586250260700; Tue, 07 Apr 2020 02:04:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586250260; cv=none; d=google.com; s=arc-20160816; b=H7hKRS7iD2jt3uN7NKU3yEsmikVo5JMQ6gcqRcVdELjkp5IKcoza1G/7ZeAdOk2ZPK cXFbYm9fUTCU7KWFDWTHpo475IoMjhf5Eca0BATjw5onczgeDpDH6np90yj+6sMaK8aj Xg9ZndZKCogxWmWKLSBFmB/MBaV+bPTmuvDFuYyUApC2qrJdVcFw0emNsQhmRHtKzZsW RJzsrhgtmmreKBXAOYvRlXnmP00HK8mD6Qd4VWL+/1TgjicNQZC7VPtT524oDsVlflEy FP+jBQdNMKTfo8H8Kskeud/baRHFMUORw/HM1jvlFMYqTGAiDndjlPp4siQT79QwK96+ vBJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=rGreHrGUf4If0feLchKtm574BBPDpK8sJSuOKT7qDDs=; b=NSuc6UNrDYRA1teSdw0r0GBDEQ7Sw9qJa9uoOpYbJSGL/+PAu+r+Bv3lLfLJjREZXm z6uPy/CyHg2K+p+z8ww+qSY6EA8CDhC7mbOpjFaMZJIsxnZSZ6s6fQPzQTE9gCut/sgw f9JoTi6htWiPvYtWseQDNUZdHkSgxkxEUfgS7mKvkPTPsise7hTxGi7MhpykzpZakxEg v1bahtt3/YXsqdaP+zDGQwuGiKGZmG6FSOJRz+WrJsjjZNvWpNgEw5lVWnBOm7Sn7ORh HY5yZzIzaZnCum39pwILPiNy/aK3DUQzLlESkpNOfHBHTlFpzbRhAtp+KTG7hywQyRTw LOzw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f21si413814oib.258.2020.04.07.02.04.07; Tue, 07 Apr 2020 02:04:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727994AbgDGJD3 (ORCPT + 99 others); Tue, 7 Apr 2020 05:03:29 -0400 Received: from www62.your-server.de ([213.133.104.62]:44216 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726353AbgDGJD3 (ORCPT ); Tue, 7 Apr 2020 05:03:29 -0400 Received: from sslproxy05.your-server.de ([78.46.172.2]) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1jLk8i-0002BD-Sf; Tue, 07 Apr 2020 11:03:24 +0200 Received: from [178.195.186.98] (helo=pc-9.home) by sslproxy05.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jLk8i-000BDN-Hp; Tue, 07 Apr 2020 11:03:24 +0200 Subject: Re: Question on "uaccess: Add strict non-pagefault kernel-space read function" To: Christoph Hellwig Cc: Alexei Starovoitov , Linus Torvalds , Masami Hiramatsu , x86@kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, bgregg@netflix.com References: <20200403133533.GA3424@infradead.org> <5ddc8c04-279d-9a14-eaa7-755467902ead@iogearbox.net> <20200404093105.GA445@infradead.org> From: Daniel Borkmann Message-ID: <2adc77e1-e84d-f303-fd88-133ec950c33f@iogearbox.net> Date: Tue, 7 Apr 2020 11:03:23 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <20200404093105.GA445@infradead.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.102.2/25774/Mon Apr 6 14:53:25 2020) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/4/20 11:31 AM, Christoph Hellwig wrote: > On Fri, Apr 03, 2020 at 04:20:24PM +0200, Daniel Borkmann wrote: >> With crazy old functions I presume you mean the old bpf_probe_read() >> which is mapped to BPF_FUNC_probe_read helper or something else entirely? > > I couldn't care less about bpf, this is about the kernel API. > > What I mean is that your new probe_kernel_read_strict and > strncpy_from_unsafe_strict helpers are good and useful. But for this > to actually make sense we need to get rid of the non-strict versions, > and we also need to get rid of some of the weak alias magic. Yeah agree, the probe_kernel_read() should do the strict checks by default and there would need to be some way to opt-out for the legacy helpers to not break. So it would end up looking like the below ... long __probe_kernel_read(void *dst, const void *src, size_t size) { long ret = -EFAULT; mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); if (kernel_range_ok(src, size)) ret = probe_read_common(dst, (__force const void __user *)src, size); set_fs(old_fs); return ret; } ... where archs with non-overlapping user and kernel address range would only end up having to implementing kernel_range_ok() check. Or, instead of a generic kernel_range_ok() this could perhaps be more probing-specific as in probe_kernel_range_ok() where this would then also cover the special cases we seem to have in parisc and um. Then, this would allow to get rid of all the __weak aliasing as well which may just be confusing. I could look into coming up with something along these lines. Thoughts?