From: Ingo Molnar <mingo@kernel.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Andy Lutomirski <luto@amacapital.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>
Subject: Re: [PSEUDOPATCH] rename is_compat_task
Date: Tue, 8 Dec 2015 05:36:49 +0100 [thread overview]
Message-ID: <20151208043648.GA2182@gmail.com> (raw)
In-Reply-To: <11525805.FykVOSlruZ@wuerfel>
* Arnd Bergmann <arnd@arndb.de> wrote:
> On Monday 07 December 2015 15:12:59 Andy Lutomirski wrote:
> > Hi all-
> >
> > Every time I look at is_compat_task, I cringe. That function
> > determines whether we're in a compat syscall, not whether we're in a
> > compat task. There are probably architectures (arm64?) under which
> > these are the same conditions, but they are definitely *not* the same
> > thing on x86.
> >
> > Can we just fix it? I propose the following patch:
> >
> > $ find -type f |xargs sed -i -e 's/is_compat_task/in_compat_syscall/g'
> >
> > If there's general agreement, can we do that at the end of the next
> > merge window?
> >
> > I could also send a patch series to add in_compat_syscall, change all
> > the users, then delete the old stuff, but that seems overcomplicated
> > for something that's literally just renaming a token.
>
> As far as I know, x86 is the special case here, on all other architectures, this
> actually checks the task, and it's impossible to call a system call of the other
> kind.
Well, even on architectures that don't allow mixed mode system calls for the same
task the name 'in_compat_syscall()' is still correct: it just happens to also be a
permanent condition for the life time of a task.
On architectures that allow mixed mode syscalls the assumption and confusion
carried by the 'is_compat_task()' misnomer has resulted in real security bugs,
hence Andy's suggestion for a rename.
So without my x86 hat on I'd still argue that 'is_compat_syscall()' is the more
expressive (and hence more robust, safer) name. On architectures that don't care
the change carries zero costs.
So are there any deep objections to doing this rename in a single, quick,
pain-minimized fashion right at the end of the next merge window, when the amount
of pending patches in various maintainer trees is at a cyclical minimum? We can
also keep an is_compat_task() migratory define for one more cycle just in case.
Thanks,
Ingo
next prev parent reply other threads:[~2015-12-08 4:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-07 23:12 [PSEUDOPATCH] rename is_compat_task Andy Lutomirski
2015-12-07 23:16 ` Arnd Bergmann
2015-12-07 23:20 ` Andy Lutomirski
2015-12-07 23:42 ` Al Viro
2015-12-08 4:36 ` Ingo Molnar [this message]
2015-12-08 4:49 ` Al Viro
2015-12-08 5:01 ` Ingo Molnar
2015-12-08 5:15 ` Al Viro
2015-12-08 5:52 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151208043648.GA2182@gmail.com \
--to=mingo@kernel.org \
--cc=arnd@arndb.de \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.