From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Aleksa Sarai <cyphar@cyphar.com>, Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
Christian Brauner <christian@brauner.io>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
GNU C Library <libc-alpha@sourceware.org>,
Linux API <linux-api@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v1 1/4] lib: introduce copy_struct_from_user() helper
Date: Wed, 25 Sep 2019 19:04:12 +0100 [thread overview]
Message-ID: <20190925180412.GK26530@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CAHk-=wjagt257WHiOr2v1Bx_3q7tuzogabw_1EnodKm0vt+-WQ@mail.gmail.com>
On Wed, Sep 25, 2019 at 10:48:31AM -0700, Linus Torvalds wrote:
> On Wed, Sep 25, 2019 at 10:21 AM Aleksa Sarai <cyphar@cyphar.com> wrote:
> >
> > Just to make sure I understand, the following diff would this solve the
> > problem? If so, I'll apply it, and re-send in a few hours.
>
> Actually, looking at it more, it's still buggy.
>
> That final "size smaller than unsigned long" doesn't correctly handle
> the case of (say) a single byte in the middle of a 8-byte word.
>
> So you need to do something like this:
>
> int is_zeroed_user(const void __user *from, size_t size)
> {
> unsigned long val, mask, align;
>
> if (unlikely(!size))
> return true;
>
> if (!user_access_begin(from, size))
> return -EFAULT;
>
> align = (uintptr_t) from % sizeof(unsigned long);
> from -= align;
> size += align;
>
> mask = ~aligned_byte_mask(align);
>
> while (size >= sizeof(unsigned long)) {
> unsafe_get_user(val, (unsigned long __user *) from, err_fault);
> val &= mask;
> if (unlikely(val))
> goto done;
> mask = ~0ul;
> from += sizeof(unsigned long);
> size -= sizeof(unsigned long);
> }
>
> if (size) {
> /* (@from + @size) is unaligned. */
> unsafe_get_user(val, (unsigned long __user *) from, err_fault);
> mask &= aligned_byte_mask(size);
> val &= mask;
> }
IMO it's better to lift reading the first word out of the loop, like this:
align = (uintptr_t) from % sizeof(unsigned long);
from -= align;
unsafe_get_user(val, (unsigned long __user *) from, err_fault);
if (align) {
size += align;
val &= ~aligned_byte_mask(align);
}
while (size > sizeof(unsigned long)) {
if (unlikely(val))
goto done;
from += sizeof(unsigned long);
size -= sizeof(unsigned long);
unsafe_get_user(val, (unsigned long __user *) from, err_fault);
}
if (size != size(unsigned long))
val &= aligned_byte_mask(size);
done:
Do you see any problems with that variant?
next prev parent reply other threads:[~2019-09-25 18:04 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-25 16:59 [PATCH v1 0/4] lib: introduce copy_struct_from_user() helper Aleksa Sarai
2019-09-25 16:59 ` [PATCH v1 1/4] " Aleksa Sarai
2019-09-25 17:10 ` Linus Torvalds
2019-09-25 17:20 ` Aleksa Sarai
2019-09-25 17:48 ` Linus Torvalds
2019-09-25 18:04 ` Al Viro [this message]
2019-09-25 18:13 ` Linus Torvalds
2019-09-25 19:43 ` Al Viro
2019-09-25 20:23 ` Linus Torvalds
2019-09-25 17:18 ` Christian Brauner
2019-09-25 17:20 ` Christian Brauner
2019-09-25 19:16 ` kbuild test robot
2019-09-25 19:16 ` kbuild test robot
2019-09-25 20:47 ` kbuild test robot
2019-09-25 20:47 ` kbuild test robot
2019-09-25 16:59 ` [PATCH v1 2/4] clone3: switch to copy_struct_from_user() Aleksa Sarai
2019-09-25 17:22 ` Christian Brauner
2019-09-25 18:59 ` kbuild test robot
2019-09-25 18:59 ` kbuild test robot
2019-09-25 19:08 ` kbuild test robot
2019-09-25 19:08 ` kbuild test robot
2019-09-25 16:59 ` [PATCH v1 3/4] sched_setattr: " Aleksa Sarai
2019-09-25 16:59 ` [PATCH v1 4/4] perf_event_open: " Aleksa Sarai
2019-09-25 17:09 ` [PATCH v1 0/4] lib: introduce copy_struct_from_user() helper Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190925180412.GK26530@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=alexander.shishkin@linux.intel.com \
--cc=christian@brauner.io \
--cc=cyphar@cyphar.com \
--cc=jolsa@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.