From: david.laight.linux@gmail.com
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Andre Almeida <andrealmeid@igalia.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Christian Brauner <brauner@kernel.org>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
Darren Hart <dvhart@infradead.org>,
David Laight <david.laight.linux@gmail.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Heiko Carstens <hca@linux.ibm.com>, Jan Kara <jack@suse.cz>,
Julia Lawall <Julia.Lawall@inria.fr>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
Nicolas Palix <nicolas.palix@imag.fr>,
Palmer Dabbelt <palmer@dabbelt.com>,
Paul Walmsley <pjw@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Russell King <linux@armlinux.org.uk>,
Sven Schnelle <svens@linux.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
x86@kernel.org, Kees Cook <kees@kernel.org>,
akpm@linux-foundation.org
Subject: [PATCH v2 next 5/5] signal: Use scoped_user_access() instead of __put/get_user()
Date: Mon, 2 Mar 2026 13:27:55 +0000 [thread overview]
Message-ID: <20260302132755.1475451-6-david.laight.linux@gmail.com> (raw)
In-Reply-To: <20260302132755.1475451-1-david.laight.linux@gmail.com>
From: David Laight <david.laight.linux@gmail.com>
Mechanically change the access_ok() and __get/put_user() to use
scoped_user_read/write_access() and unsafe_get/put_user().
This generates better code with fewer STAC/CLAC pairs.
It also ensures that access_ok() is called near the user accesses.
I failed to find the one for __save_altstack().
Looking at the change, perhaps there should be aliases:
#define scoped_put_user unsafe_put_user
#define scoped_get_user unsafe_get_user
Signed-off-by: David Laight <david.laight.linux@gmail.com>
---
kernel/signal.c | 72 ++++++++++++++++++++++++++++---------------------
1 file changed, 42 insertions(+), 30 deletions(-)
diff --git a/kernel/signal.c b/kernel/signal.c
index d65d0fe24bfb..fca257398cbc 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -4469,10 +4469,16 @@ int restore_altstack(const stack_t __user *uss)
int __save_altstack(stack_t __user *uss, unsigned long sp)
{
struct task_struct *t = current;
- int err = __put_user((void __user *)t->sas_ss_sp, &uss->ss_sp) |
- __put_user(t->sas_ss_flags, &uss->ss_flags) |
- __put_user(t->sas_ss_size, &uss->ss_size);
- return err;
+
+ scoped_user_write_access(uss, Efault) {
+ unsafe_put_user((void __user *)t->sas_ss_sp, &uss->ss_sp, Efault);
+ unsafe_put_user(t->sas_ss_flags, &uss->ss_flags, Efault);
+ unsafe_put_user(t->sas_ss_size, &uss->ss_size, Efault);
+ }
+ return 0;
+
+Efault:
+ return -EFAULT;
}
#ifdef CONFIG_COMPAT
@@ -4705,12 +4711,12 @@ SYSCALL_DEFINE3(sigaction, int, sig,
if (act) {
old_sigset_t mask;
- if (!access_ok(act, sizeof(*act)) ||
- __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
- __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
- __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
- __get_user(mask, &act->sa_mask))
- return -EFAULT;
+ scoped_user_read_access(act, Efault) {
+ unsafe_get_user(new_ka.sa.sa_handler, &act->sa_handler, Efault);
+ unsafe_get_user(new_ka.sa.sa_restorer, &act->sa_restorer, Efault);
+ unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault);
+ unsafe_get_user(mask, &act->sa_mask, Efault);
+ }
#ifdef __ARCH_HAS_KA_RESTORER
new_ka.ka_restorer = NULL;
#endif
@@ -4720,15 +4726,18 @@ SYSCALL_DEFINE3(sigaction, int, sig,
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
if (!ret && oact) {
- if (!access_ok(oact, sizeof(*oact)) ||
- __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
- __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
- __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
- __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
- return -EFAULT;
+ scoped_user_write_access(oact, Efault) {
+ unsafe_put_user(old_ka.sa.sa_handler, &oact->sa_handler, Efault);
+ unsafe_put_user(old_ka.sa.sa_restorer, &oact->sa_restorer, Efault);
+ unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault);
+ unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault);
+ }
}
return ret;
+
+Efault:
+ return -EFAULT;
}
#endif
#ifdef CONFIG_COMPAT_OLD_SIGACTION
@@ -4742,12 +4751,12 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig,
compat_uptr_t handler, restorer;
if (act) {
- if (!access_ok(act, sizeof(*act)) ||
- __get_user(handler, &act->sa_handler) ||
- __get_user(restorer, &act->sa_restorer) ||
- __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
- __get_user(mask, &act->sa_mask))
- return -EFAULT;
+ scoped_user_read_access(act, Efault) {
+ unsafe_get_user(handler, &act->sa_handler, Efault);
+ unsafe_get_user(restorer, &act->sa_restorer, Efault);
+ unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault);
+ unsafe_get_user(mask, &act->sa_mask, Efault);
+ }
#ifdef __ARCH_HAS_KA_RESTORER
new_ka.ka_restorer = NULL;
@@ -4760,16 +4769,19 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig,
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
if (!ret && oact) {
- if (!access_ok(oact, sizeof(*oact)) ||
- __put_user(ptr_to_compat(old_ka.sa.sa_handler),
- &oact->sa_handler) ||
- __put_user(ptr_to_compat(old_ka.sa.sa_restorer),
- &oact->sa_restorer) ||
- __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
- __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
- return -EFAULT;
+ scoped_user_write_access(oact, Efault) {
+ unsafe_put_user(ptr_to_compat(old_ka.sa.sa_handler),
+ &oact->sa_handler, Efault);
+ unsafe_put_user(ptr_to_compat(old_ka.sa.sa_restorer),
+ &oact->sa_restorer, Efault);
+ unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault);
+ unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault);
+ }
}
return ret;
+
+Efault:
+ return -EFAULT;
}
#endif
--
2.39.5
WARNING: multiple messages have this Message-ID (diff)
From: david.laight.linux@gmail.com
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Andre Almeida <andrealmeid@igalia.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Christian Brauner <brauner@kernel.org>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
Darren Hart <dvhart@infradead.org>,
David Laight <david.laight.linux@gmail.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Heiko Carstens <hca@linux.ibm.com>, Jan Kara <jack@suse.cz>,
Julia Lawall <Julia.Lawall@inria.fr>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
Nicolas Palix <nicolas.palix@imag.fr>,
Palmer Dabbelt <palmer@dabbelt.com>,
Paul Walmsley <pjw@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Russell King <linux@armlinux.org.uk>,
Sven Schnelle <svens@linux.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
x86@kernel.org, Kees Cook <kees@kernel.org>,
akpm@linux-foundation.org
Subject: [PATCH v2 next 5/5] signal: Use scoped_user_access() instead of __put/get_user()
Date: Mon, 2 Mar 2026 13:27:55 +0000 [thread overview]
Message-ID: <20260302132755.1475451-6-david.laight.linux@gmail.com> (raw)
In-Reply-To: <20260302132755.1475451-1-david.laight.linux@gmail.com>
From: David Laight <david.laight.linux@gmail.com>
Mechanically change the access_ok() and __get/put_user() to use
scoped_user_read/write_access() and unsafe_get/put_user().
This generates better code with fewer STAC/CLAC pairs.
It also ensures that access_ok() is called near the user accesses.
I failed to find the one for __save_altstack().
Looking at the change, perhaps there should be aliases:
#define scoped_put_user unsafe_put_user
#define scoped_get_user unsafe_get_user
Signed-off-by: David Laight <david.laight.linux@gmail.com>
---
kernel/signal.c | 72 ++++++++++++++++++++++++++++---------------------
1 file changed, 42 insertions(+), 30 deletions(-)
diff --git a/kernel/signal.c b/kernel/signal.c
index d65d0fe24bfb..fca257398cbc 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -4469,10 +4469,16 @@ int restore_altstack(const stack_t __user *uss)
int __save_altstack(stack_t __user *uss, unsigned long sp)
{
struct task_struct *t = current;
- int err = __put_user((void __user *)t->sas_ss_sp, &uss->ss_sp) |
- __put_user(t->sas_ss_flags, &uss->ss_flags) |
- __put_user(t->sas_ss_size, &uss->ss_size);
- return err;
+
+ scoped_user_write_access(uss, Efault) {
+ unsafe_put_user((void __user *)t->sas_ss_sp, &uss->ss_sp, Efault);
+ unsafe_put_user(t->sas_ss_flags, &uss->ss_flags, Efault);
+ unsafe_put_user(t->sas_ss_size, &uss->ss_size, Efault);
+ }
+ return 0;
+
+Efault:
+ return -EFAULT;
}
#ifdef CONFIG_COMPAT
@@ -4705,12 +4711,12 @@ SYSCALL_DEFINE3(sigaction, int, sig,
if (act) {
old_sigset_t mask;
- if (!access_ok(act, sizeof(*act)) ||
- __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
- __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
- __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
- __get_user(mask, &act->sa_mask))
- return -EFAULT;
+ scoped_user_read_access(act, Efault) {
+ unsafe_get_user(new_ka.sa.sa_handler, &act->sa_handler, Efault);
+ unsafe_get_user(new_ka.sa.sa_restorer, &act->sa_restorer, Efault);
+ unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault);
+ unsafe_get_user(mask, &act->sa_mask, Efault);
+ }
#ifdef __ARCH_HAS_KA_RESTORER
new_ka.ka_restorer = NULL;
#endif
@@ -4720,15 +4726,18 @@ SYSCALL_DEFINE3(sigaction, int, sig,
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
if (!ret && oact) {
- if (!access_ok(oact, sizeof(*oact)) ||
- __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
- __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
- __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
- __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
- return -EFAULT;
+ scoped_user_write_access(oact, Efault) {
+ unsafe_put_user(old_ka.sa.sa_handler, &oact->sa_handler, Efault);
+ unsafe_put_user(old_ka.sa.sa_restorer, &oact->sa_restorer, Efault);
+ unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault);
+ unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault);
+ }
}
return ret;
+
+Efault:
+ return -EFAULT;
}
#endif
#ifdef CONFIG_COMPAT_OLD_SIGACTION
@@ -4742,12 +4751,12 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig,
compat_uptr_t handler, restorer;
if (act) {
- if (!access_ok(act, sizeof(*act)) ||
- __get_user(handler, &act->sa_handler) ||
- __get_user(restorer, &act->sa_restorer) ||
- __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
- __get_user(mask, &act->sa_mask))
- return -EFAULT;
+ scoped_user_read_access(act, Efault) {
+ unsafe_get_user(handler, &act->sa_handler, Efault);
+ unsafe_get_user(restorer, &act->sa_restorer, Efault);
+ unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault);
+ unsafe_get_user(mask, &act->sa_mask, Efault);
+ }
#ifdef __ARCH_HAS_KA_RESTORER
new_ka.ka_restorer = NULL;
@@ -4760,16 +4769,19 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig,
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
if (!ret && oact) {
- if (!access_ok(oact, sizeof(*oact)) ||
- __put_user(ptr_to_compat(old_ka.sa.sa_handler),
- &oact->sa_handler) ||
- __put_user(ptr_to_compat(old_ka.sa.sa_restorer),
- &oact->sa_restorer) ||
- __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
- __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
- return -EFAULT;
+ scoped_user_write_access(oact, Efault) {
+ unsafe_put_user(ptr_to_compat(old_ka.sa.sa_handler),
+ &oact->sa_handler, Efault);
+ unsafe_put_user(ptr_to_compat(old_ka.sa.sa_restorer),
+ &oact->sa_restorer, Efault);
+ unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault);
+ unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault);
+ }
}
return ret;
+
+Efault:
+ return -EFAULT;
}
#endif
--
2.39.5
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2026-03-02 13:28 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-02 13:27 [PATCH v2 0/5] uaccess: Updates to scoped_user_access() david.laight.linux
2026-03-02 13:27 ` david.laight.linux
2026-03-02 13:27 ` [PATCH v2 1/5] uaccess: Fix scoped_user_read_access() for 'pointer to const' david.laight.linux
2026-03-02 13:27 ` david.laight.linux
2026-03-02 14:59 ` Christophe Leroy (CS GROUP)
2026-03-02 14:59 ` Christophe Leroy (CS GROUP)
2026-03-02 17:26 ` Linus Torvalds
2026-03-02 17:26 ` Linus Torvalds
2026-03-02 18:55 ` David Laight
2026-03-02 18:55 ` David Laight
2026-03-02 13:27 ` [PATCH v2 2/5] compiler.h: Add generic support for 'autoterminating nested for() loops' david.laight.linux
2026-03-02 13:27 ` david.laight.linux
2026-03-02 13:27 ` [PATCH v2 3/5] uaccess.h: Use with() and and_with() in __scoped_user_access() david.laight.linux
2026-03-02 13:27 ` david.laight.linux
2026-03-02 13:27 ` [PATCH v2 4/5] uaccess: Disable -Wshadow " david.laight.linux
2026-03-02 13:27 ` david.laight.linux
2026-03-02 15:00 ` Christophe Leroy (CS GROUP)
2026-03-02 15:00 ` Christophe Leroy (CS GROUP)
2026-03-03 9:12 ` David Laight
2026-03-03 9:12 ` David Laight
2026-03-02 17:17 ` Linus Torvalds
2026-03-02 17:17 ` Linus Torvalds
2026-03-05 8:10 ` kernel test robot
2026-03-05 8:10 ` kernel test robot
2026-03-02 13:27 ` david.laight.linux [this message]
2026-03-02 13:27 ` [PATCH v2 next 5/5] signal: Use scoped_user_access() instead of __put/get_user() david.laight.linux
2026-03-02 16:07 ` Christophe Leroy (CS GROUP)
2026-03-02 16:07 ` Christophe Leroy (CS GROUP)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260302132755.1475451-6-david.laight.linux@gmail.com \
--to=david.laight.linux@gmail.com \
--cc=Julia.Lawall@inria.fr \
--cc=akpm@linux-foundation.org \
--cc=andrealmeid@igalia.com \
--cc=andrew.cooper3@citrix.com \
--cc=borntraeger@linux.ibm.com \
--cc=brauner@kernel.org \
--cc=chleroy@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=dave@stgolabs.net \
--cc=dvhart@infradead.org \
--cc=hca@linux.ibm.com \
--cc=jack@suse.cz \
--cc=kees@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mpe@ellerman.id.au \
--cc=nicolas.palix@imag.fr \
--cc=npiggin@gmail.com \
--cc=palmer@dabbelt.com \
--cc=peterz@infradead.org \
--cc=pjw@kernel.org \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.