Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp759847pxb; Thu, 17 Feb 2022 14:13:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJzErO+VPEfZ11mSoFD79MNPqDGF9zPV9W4a1PHeN1Dy0pANTDDxlp+zlwJWRQYL1JbcdMnD X-Received: by 2002:a63:f94a:0:b0:372:b168:1aff with SMTP id q10-20020a63f94a000000b00372b1681affmr3952928pgk.441.1645135989478; Thu, 17 Feb 2022 14:13:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645135989; cv=none; d=google.com; s=arc-20160816; b=Msc8Dm38k6ih4MNPHvfH1JvaQB2Azbf4HxchdhFb4oNntSKr/4Pg7X+uvD2X7e0Yiq UHENJ5gFfB1+tH3UxkyTYXgkZnhBOLIMDDcVepjGp2bFr/+0k76Aq4ePyaV2pMh00DUB 6YpEGAkh4Y+uw+QTQPuKrH4yPj0SIxeVF7Cm+LLrcIdLUNiRNIDAr8aAGpzkhx1dOQJ9 PZWV1xE+mSe8BL7/7+TDt4HknkrZ5J536o5Cc3f6z4qrpqkXt4dc1s/B6HCbJHr+DKd4 YsVAwoCZWLDLsUvkaEEcgbrFeOLcJAbekl1Krz6b/j+1BVBN0O5xnF9XMjfMimfjvlhW IarA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=+RZ8CAgnGa1bk5gBxds4oezzFjZLQMV+wOvrmesI1Hw=; b=P4NDpGQui2u4cyqppOK7w1l2lgltqVdS5KMy8tuiZi5xcb0hlvSb+COSgCdD2rMINV 6mF09xmnWUs1kdx7KZw05iRMEWS8rVGnVSUk3Irfmfia/3qz1GQkbYT9MOu/sHVSsrOf Xa337u/FDGpEI18lvwyZ8I6Bc0aKyjbXNOs0lrI865fujz6FSuhxz9P/MAPfd3MGNrZx tntvSc0RT9v0iq5S3chyVmrWEw1M/eVAaVc+BQCFshQT/Pgiec4h7POMfxfuf764eNqN Z63IRzu7RMo9HsWl0whMCAguaJ5I9k9aiIops6I+iNAoNFY4Vxgzy7HEmfXnmipIpHbG rW6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20210112.gappssmtp.com header.s=20210112 header.b=aC4vKGs+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s5si9359586pgs.859.2022.02.17.14.12.30; Thu, 17 Feb 2022 14:13:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20210112.gappssmtp.com header.s=20210112 header.b=aC4vKGs+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245086AbiBQTPl (ORCPT + 99 others); Thu, 17 Feb 2022 14:15:41 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245052AbiBQTPj (ORCPT ); Thu, 17 Feb 2022 14:15:39 -0500 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33E6090FD6 for ; Thu, 17 Feb 2022 11:15:24 -0800 (PST) Received: by mail-ej1-x62a.google.com with SMTP id a23so9598291eju.3 for ; Thu, 17 Feb 2022 11:15:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+RZ8CAgnGa1bk5gBxds4oezzFjZLQMV+wOvrmesI1Hw=; b=aC4vKGs+W+TwIvfSuol31sXb0DdwmBd+7ynpizLCKhXxCJFdEAZpxJvcWGa/FztIyE kaM//DxAJXCDh5aNx4GSOgCqArnp/pPXpeZOwL6NCOz09LePB9aHf9rLmhVNdEQhmOfG zcHXwBp2FYlRXI6tXnhZ/KCBgXws1BhNZED9tFrHvUNz3V476fnXQSLMeM+Shpqaev6m W07DvhrokY4sorGqrqwhi0S/cnzs7UTqO0cIGR6WWEAN8VmZadQ9VO/+zsTblOwHPeWg SsUN3Cw66rH7ga20AFYG5KTR6BdWsnByVkv9VANJJ9bhC1jZcqQ2NhN41BgDZLcdhMyk TY3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+RZ8CAgnGa1bk5gBxds4oezzFjZLQMV+wOvrmesI1Hw=; b=IkEuIRxs7BJc8ZhdW2a8xvSMQbBcqjj94Ptt42ZgrNUboIDjLzxKGsadWCzdmdzpT7 RKJeI1S7Sb0k/0vZ0RWmqlX9G+rv1dDKT6DhGFsUCWX8qTOHpWZVYjmDqN26eR0MZ1W8 TakgvJB3S2AcY0OsasaMLKsTbSwruuPbXk57dswzSgh9neIylKCQkYWNNrkGY+xGlkvM rgHI+vqK+7e4hgAvIb5L2QjRmO6j2mIDM69lVT4qPsis0S/mNxNPEb3U9YrmgwlWePmT 5e1MouSzlaahbCq3bmvnJ/t1raU0JHtVM/UqK4WQ1qTv+Tuse820R5+M9Y/P3mnUBvGZ lNQg== X-Gm-Message-State: AOAM533AaWTfx+hcZEO7AaefWT5bpuMiTFh2PLEWYQSG2vsLwWb8gUPi U4iUbm+zdsBf01UGFdxmTwUeA+pCqGwLhjIa/f2Ucw== X-Received: by 2002:a17:906:4b52:b0:6cd:3863:b35e with SMTP id j18-20020a1709064b5200b006cd3863b35emr3488094ejv.415.1645125322737; Thu, 17 Feb 2022 11:15:22 -0800 (PST) MIME-Version: 1.0 References: <20220216131332.1489939-1-arnd@kernel.org> <20220216131332.1489939-14-arnd@kernel.org> In-Reply-To: <20220216131332.1489939-14-arnd@kernel.org> From: Andy Lutomirski Date: Thu, 17 Feb 2022 11:15:11 -0800 Message-ID: Subject: Re: [PATCH v2 13/18] uaccess: generalize access_ok() To: Arnd Bergmann Cc: Linus Torvalds , Christoph Hellwig , linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-api@vger.kernel.org, arnd@arndb.de, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk, linux@armlinux.org.uk, will@kernel.org, guoren@kernel.org, bcain@codeaurora.org, geert@linux-m68k.org, monstr@monstr.eu, tsbogend@alpha.franken.de, nickhu@andestech.com, green.hu@gmail.com, dinguyen@kernel.org, shorne@gmail.com, deller@gmx.de, mpe@ellerman.id.au, peterz@infradead.org, mingo@redhat.com, mark.rutland@arm.com, hca@linux.ibm.com, dalias@libc.org, davem@davemloft.net, richard@nod.at, x86@kernel.org, jcmvbkbc@gmail.com, ebiederm@xmission.com, akpm@linux-foundation.org, ardb@kernel.org, linux-alpha@vger.kernel.org, linux-snps-arc@lists.infradead.org, linux-csky@vger.kernel.org, linux-hexagon@vger.kernel.org, linux-ia64@vger.kernel.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, openrisc@lists.librecores.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-um@lists.infradead.org, linux-xtensa@linux-xtensa.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 16, 2022 at 5:19 AM Arnd Bergmann wrote: > > From: Arnd Bergmann > > There are many different ways that access_ok() is defined across > architectures, but in the end, they all just compare against the > user_addr_max() value or they accept anything. > > Provide one definition that works for most architectures, checking > against TASK_SIZE_MAX for user processes or skipping the check inside > of uaccess_kernel() sections. > > For architectures without CONFIG_SET_FS(), this should be the fastest > check, as it comes down to a single comparison of a pointer against a > compile-time constant, while the architecture specific versions tend to > do something more complex for historic reasons or get something wrong. This isn't actually optimal. On x86, TASK_SIZE_MAX is a bizarre constant that has a very specific value to work around a bug^Wdesign error^Wfeature of Intel CPUs. TASK_SIZE_MAX is the maximum address at which userspace is permitted to allocate memory, but there is a huge gap between user and kernel addresses, and any value in the gap would be adequate for the comparison. If we wanted to optimize this, simply checking the high bit (which x86 can do without any immediate constants at all) would be sufficient and, for an access known to fit in 32 bits, one could get even fancier and completely ignore the size of the access. (For accesses not known to fit in 32 bits, I suspect some creativity could still come up with a construction that's substantially faster than the one in your patch.) So there's plenty of room for optimization here. (This is not in any respect a NAK -- it's just an observation that this could be even better.)