From: David Laight <david.laight.linux@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Darren Hart <dvhart@infradead.org>,
Davidlohr Bueso <dave@stgolabs.net>,
Andre Almeida <andrealmeid@igalia.com>,
Andrew Morton <akpm@linux-foundation.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Daniel Borkmann <daniel@iogearbox.net>,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-block@vger.kernel.org
Subject: Re: [PATCH v2 02/10] uaccess: Add speculation barrier to copy_from_user_iter()
Date: Fri, 22 Aug 2025 19:53:03 +0100 [thread overview]
Message-ID: <20250822195303.0d9fb6eb@pumpkin> (raw)
In-Reply-To: <CAHk-=whKeVCEtR2mQJQjT2ndSOXGDdb+L0=WoVUQUGumm88VpA@mail.gmail.com>
On Fri, 22 Aug 2025 09:46:37 -0400
Linus Torvalds <torvalds@linux-foundation.org> wrote:
> On Fri, 22 Aug 2025 at 05:58, Christophe Leroy
> <christophe.leroy@csgroup.eu> wrote:
> >
> > The results of "access_ok()" can be mis-speculated. The result is that
> > you can end speculatively:
> >
> > if (access_ok(from, size))
> > // Right here
>
> I actually think that we should probably just make access_ok() itself do this.
You'd need to re-introduce the read/write parameter.
And you'd want it to be compile time.
Although going through the code changing them to read_access_ok()
and write_access_ok() would probably leave you with a lot fewer calls.
> We don't have *that* many users since we have been de-emphasizing the
> "check ahead of time" model, and any that are performance-critical can
> these days be turned into masked addresses.
Or aim to allocate a guard page on all archs, support 'masked' access
on all of them, and then just delete access_ok().
That'll make it look less ugly.
Perhaps not this week though :-)
David
>
> As it is, now we're in the situation that careful places - like
> _inline_copy_from_user(), and with your patch copy_from_user_iter() -
> do maybe wethis by hand and are ugly as a result, and lazy and
> probably incorrect places don't do it at all.
>
> That said, I don't object to this patch and maybe we should do that
> access_ok() change later and independently of any powerpc work.
>
> Linus
next prev parent reply other threads:[~2025-08-22 18:53 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-22 9:57 [PATCH v2 00/10] powerpc: Implement masked user access Christophe Leroy
2025-08-22 9:57 ` [PATCH v2 01/10] iter: Avoid barrier_nospec() in copy_from_user_iter() Christophe Leroy
2025-08-22 9:57 ` [PATCH v2 02/10] uaccess: Add speculation barrier to copy_from_user_iter() Christophe Leroy
2025-08-22 13:46 ` Linus Torvalds
2025-08-22 14:11 ` Giorgi Tchankvetadze
2025-08-22 18:53 ` David Laight [this message]
2025-08-22 9:57 ` [PATCH v2 03/10] uaccess: Add masked_user_{read/write}_access_begin Christophe Leroy
2025-08-24 15:08 ` Thomas Gleixner
2025-08-22 9:58 ` [PATCH v2 04/10] powerpc/uaccess: Move barrier_nospec() out of allow_read_{from/write}_user() Christophe Leroy
2025-08-22 9:58 ` [PATCH v2 05/10] powerpc/uaccess: Remove unused size and from parameters from allow_access_user() Christophe Leroy
2025-08-22 9:58 ` [PATCH v2 06/10] powerpc/uaccess: Remove {allow/prevent}_{read/write/read_write}_{from/to/}_user() Christophe Leroy
2025-08-22 9:58 ` [PATCH v2 07/10] powerpc/uaccess: Refactor user_{read/write/}_access_begin() Christophe Leroy
2025-08-22 9:58 ` [PATCH v2 08/10] powerpc/32s: Fix segments setup when TASK_SIZE is not a multiple of 256M Christophe Leroy
2025-08-22 9:58 ` [PATCH v2 09/10] powerpc/32: Automatically adapt TASK_SIZE based on constraints Christophe Leroy
2025-08-22 12:04 ` David Laight
2025-08-22 9:58 ` [PATCH v2 10/10] powerpc/uaccess: Implement masked user access Christophe Leroy
2025-08-25 9:04 ` Gabriel Paubert
2025-08-25 9:40 ` Christophe Leroy
2025-08-25 10:18 ` Gabriel Paubert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250822195303.0d9fb6eb@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andrealmeid@igalia.com \
--cc=brauner@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=dave@stgolabs.net \
--cc=dvhart@infradead.org \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.