Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp275747ybk; Tue, 12 May 2020 23:09:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyOOc/N7UintzXbOgpwHk2ZqLdeV9uyEXBg4wcfzNMic+ZVDfqgyg0xbl2ncuMHEdVLKDHc X-Received: by 2002:aa7:c60c:: with SMTP id h12mr7496905edq.243.1589350140684; Tue, 12 May 2020 23:09:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589350140; cv=none; d=google.com; s=arc-20160816; b=UjGpmXvoR5A1AIPPlgO5CROwI0181DnQEyX2DuMVYaVoCzn0shFp5r9k7VANBEXcWP 8iPGJ/vywobgYgL85xw5KIO4BM71mIyigeqWBP0UdRQYgqzF9CAYliI6A96WXoPQvnRx /k/JGetLD+B7J65WXOEI3WFl8pmPdRRbg+cHX+tIQ6yIImXyuHQy+HAKHTTPr2xiq3fj w1bjNBOuu5LsXoZO7z3NcmHwtIjWW17MSe2L/SeY4AVzXeQY2FWtSSwdYyFZW6xSb0dm +j69nW4X6uP3L1pgAteECUbWrYM/fjhh+dQaQ7bQRiEBMe218P8RRIz/noehm0U7BJkX YY0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=Yab4dTQOD4G/CPeHhv9XyJxJ0K3LhxQTJ18bKQySVVk=; b=h14lJUcFUgAH2BvLhz8s9eK2VJXLQEynA99AuBIGcEfW9CjLm8YlNCqhhrFOp/w3MN n7fkbPTNnGgJkgvUp661Q9vpSKw5PToeFJjissdQtiDlwTCxEuslEwqDfTZOnzJPE+n5 N+ZzjVUdqN1AgJPEBfYr93FtpCngBCYv5zqDbqWE8CFIOsg96oc03I2oX7RHpM/Mzs0l /TlVVKdm1y1n/tVbhSGVRPFn/tPrn/56FeJqADkGglRApsKQAQW3gQlkubZt5/K0Hvv/ T4HFPNX4oU9qkVxKifMJshAkut2pgDouLzQXJbr8TNAC4roSV+45Pmr1SK1YkXlptpAD pUig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="PlsesW/I"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h14si9414017ejs.479.2020.05.12.23.08.36; Tue, 12 May 2020 23:09:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="PlsesW/I"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729136AbgEMGG4 (ORCPT + 99 others); Wed, 13 May 2020 02:06:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:38770 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728784AbgEMGGz (ORCPT ); Wed, 13 May 2020 02:06:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BCE1820718; Wed, 13 May 2020 06:06:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589350015; bh=6qZpYcXUD5MiwOqEO1ZY0mCSOUXAEishXLv58UbUkb4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=PlsesW/IxxtIRgOd2lQP0dqWv9yKqYmK7I0Pdb0PncShDHGqXe38IMwt5hHuJ+kOf dIxqCKtzwJuew0r94G4irCnmejKg94wHhnPbr+UD0EdFji1E6dp9EyMJNp0YL2HMWW Y2dzCbQdg/J8zQuX2IzJRvUBD4JBDdopZsCztJog= Date: Wed, 13 May 2020 07:55:48 +0200 From: Greg KH To: ashwin-h Cc: x86@kernel.org, dri-devel@lists.freedesktop.org, intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org, stable@kernel.org, srivatsab@vmware.com, srivatsa@csail.mit.edu, rostedt@goodmis.org, srostedt@vmware.com, Linus Torvalds Subject: Re: [PATCH v4.19.x] make 'user_access_begin()' do 'access_ok()' Message-ID: <20200513055548.GA743118@kroah.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 13, 2020 at 07:19:21AM +0530, ashwin-h wrote: > From: Linus Torvalds > > commit 594cc251fdd0d231d342d88b2fdff4bc42fb0690 upstream. > > Originally, the rule used to be that you'd have to do access_ok() > separately, and then user_access_begin() before actually doing the > direct (optimized) user access. > > But experience has shown that people then decide not to do access_ok() > at all, and instead rely on it being implied by other operations or > similar. Which makes it very hard to verify that the access has > actually been range-checked. > > If you use the unsafe direct user accesses, hardware features (either > SMAP - Supervisor Mode Access Protection - on x86, or PAN - Privileged > Access Never - on ARM) do force you to use user_access_begin(). But > nothing really forces the range check. > > By putting the range check into user_access_begin(), we actually force > people to do the right thing (tm), and the range check vill be visible > near the actual accesses. We have way too long a history of people > trying to avoid them. > > Signed-off-by: Linus Torvalds > Signed-off-by: Ashwin H > --- > arch/x86/include/asm/uaccess.h | 11 ++++++++++- > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 15 +++++++++++++-- > include/linux/uaccess.h | 2 +- > kernel/compat.c | 6 ++---- > kernel/exit.c | 6 ++---- > lib/strncpy_from_user.c | 9 +++++---- > lib/strnlen_user.c | 9 +++++---- > 7 files changed, 38 insertions(+), 20 deletions(-) Are you wanting this merged to a specific stable kernel tree? If so, why? thanks, greg k-h