Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1186497pxa;
        Thu, 6 Aug 2020 01:32:08 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzt83b1O8Jnr+WdFM8XWBhNXXA5TGT2DnF82wlHKD/3L4SxeNExVG1xX2IcGj4uAiqAdDPH
X-Received: by 2002:a17:907:36b:: with SMTP id rs11mr3327066ejb.544.1596702728362;
        Thu, 06 Aug 2020 01:32:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1596702728; cv=none;
        d=google.com; s=arc-20160816;
        b=IyE1o12RGwv7/m+Xz40C+B/bQ9LZyTQ+XrIcJD1TqRAECtVMbmGELDkkU8az/uIvQj
         f8Kc670J19ARjFcpoHOH2roxJk6KYhs+xUfUey1OaS6Ok9csydFMb/GUaToP+vYZbou7
         lUjrkCsIeUmPFEOOgwBNVaBiv6bUcyXpDLI1bNJq5Fqeu2N8/3T2CosNXGMTMWllcBGO
         QimYc8pKG0z7boHgn6yH/LthaKLZCMsVTxchDdorvG4SpL0u/uaIjo1SijuhrsAe3DCT
         LknOD0OZu6Jhixq5vnAZWWX7vPw0R40dAsErDBa3kzjctUR8wrCSzoP5YdpdYuvV7pxm
         Fzkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=nwLwy2wvI8kGbvXwRBByV+nw7M8jqB9Xn2Z5juz0STU=;
        b=PPXsZC9x0iEtyo+fQ0lPq5VaCQk2NwcsV3PlOqFJqzhSan183x1TzOvvyiHW18NMWj
         /yCtYFCFTccKGe8eMjBiQOp8BRnYvwXf0IkMrExzxKJLEUPe9ApLR1++eUsa7zhoaWib
         PgMiIJ1tL3qFFhimnEJrxaY7oebAqdPkqiHBjKURCqRkWNfu/+pjwek6l/jx2gWkCVBZ
         LFawnMrtdXkXhPD4rJkF3Odm1F301M9l37paRkCriTDrYIjOJ6fL4e8upQMW7ZItXt8+
         0z+rCztLhLIU2HfZQMGqr0hXvaSSXeX/L5vTwu/z4i+q56sUdYpByGF1Y1vuMXAcPp4D
         V2Lg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ga5si2844678ejb.689.2020.08.06.01.31.44;
        Thu, 06 Aug 2020 01:32:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728669AbgHFIaR (ORCPT <rfc822;alexzyp@gmail.com> + 99 others);
        Thu, 6 Aug 2020 04:30:17 -0400
Received: from pegase1.c-s.fr ([93.17.236.30]:11088 "EHLO pegase1.c-s.fr"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727768AbgHFIaP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 6 Aug 2020 04:30:15 -0400
Received: from localhost (mailhub1-int [192.168.12.234])
        by localhost (Postfix) with ESMTP id 4BMhWR2RVVz9v0TL;
        Thu,  6 Aug 2020 10:30:11 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
        by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024)
        with ESMTP id tFMet-3MCDpc; Thu,  6 Aug 2020 10:30:11 +0200 (CEST)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
        by pegase1.c-s.fr (Postfix) with ESMTP id 4BMhWR1h5Wz9v0TJ;
        Thu,  6 Aug 2020 10:30:11 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id A447B8B7FA;
        Thu,  6 Aug 2020 10:30:12 +0200 (CEST)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
        by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
        with ESMTP id rPm5gnB6BF8Y; Thu,  6 Aug 2020 10:30:12 +0200 (CEST)
Received: from [172.25.230.102] (po15451.idsi0.si.c-s.fr [172.25.230.102])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 741AA8B7F9;
        Thu,  6 Aug 2020 10:30:12 +0200 (CEST)
Subject: Re: [PATCH v2] powerpc/uaccess: simplify the get_fs() set_fs() logic
To:     Michael Ellerman <mpe@ellerman.id.au>,
        Christophe Leroy <christophe.leroy@c-s.fr>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>
Cc:     linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
References: <dd2876b808ea38eb7b7f760ecd6ce06096c61fb5.1580295551.git.christophe.leroy@c-s.fr>
 <87mu3nyh3w.fsf@mpe.ellerman.id.au>
From:   Christophe Leroy <christophe.leroy@csgroup.eu>
Message-ID: <2d0b777d-f1aa-08a1-f287-47ac68efbd99@csgroup.eu>
Date:   Thu, 6 Aug 2020 10:29:56 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <87mu3nyh3w.fsf@mpe.ellerman.id.au>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: fr
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



Le 25/07/2020 à 13:22, Michael Ellerman a écrit :
> Hi Christophe,
> 
> Unfortunately this would collide messily with "uaccess: remove
> segment_eq" in linux-next, so I'll ask you to do a respin based on that,
> some comments below.

Done, sent as v3, together with the 2 patchs from Linux next to get it 
build and boot.

> 
> Christophe Leroy <christophe.leroy@c-s.fr> writes:
>> On powerpc, we only have USER_DS and KERNEL_DS
>>
>> Today, this is managed as an 'unsigned long' data space limit
>> which is used to compare the passed address with, plus a bit
>> in the thread_info flags that is set whenever modifying the limit
>> to enable the verification in addr_limit_user_check()
>>
>> The limit is either the last address of user space when USER_DS is
>> set, and the last address of address space when KERNEL_DS is set.
>> In both cases, the limit is a compiletime constant.
>>
>> get_fs() returns the limit, which is part of thread_info struct
>> set_fs() updates the limit then set the TI_FSCHECK flag.
>> addr_limit_user_check() check the flag, and if it is set it checks
>> the limit is the user limit, then unsets the TI_FSCHECK flag.
>>
>> In addition, when the flag is set the syscall exit work is involved.
>> This exit work is heavy compared to normal syscall exit as it goes
>> through normal exception exit instead of the fast syscall exit.
>>
>> Rename this TI_FSCHECK flag to TIF_KERNEL_DS flag which tells whether
>> KERNEL_DS or USER_DS is set. Get mm_segment_t be redifined as a bool
>> struct that is either false (for USER_DS) or true (for KERNEL_DS).
>> When TIF_KERNEL_DS is set, the limit is ~0UL. Otherwise it is
>> TASK_SIZE_USER (resp TASK_SIZE_USER64 on PPC64). When KERNEL_DS is
>> set, there is no range to check. Define TI_FSCHECK as an alias to
>> TIF_KERNEL_DS.
> 
> I'd rather avoid the "DS" name any more than we have to. Maybe it means
> "data space" but that's not a very common term.

I thought it was a reference to the ds/fs/gs ... segment registers in 
the 8086 ?

> 
> The generic helper these days is called uaccess_kernel(), which returns
> true when uaccess routines are allowed to access the kernel.
> 
> So calling it TIF_UACCESS_KERNEL would work I think?

ok

> 
> The bool could be called uaccess_kernel.
> And END_OF_USER_DS could be USER_ADDR_MAX.

ok

> 
>> On exit, involve exit work when the bit is set, i.e. when KERNEL_DS
>> is set. addr_limit_user_check() will clear the bit and kill the
>> user process.
> 
> I guess this is safe. The check was added to make sure we never return
> to userspace with KERNEL_DS set, but using the actual TIF flag to
> determine the address limit should be equally safe, and avoid the
> overhead of the check in the good case.

That's the purpose indeed, yes.


christophe