From: Al Viro <viro@ftp.linux.org.uk>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Mike Frysinger <vapier@gentoo.org>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/4] asm-generic: uaccess: do not expand args multiple times
Date: Wed, 24 Jun 2009 05:38:35 +0100 [thread overview]
Message-ID: <20090624043835.GM8633@ZenIV.linux.org.uk> (raw)
In-Reply-To: <200906142214.40532.arnd@arndb.de>
On Sun, Jun 14, 2009 at 10:14:39PM +0200, Arnd Bergmann wrote:
> On Sunday 14 June 2009, Mike Frysinger wrote:
> > While it's debatable whether {get,put}_user() should be called with
> > arguments that have side effects, macro's should be written safely in the
> > first place. In this case, a slightly off version of put_user() ended up
> > causing random userspace corruption and these things aren't trivial to
> > track down.
> >
> > While some of these conversions aren't strictly necessary, I think it's
> > better to do all of them so as to be proactive in people accidently
> > screwing it up in the future.
>
> I've tried this and failed. This change adds an endless number of sparse
> warnings in put_user and even gcc warnings in get_user. The problem
> is that typeof() carries over the 'const' and '__user' modifiers, both
> of which prevent you from assigning data to the new pointer that you
> constructed.
>
> I'd love to see a way to do this correctly, but this patch won't cut it.
Note that sizeof(*(ptr)) does *NOT* evaluate ptr, unless we are dealing
with variably-modified type. The same goes for typeof. And chk_user_ptr()
expands to (void)0 during the build. So I don't believe that existing variant
is incorrect - we do not evaluate the argument twice.
next prev parent reply other threads:[~2009-06-24 4:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-14 6:00 [PATCH 1/4] asm-generic: uaccess: do not expand args multiple times Mike Frysinger
2009-06-14 6:00 ` [PATCH 2/4] asm-generic: uaccess: add missing access_ok() check to strnlen_user() Mike Frysinger
2009-06-14 20:35 ` Arnd Bergmann
2009-06-14 6:00 ` [PATCH 3/4] asm-generic: uaccess: fix up local access_ok() usage Mike Frysinger
2009-06-14 20:35 ` Arnd Bergmann
2009-06-14 6:00 ` [PATCH 4/4] asm-generic: uaccess: fix access_ok() prototype Mike Frysinger
2009-06-14 20:17 ` Arnd Bergmann
2009-06-16 10:34 ` Mike Frysinger
2009-06-14 20:14 ` [PATCH 1/4] asm-generic: uaccess: do not expand args multiple times Arnd Bergmann
2009-06-24 4:38 ` Al Viro [this message]
2009-06-24 11:35 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090624043835.GM8633@ZenIV.linux.org.uk \
--to=viro@ftp.linux.org.uk \
--cc=arnd@arndb.de \
--cc=linux-kernel@vger.kernel.org \
--cc=vapier@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.