From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Guenter Roeck <linux@roeck-us.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user()
Date: Mon, 7 Oct 2019 03:50:46 +0100 [thread overview]
Message-ID: <20191007025046.GL26530@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CAHk-=whKJfX579+2f-CHc4_YmEmwvMe_Csr0+CPfLAsSAdfDoA@mail.gmail.com>
On Sun, Oct 06, 2019 at 07:06:19PM -0700, Linus Torvalds wrote:
> On Sun, Oct 6, 2019 at 6:24 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> >
> > Ugh... I wonder if it would be better to lift STAC/CLAC out of
> > raw_copy_to_user(), rather than trying to reinvent its guts
> > in readdir.c...
>
> Yeah, I suspect that's the best option.
>
> Do something like
>
> - lift STAC/CLAC out of raw_copy_to_user
>
> - rename it to unsafe_copy_to_user
>
> - create a new raw_copy_to_user that is just unsafe_copy_to_user()
> with the STAC/CLAC around it.
>
> and the end result would actually be cleanert than what we have now
> (which duplicates that STAC/CLAC for each size case etc).
>
> And then for the "architecture doesn't have user_access_begin/end()"
> fallback case, we just do
>
> #define unsafe_copy_to_user raw_copy_to_user
Callers of raw_copy_to_user():
arch/hexagon/mm/uaccess.c:27: uncleared = raw_copy_to_user(dest, &empty_zero_page, PAGE_SIZE);
arch/hexagon/mm/uaccess.c:34: count = raw_copy_to_user(dest, &empty_zero_page, count);
arch/powerpc/kvm/book3s_64_mmu_radix.c:68: ret = raw_copy_to_user(to, from, n);
arch/s390/include/asm/uaccess.h:150: size = raw_copy_to_user(ptr, x, size);
include/asm-generic/uaccess.h:145: return unlikely(raw_copy_to_user(ptr, x, size)) ? -EFAULT : 0;
include/linux/uaccess.h:93: return raw_copy_to_user(to, from, n);
include/linux/uaccess.h:102: return raw_copy_to_user(to, from, n);
include/linux/uaccess.h:131: n = raw_copy_to_user(to, from, n);
lib/iov_iter.c:142: n = raw_copy_to_user(to, from, n);
lib/usercopy.c:28: n = raw_copy_to_user(to, from, n);
Out of those, only __copy_to_user_inatomic(), __copy_to_user(),
_copy_to_user() and iov_iter.c:copyout() can be called on
any architecture.
The last two should just do user_access_begin()/user_access_end()
instead of access_ok(). __copy_to_user_inatomic() has very few callers as well:
arch/mips/kernel/unaligned.c:1307: res = __copy_to_user_inatomic(addr, fpr, sizeof(*fpr));
drivers/gpu/drm/i915/i915_gem.c:345: unwritten = __copy_to_user_inatomic(user_data,
lib/test_kasan.c:471: unused = __copy_to_user_inatomic(usermem, kmem, size + 1);
mm/maccess.c:98: ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
So few, in fact, that I wonder if we want to keep it at all; the only
thing stopping me from "let's remove it" is that I don't understand
the i915 side of things. Where does it do an equivalent of access_ok()?
And mm/maccess.c one is __probe_kernel_write(), so presumably we don't
want stac/clac there at all...
So do we want to bother with separation between raw_copy_to_user() and
unsafe_copy_to_user()? After all, __copy_to_user() also has only few
callers, most of them in arch/*
I'll take a look into that tomorrow - half-asleep right now...
next prev parent reply other threads:[~2019-10-07 2:50 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-06 22:20 [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Guenter Roeck
2019-10-06 23:06 ` Linus Torvalds
2019-10-06 23:35 ` Linus Torvalds
2019-10-07 0:04 ` Guenter Roeck
2019-10-07 1:17 ` Linus Torvalds
2019-10-07 1:24 ` Al Viro
2019-10-07 2:06 ` Linus Torvalds
2019-10-07 2:50 ` Al Viro [this message]
2019-10-07 3:11 ` Linus Torvalds
2019-10-07 15:40 ` David Laight
2019-10-07 18:11 ` Linus Torvalds
2019-10-08 9:58 ` David Laight
2019-10-07 17:34 ` Al Viro
2019-10-07 18:13 ` Linus Torvalds
2019-10-07 18:22 ` Al Viro
2019-10-07 18:26 ` Linus Torvalds
2019-10-07 18:36 ` Tony Luck
2019-10-07 19:08 ` Linus Torvalds
2019-10-07 19:49 ` Tony Luck
2019-10-07 20:04 ` Linus Torvalds
2019-10-08 3:29 ` Al Viro
2019-10-08 4:09 ` Linus Torvalds
2019-10-08 4:14 ` Linus Torvalds
2019-10-08 5:02 ` Al Viro
2019-10-08 4:24 ` Linus Torvalds
2019-10-10 19:55 ` Al Viro
2019-10-10 22:12 ` Linus Torvalds
2019-10-11 0:11 ` Al Viro
2019-10-11 0:31 ` Linus Torvalds
2019-10-13 18:13 ` Al Viro
2019-10-13 18:43 ` Linus Torvalds
2019-10-13 19:10 ` Al Viro
2019-10-13 19:22 ` Linus Torvalds
2019-10-13 19:59 ` Al Viro
2019-10-13 20:20 ` Linus Torvalds
2019-10-15 3:46 ` Michael Ellerman
2019-10-15 18:08 ` Al Viro
2019-10-15 19:00 ` Linus Torvalds
2019-10-15 19:40 ` Al Viro
2019-10-15 20:18 ` Al Viro
2019-10-16 12:12 ` [RFC] change of calling conventions for arch_futex_atomic_op_inuser() Al Viro
2019-10-16 12:24 ` Thomas Gleixner
2019-10-16 20:25 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Al Viro
2019-10-17 19:36 ` [RFC][PATCHES] drivers/scsi/sg.c uaccess cleanups/fixes Al Viro
2019-10-17 19:39 ` [RFC PATCH 1/8] sg_ioctl(): fix copyout handling Al Viro
2019-10-17 19:39 ` [RFC PATCH 2/8] sg_new_write(): replace access_ok() + __copy_from_user() with copy_from_user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 3/8] sg_write(): __get_user() can fail Al Viro
2019-10-17 19:39 ` [RFC PATCH 4/8] sg_read(): simplify reading ->pack_id of userland sg_io_hdr_t Al Viro
2019-10-17 19:39 ` [RFC PATCH 5/8] sg_new_write(): don't bother with access_ok Al Viro
2019-10-17 19:39 ` [RFC PATCH 6/8] sg_read(): get rid of access_ok()/__copy_..._user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 7/8] sg_write(): get rid of access_ok()/__copy_from_user()/__get_user() Al Viro
2019-10-17 19:39 ` [RFC PATCH 8/8] SG_IO: get rid of access_ok() Al Viro
2019-10-17 21:44 ` [RFC][PATCHES] drivers/scsi/sg.c uaccess cleanups/fixes Douglas Gilbert
2019-11-05 4:54 ` Martin K. Petersen
2019-11-05 5:25 ` Al Viro
2019-11-06 4:29 ` Martin K. Petersen
2019-10-18 0:27 ` [RFC] csum_and_copy_from_user() semantics Al Viro
2019-10-25 14:01 ` [PATCH] Convert filldir[64]() from __put_user() to unsafe_put_user() Thomas Gleixner
2019-10-08 4:57 ` Al Viro
2019-10-08 13:14 ` Greg KH
2019-10-08 15:29 ` Al Viro
2019-10-08 15:38 ` Greg KH
2019-10-08 17:06 ` Al Viro
2019-10-08 19:58 ` Al Viro
2019-10-08 20:16 ` Al Viro
2019-10-08 20:34 ` Al Viro
2019-10-07 2:30 ` Guenter Roeck
2019-10-07 3:12 ` Linus Torvalds
2019-10-07 0:23 ` Guenter Roeck
2019-10-07 4:04 ` Max Filippov
2019-10-07 12:16 ` Guenter Roeck
2019-10-07 19:21 ` Linus Torvalds
2019-10-07 20:29 ` Guenter Roeck
2019-10-07 23:27 ` Guenter Roeck
2019-10-08 6:28 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191007025046.GL26530@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.