From: Oleg Nesterov <oleg@redhat.com>
To: Gregory Price <gourry.memverge@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux-arch@vger.kernel.org,
avagin@gmail.com, peterz@infradead.org, luto@kernel.org,
krisman@collabora.com, tglx@linutronix.de, corbet@lwn.net,
shuah@kernel.org, catalin.marinas@arm.com, arnd@arndb.de,
will@kernel.org, mark.rutland@arm.com, tongtiangen@huawei.com,
robin.murphy@arm.com, Gregory Price <gregory.price@memverge.com>
Subject: Re: [PATCH v14 1/4] asm-generic,arm64: create task variant of access_ok
Date: Wed, 29 Mar 2023 17:15:16 +0200 [thread overview]
Message-ID: <20230329151515.GA913@redhat.com> (raw)
In-Reply-To: <20230328164811.2451-2-gregory.price@memverge.com>
Hmm. I am not comfortable with this change...
I won't really argue because I don't have a better solution and because
I think we don't really care as long as task_set_syscall_user_dispatch()
is the only user of task_access_ok(), but still...
OK, so this version changes set_syscall_user_dispatch() to use
task_access_ok() instead of access_ok() because task != current.
On 03/28, Gregory Price wrote:
>
> If the architecture does not implement task_access_ok, the operation
> reduces to access_ok and the task argument is discarded.
No, with this patch it reduces to __access_ok(). And this already doesn't
look very good to me, but this is minor.
> --- a/include/asm-generic/access_ok.h
> +++ b/include/asm-generic/access_ok.h
> @@ -45,4 +45,14 @@ static inline int __access_ok(const void __user *ptr, unsigned long size)
> #define access_ok(addr, size) likely(__access_ok(addr, size))
> #endif
>
> +/*
> + * Some architectures may have special features (such as ARM MTE)
> + * that require handling if access_ok is called on a pointer from one
> + * task in the context of another. On most architectures this operation
> + * is equivalent to simply __access_ok.
> + */
> +#ifndef task_access_ok
> +#define task_access_ok(task, addr, size) likely(__access_ok(addr, size))
> +#endif
Lets ignore arm64.
This look as if access_ok() or __access_ok() doesn't depend on task, but
this is not true in general. Say, TASK_SIZE_MAX can check is_32bit_task()
test_thread_flag(TIF_32BIT...) and this uses "current".
Again, we probably do not care, but I don't like the fact task_access_ok()
looks as if task_access_ok(task) returns the same result as "task" calling
access_ok().
Oleg.
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Gregory Price <gourry.memverge@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux-arch@vger.kernel.org,
avagin@gmail.com, peterz@infradead.org, luto@kernel.org,
krisman@collabora.com, tglx@linutronix.de, corbet@lwn.net,
shuah@kernel.org, catalin.marinas@arm.com, arnd@arndb.de,
will@kernel.org, mark.rutland@arm.com, tongtiangen@huawei.com,
robin.murphy@arm.com, Gregory Price <gregory.price@memverge.com>
Subject: Re: [PATCH v14 1/4] asm-generic,arm64: create task variant of access_ok
Date: Wed, 29 Mar 2023 17:15:16 +0200 [thread overview]
Message-ID: <20230329151515.GA913@redhat.com> (raw)
In-Reply-To: <20230328164811.2451-2-gregory.price@memverge.com>
Hmm. I am not comfortable with this change...
I won't really argue because I don't have a better solution and because
I think we don't really care as long as task_set_syscall_user_dispatch()
is the only user of task_access_ok(), but still...
OK, so this version changes set_syscall_user_dispatch() to use
task_access_ok() instead of access_ok() because task != current.
On 03/28, Gregory Price wrote:
>
> If the architecture does not implement task_access_ok, the operation
> reduces to access_ok and the task argument is discarded.
No, with this patch it reduces to __access_ok(). And this already doesn't
look very good to me, but this is minor.
> --- a/include/asm-generic/access_ok.h
> +++ b/include/asm-generic/access_ok.h
> @@ -45,4 +45,14 @@ static inline int __access_ok(const void __user *ptr, unsigned long size)
> #define access_ok(addr, size) likely(__access_ok(addr, size))
> #endif
>
> +/*
> + * Some architectures may have special features (such as ARM MTE)
> + * that require handling if access_ok is called on a pointer from one
> + * task in the context of another. On most architectures this operation
> + * is equivalent to simply __access_ok.
> + */
> +#ifndef task_access_ok
> +#define task_access_ok(task, addr, size) likely(__access_ok(addr, size))
> +#endif
Lets ignore arm64.
This look as if access_ok() or __access_ok() doesn't depend on task, but
this is not true in general. Say, TASK_SIZE_MAX can check is_32bit_task()
test_thread_flag(TIF_32BIT...) and this uses "current".
Again, we probably do not care, but I don't like the fact task_access_ok()
looks as if task_access_ok(task) returns the same result as "task" calling
access_ok().
Oleg.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-03-29 15:16 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-28 16:48 [PATCH v14 0/4] Checkpoint Support for Syscall User Dispatch Gregory Price
2023-03-28 16:48 ` Gregory Price
2023-03-28 16:48 ` [PATCH v14 1/4] asm-generic,arm64: create task variant of access_ok Gregory Price
2023-03-28 16:48 ` Gregory Price
2023-03-28 18:46 ` Arnd Bergmann
2023-03-28 18:46 ` Arnd Bergmann
2023-03-29 15:15 ` Oleg Nesterov [this message]
2023-03-29 15:15 ` Oleg Nesterov
2023-03-29 15:41 ` Arnd Bergmann
2023-03-29 15:41 ` Arnd Bergmann
2023-03-29 16:03 ` Oleg Nesterov
2023-03-29 16:03 ` Oleg Nesterov
2023-03-29 3:56 ` Gregory Price
2023-03-29 3:56 ` Gregory Price
2023-03-29 17:13 ` Oleg Nesterov
2023-03-29 17:13 ` Oleg Nesterov
2023-03-29 5:37 ` Gregory Price
2023-03-29 5:37 ` Gregory Price
2023-03-29 17:58 ` Oleg Nesterov
2023-03-29 17:58 ` Oleg Nesterov
2023-03-29 5:54 ` Gregory Price
2023-03-29 5:54 ` Gregory Price
2023-03-29 18:13 ` Oleg Nesterov
2023-03-29 18:13 ` Oleg Nesterov
2023-03-29 10:02 ` Gregory Price
2023-03-29 10:02 ` Gregory Price
2023-03-29 23:54 ` Oleg Nesterov
2023-03-29 23:54 ` Oleg Nesterov
2023-03-29 18:29 ` Arnd Bergmann
2023-03-29 18:29 ` Arnd Bergmann
2023-03-29 16:22 ` Catalin Marinas
2023-03-29 16:22 ` Catalin Marinas
2023-03-29 4:34 ` Gregory Price
2023-03-29 4:34 ` Gregory Price
2023-03-30 14:05 ` Catalin Marinas
2023-03-30 14:05 ` Catalin Marinas
2023-03-30 4:18 ` Gregory Price
2023-03-30 4:18 ` Gregory Price
2023-03-28 16:48 ` [PATCH v14 2/4] syscall_user_dispatch: helper function to operate on given task Gregory Price
2023-03-28 16:48 ` Gregory Price
2023-03-28 16:48 ` [PATCH v14 3/4] ptrace,syscall_user_dispatch: checkpoint/restore support for SUD Gregory Price
2023-03-28 16:48 ` Gregory Price
2023-03-28 16:48 ` [PATCH v14 4/4] selftest,ptrace: Add selftest for syscall user dispatch config api Gregory Price
2023-03-28 16:48 ` Gregory Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230329151515.GA913@redhat.com \
--to=oleg@redhat.com \
--cc=arnd@arndb.de \
--cc=avagin@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=gourry.memverge@gmail.com \
--cc=gregory.price@memverge.com \
--cc=krisman@collabora.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=peterz@infradead.org \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=tongtiangen@huawei.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.