From: Steve Capper <steve.capper@linaro.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Hugh Dickins <hughd@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@kernel.org>, Jeff Layton <jlayton@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
ceph-devel <ceph-devel@vger.kernel.org>,
lustre-devel@lists.lustre.org,
V9FS Developers <v9fs-developer@lists.sourceforge.net>,
Jan Kara <jack@suse.cz>, Chris Wilson <chris@chris-wilson.co.uk>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [PATCH v3 0/2] iov_iter: allow iov_iter_get_pages_alloc to allocate more pages per call
Date: Mon, 13 Feb 2017 09:56:18 +0000 [thread overview]
Message-ID: <20170213095616.GA18053@linaro.org> (raw)
In-Reply-To: <CA+55aFwXKPUoZ3R4ey03L6ksXCmGLNS=16aQ7gRO1=VXCMZx-A@mail.gmail.com>
On Fri, Feb 03, 2017 at 11:28:48AM -0800, Linus Torvalds wrote:
> On Fri, Feb 3, 2017 at 11:08 AM, Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > On x86 it does. I don't see anything equivalent in mm/gup.c one, and the
> > only kinda-sorta similar thing (access_ok() in __get_user_pages_fast()
> > there) is vulnerable to e.g. access via kernel_write().
>
> Yeah, access_ok() is bogus. It needs to just check against TASK_SIZE
> or whatever.
>
> > doesn't look promising - access_ok() is never sufficient. Something like
> > _PAGE_USER tests in x86 one solves that problem, but if anything similar
> > works for HAVE_GENERIC_RCU_GUP I don't see it. Thus the question re
> > what am I missing here...
>
> Ok, I definitely agree that it looks like __get_user_pages_fast() just
> needs to get rid of the access_ok() and replace it with a proper check
> for the user address space range.
>
> Looks like arm[64] and powerpc.are the current users. Adding in some
> people involved with the original submission a few years ago.
Hi,
[ Apologies for my late reply, I was on vacation then catchup... ]
>
> I do note that the x86 __get_user_pages_fast() thing looks dodgy too.
>
> In particular, we do it right in the *real* get_user_pages_fast(), see
> commit 7f8189068726 ("x86: don't use 'access_ok()' as a range check in
> get_user_pages_fast()"). But then the same bug was re-introduced when
> the "irq safe" version was merged. As well as in the GENERIC_RCU_GUP
> version.
>
> Gaah. Apparently PeterZ copied the old buggy version before the fix
> when he added __get_user_pages_fast() in commit 465a454f254e ("x86,
> mm: Add __get_user_pages_fast()").
>
> I guess it could be considered a merge error (both happened during the
> 2.6.31 merge window).
>
Okay so looking at what we have for access_ok(.) on arm64, my
understanding is that we perform a 65-bit add/compare (in assembler) to
see whether or not the range is below the current_thread_info->addr_limit.
So I think this is a roundabout way of checking for no-wrap around and <= TASK_SIZE.
Looking at powerpc, I see it's a little different...
So if it sounds reasonable to folk I was going to send a patch to
replace the call to access_ok(.) with a wraparound + TASK_SIZE check
written explicitly in C? (and remove some of the comments talking about
access_ok(.)).
Cheers,
--
Steve
next prev parent reply other threads:[~2017-02-13 9:56 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-24 21:23 [PATCH] iov_iter: allow iov_iter_get_pages_alloc to allocate more pages per call Jeff Layton
2017-01-25 13:32 ` [PATCH v3 0/2] " Jeff Layton
2017-01-25 13:32 ` [PATCH v3 1/2] " Jeff Layton
2017-01-26 12:35 ` Jeff Layton
2017-01-27 13:24 ` [PATCH v4 0/2] " Jeff Layton
2017-01-27 13:24 ` [PATCH v4 1/2] " Jeff Layton
2017-01-27 13:24 ` [PATCH v4 2/2] ceph: switch DIO code to use iov_iter_get_pages_alloc Jeff Layton
[not found] ` <20170127132451.6601-3-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-30 15:40 ` Jeff Layton
2017-01-30 15:40 ` Jeff Layton
2017-01-25 13:32 ` [PATCH v3 " Jeff Layton
[not found] ` <20170125133205.21704-1-jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-02 9:51 ` [PATCH v3 0/2] iov_iter: allow iov_iter_get_pages_alloc to allocate more pages per call Al Viro
2017-02-02 9:51 ` [lustre-devel] " Al Viro
2017-02-02 9:51 ` Al Viro
[not found] ` <20170202095125.GF27291-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-02 10:56 ` Christoph Hellwig
2017-02-02 10:56 ` [lustre-devel] " Christoph Hellwig
2017-02-02 10:56 ` Christoph Hellwig
[not found] ` <20170202105651.GA32111-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2017-02-02 11:16 ` Al Viro
2017-02-02 11:16 ` [lustre-devel] " Al Viro
2017-02-02 11:16 ` Al Viro
[not found] ` <20170202111625.GG27291-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-02 13:00 ` Jeff Layton
2017-02-02 13:00 ` Jeff Layton
[not found] ` <1486040452.2812.6.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-03 7:29 ` Al Viro
2017-02-03 7:29 ` [lustre-devel] " Al Viro
2017-02-03 7:29 ` Al Viro
[not found] ` <20170203072952.GI27291-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-03 18:29 ` Linus Torvalds
2017-02-03 18:29 ` [lustre-devel] " Linus Torvalds
2017-02-03 18:29 ` Linus Torvalds
[not found] ` <CA+55aFx=NPESJv9RjCNRKFH_rk9uVMov0UtFbpZH-xBsgK2h-w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-03 19:08 ` Al Viro
2017-02-03 19:08 ` [lustre-devel] " Al Viro
2017-02-03 19:08 ` Al Viro
[not found] ` <20170203190816.GK27291-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-03 19:28 ` Linus Torvalds
2017-02-03 19:28 ` [lustre-devel] " Linus Torvalds
2017-02-03 19:28 ` Linus Torvalds
2017-02-13 9:56 ` Steve Capper [this message]
[not found] ` <20170213095616.GA18053-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2017-02-13 21:40 ` Linus Torvalds
2017-02-13 21:40 ` [lustre-devel] " Linus Torvalds
2017-02-13 21:40 ` Linus Torvalds
2017-02-03 7:49 ` Christoph Hellwig
2017-02-03 7:49 ` [lustre-devel] " Christoph Hellwig
2017-02-03 7:49 ` Christoph Hellwig
[not found] ` <20170203074901.GA19808-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2017-02-03 8:54 ` Al Viro
2017-02-03 8:54 ` [lustre-devel] " Al Viro
2017-02-03 8:54 ` Al Viro
[not found] ` <20170203085415.GJ27291-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-03 11:09 ` Christoph Hellwig
2017-02-03 11:09 ` [lustre-devel] " Christoph Hellwig
2017-02-03 11:09 ` Christoph Hellwig
2017-02-02 14:48 ` Jan Kara
2017-02-02 14:48 ` [lustre-devel] " Jan Kara
2017-02-02 14:48 ` Jan Kara
[not found] ` <20170202144817.GB15545-4I4JzKEfoa/jFM9bn6wA6Q@public.gmane.org>
2017-02-02 18:28 ` Al Viro
2017-02-02 18:28 ` [lustre-devel] " Al Viro
2017-02-02 18:28 ` Al Viro
[not found] ` <20170202182802.GH27291-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-03 14:47 ` Jan Kara
2017-02-03 14:47 ` [lustre-devel] " Jan Kara
2017-02-03 14:47 ` Jan Kara
2017-02-04 3:08 ` Al Viro
2017-02-04 3:08 ` [lustre-devel] " Al Viro
2017-02-04 3:08 ` Al Viro
[not found] ` <20170204030842.GL27291-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-04 19:26 ` Al Viro
2017-02-04 19:26 ` [lustre-devel] " Al Viro
2017-02-04 19:26 ` Al Viro
[not found] ` <20170204192655.GA13195-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-04 22:12 ` Miklos Szeredi
2017-02-04 22:12 ` Miklos Szeredi
2017-02-04 22:11 ` Miklos Szeredi
2017-02-04 22:11 ` Miklos Szeredi
[not found] ` <CAJfpegtVb8PKNnKe5wGMd0u0WzgLpjpVtVpqDScbrBJShLAfGw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-05 1:51 ` Al Viro
2017-02-05 1:51 ` [lustre-devel] " Al Viro
2017-02-05 1:51 ` Al Viro
[not found] ` <20170205015145.GB13195-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-05 20:15 ` Miklos Szeredi
2017-02-05 20:15 ` Miklos Szeredi
[not found] ` <CAJfpegv=r9J8Mqax_ZAB2h5QbRgJMHwyVMENTpYZ8u3_pqNfJw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-05 21:01 ` Al Viro
2017-02-05 21:01 ` [lustre-devel] " Al Viro
2017-02-05 21:01 ` Al Viro
[not found] ` <20170205210151.GD13195-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-05 21:19 ` Miklos Szeredi
2017-02-05 21:19 ` Miklos Szeredi
[not found] ` <CAJfpeguzOgX9d+5XCNJcmXW5KkrGbnWB5aZSP1-0q3a6i6uk2w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-05 22:04 ` Al Viro
2017-02-05 22:04 ` Al Viro
2017-02-05 22:04 ` [lustre-devel] " Al Viro
2017-02-05 22:04 ` Al Viro
[not found] ` <20170205220445.GE13195-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-06 3:05 ` Al Viro
2017-02-06 3:05 ` [lustre-devel] " Al Viro
2017-02-06 3:05 ` Al Viro
2017-02-06 9:08 ` Miklos Szeredi
[not found] ` <CAJfpegv5ZGd2gzSbQvgk4uX5q06AijY+TNg2jdrPBSjbFoXMfg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-06 9:57 ` Al Viro
2017-02-06 9:57 ` [lustre-devel] " Al Viro
2017-02-06 9:57 ` Al Viro
2017-02-06 14:18 ` Miklos Szeredi
[not found] ` <CAJfpegv-ePQE9pNwZe6O+0LjJdq2aVk3bnhxeZ=y7P+iFq72XA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-07 7:19 ` Al Viro
2017-02-07 7:19 ` [lustre-devel] " Al Viro
2017-02-07 7:19 ` Al Viro
[not found] ` <20170207071909.GI13195-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2017-02-07 11:35 ` Miklos Szeredi
2017-02-07 11:35 ` Miklos Szeredi
[not found] ` <20170207113554.GA30656-6fGP+1Jn+PcQFMt52x3flrFA6kmya3R0B1poBFZFfSg@public.gmane.org>
2017-02-08 5:54 ` Al Viro
2017-02-08 5:54 ` [lustre-devel] " Al Viro
2017-02-08 5:54 ` Al Viro
2017-02-08 9:53 ` Miklos Szeredi
2017-02-06 8:37 ` Miklos Szeredi
2017-02-05 20:56 ` Al Viro
2017-02-05 20:56 ` [lustre-devel] " Al Viro
2017-02-05 20:56 ` Al Viro
2017-02-16 13:10 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170213095616.GA18053@linaro.org \
--to=steve.capper@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=ceph-devel@vger.kernel.org \
--cc=chris@chris-wilson.co.uk \
--cc=hch@infradead.org \
--cc=hughd@google.com \
--cc=jack@suse.cz \
--cc=jlayton@redhat.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=lustre-devel@lists.lustre.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
--cc=v9fs-developer@lists.sourceforge.net \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.