Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1243340pxb; Fri, 21 Jan 2022 13:11:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJx3udAJ2IHApYS8FqNZf2ltApXaRjgVkScfyFsYs6bNntkmvCVqubXZmgCopqwb1/2qZLoK X-Received: by 2002:a17:90b:4ad1:: with SMTP id mh17mr2506609pjb.160.1642799493964; Fri, 21 Jan 2022 13:11:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642799493; cv=none; d=google.com; s=arc-20160816; b=n87J8PR5R6EtkfF5apnANUx7F38EpIF+YS4eN8BRI2dSpLi7DlNGutKLRzYuxDkvdP 8kmkbjCcN5FyDce+qiFNYY4VHvIVPwBfyIpkMuCV22tOrgvYkeVwXCAtUH15ywIrNc3u CPpZf7XOswWrHtO3YqALqz/GBTpQwlrGICfSza7EOja1e/ez5a8E5/H1I7FQDUVMfjmZ VKiDmyvZ6U7YZSzID3sF2wT2bNEVZKwVvz8FTmiF+2o9wCghg4mr271N6JJkb1DRVFif +w4ibz/CKA6HQfFqULe0kL3Xy7XtlurD0D0Nld8Q7rNI+a4hcYjbEVPTQSP3ag9XxjN5 TBMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=OsxXYYpnpnKEZcPtYMguiYwQkUhE07ZUhxDGK55P3u0=; b=vsPKpuwJ4h1bmXs18HahohrdSeqaRnrIJuLqA3BMZANPLEggzWAKplf5SZyqDVml3K +gGjTco1YJWC3NT0IWor4IQGkiUs77oEzCtweTQDnYKsB6LOmbg0TFLLP4giLbVXk+C2 wxuLge3u8eFgGO7XEwB3Jp81CdLZ56ie6ScM+m9y1Nl+jH5oK1xTTr+zn3eQ09pKoVA8 Sk6BsPaUyLFxDEovzPZbeOkZxPEwhSkIZbEYN+EXZB2GtekilQjzaIptSf05im9oww/F W5sQSYraIaYh30f9Dp9ig4w7u1gGXcP/ySvKuyo7Q3+bUcYymsjASAwHIbLmbrba5+tC O61w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=L2jZbi1c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 70si7044977pgb.73.2022.01.21.13.11.22; Fri, 21 Jan 2022 13:11:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=L2jZbi1c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1359254AbiATIeT (ORCPT + 99 others); Thu, 20 Jan 2022 03:34:19 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:15048 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241086AbiATIeM (ORCPT ); Thu, 20 Jan 2022 03:34:12 -0500 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20K8UTjp030775; Thu, 20 Jan 2022 08:34:12 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=OsxXYYpnpnKEZcPtYMguiYwQkUhE07ZUhxDGK55P3u0=; b=L2jZbi1cSRzBx21Jkn7Wt0lSib1gleQcBHssi0wNYSiANThNHMNUdWXO6XoMZs/bt5KW uH2v1DKTfrDmYFh529rb9rR59sAunzT7I24CA7sqyNAoTduVDTg+RCku/xyPHyYCT8tg UUm4KFnkTpJ3xZRH0SPgTgmtGzl6NUMudxA076tghiohbmUsjX6h9YvHuGBDN2LuL+fO V5PVmeJSGxh7V7reBy2v3NJqsmU0ezyBuQTJX2+j0O7lmQW87GqbpC95CdpclUg8R8HT fpSJ496YG+YXo2tE8zGodtin8azCvZHNKGe5kNa0PnuM8WLxjuKTHexBYtZVLbwAJzTL OQ== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com with ESMTP id 3dq0rduu1g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Jan 2022 08:34:12 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 20K8XvEL031328; Thu, 20 Jan 2022 08:34:10 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma01fra.de.ibm.com with ESMTP id 3dknw9vxhe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Jan 2022 08:34:09 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 20K8Y6tv46399836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 20 Jan 2022 08:34:06 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 56B7E11C050; Thu, 20 Jan 2022 08:34:06 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0222411C069; Thu, 20 Jan 2022 08:34:06 +0000 (GMT) Received: from [9.171.35.3] (unknown [9.171.35.3]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 20 Jan 2022 08:34:05 +0000 (GMT) Message-ID: Date: Thu, 20 Jan 2022 09:34:05 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [RFC PATCH v1 01/10] s390/uaccess: Add storage key checked access to user memory Content-Language: en-US To: Heiko Carstens Cc: Vasily Gorbik , Christian Borntraeger , Sven Schnelle , Nico Boehr , Alexander Gordeev , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220118095210.1651483-1-scgl@linux.ibm.com> <20220118095210.1651483-2-scgl@linux.ibm.com> <422595a5-b24b-8760-ff0e-112322142de7@linux.ibm.com> From: Janis Schoetterl-Glausch In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 1C0e0_hKvi77xjgtN13nOzw2G_QP7Gut X-Proofpoint-ORIG-GUID: 1C0e0_hKvi77xjgtN13nOzw2G_QP7Gut X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-20_03,2022-01-19_01,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=560 clxscore=1015 priorityscore=1501 lowpriorityscore=0 phishscore=0 suspectscore=0 spamscore=0 mlxscore=0 bulkscore=0 impostorscore=0 adultscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201200044 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/19/22 14:20, Heiko Carstens wrote: > On Wed, Jan 19, 2022 at 12:02:34PM +0100, Janis Schoetterl-Glausch wrote: >>> That's a lot of code churn... I would have expected that the existing >>> functions will be renamed, get an additional key parameter, and the >>> current API is implemented by defines which map copy_to_user() & >>> friends to the new functions, and add a zero key. >> >> I don't think I understand you. I can implement raw_copy_from/to_user >> in terms of raw_copy_from/to_user_with_key, which does save a few lines, >> but that's it, isn't it? > > Right you are. I only looked at your patch, and forgot about that all > the wrapping is nowadays done in common code. > > So what I really don't like about this approach is that we get an arch > specific copy_to_user() implementation back. This means that all those > extra calls like might_fault(), instrument_copy_to_user(), and friends > now have to be kept in sync by us again, if new instrumentation or > security options are added to common code. > > Given that this is manual work / monitoring I'm sure this will not > work in the mid or long term, like it has been proven several times in > the past for other features. We need something better, which works > out-of-the-box wrt common code changes / enhancements. What are our options? 1. Tooling 1.1 Automatic monitoring 1.2 ? 2. Implementation changes 2.1 Modify common code 2.2 Don't modify common code, pass key argument via well known location 2.3 ? Neither of 2.1 and 2.2 seem great. How might 1.1 work? A build error if they are out of sync?