From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: "Paul Walmsley" <pjw@kernel.org>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
linux-riscv@lists.infradead.org,
"kernel test robot" <lkp@intel.com>,
"Russell King" <linux@armlinux.org.uk>,
linux-arm-kernel@lists.infradead.org,
"Linus Torvalds" <torvalds@linux-foundation.org>,
x86@kernel.org, "Madhavan Srinivasan" <maddy@linux.ibm.com>,
"Michael Ellerman" <mpe@ellerman.id.au>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Christophe Leroy" <christophe.leroy@csgroup.eu>,
linuxppc-dev@lists.ozlabs.org,
"Heiko Carstens" <hca@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Sven Schnelle" <svens@linux.ibm.com>,
linux-s390@vger.kernel.org,
"Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"David Laight" <david.laight.linux@gmail.com>,
"Julia Lawall" <Julia.Lawall@inria.fr>,
"Nicolas Palix" <nicolas.palix@imag.fr>,
"Peter Zijlstra" <peterz@infradead.org>,
"Darren Hart" <dvhart@infradead.org>,
"Davidlohr Bueso" <dave@stgolabs.net>,
"André Almeida" <andrealmeid@igalia.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Christian Brauner" <brauner@kernel.org>,
"Jan Kara" <jack@suse.cz>,
linux-fsdevel@vger.kernel.org
Subject: [patch V5 05/12] riscv/uaccess: Use unsafe wrappers for ASM GOTO
Date: Mon, 27 Oct 2025 09:43:50 +0100 (CET) [thread overview]
Message-ID: <20251027083745.419351819@linutronix.de> (raw)
In-Reply-To: 20251027083700.573016505@linutronix.de
ASM GOTO is miscompiled by GCC when it is used inside a auto cleanup scope:
bool foo(u32 __user *p, u32 val)
{
scoped_guard(pagefault)
unsafe_put_user(val, p, efault);
return true;
efault:
return false;
}
It ends up leaking the pagefault disable counter in the fault path. clang
at least fails the build.
Rename unsafe_*_user() to arch_unsafe_*_user() which makes the generic
uaccess header wrap it with a local label that makes both compilers emit
correct code. Same for the kernel_nofault() variants.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Paul Walmsley <pjw@kernel.org>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: linux-riscv@lists.infradead.org
---
arch/riscv/include/asm/uaccess.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/riscv/include/asm/uaccess.h
+++ b/arch/riscv/include/asm/uaccess.h
@@ -437,10 +437,10 @@ unsigned long __must_check clear_user(vo
__clear_user(untagged_addr(to), n) : n;
}
-#define __get_kernel_nofault(dst, src, type, err_label) \
+#define arch_get_kernel_nofault(dst, src, type, err_label) \
__get_user_nocheck(*((type *)(dst)), (__force __user type *)(src), err_label)
-#define __put_kernel_nofault(dst, src, type, err_label) \
+#define arch_put_kernel_nofault(dst, src, type, err_label) \
__put_user_nocheck(*((type *)(src)), (__force __user type *)(dst), err_label)
static __must_check __always_inline bool user_access_begin(const void __user *ptr, size_t len)
@@ -460,10 +460,10 @@ static inline void user_access_restore(u
* We want the unsafe accessors to always be inlined and use
* the error labels - thus the macro games.
*/
-#define unsafe_put_user(x, ptr, label) \
+#define arch_unsafe_put_user(x, ptr, label) \
__put_user_nocheck(x, (ptr), label)
-#define unsafe_get_user(x, ptr, label) do { \
+#define arch_unsafe_get_user(x, ptr, label) do { \
__inttype(*(ptr)) __gu_val; \
__get_user_nocheck(__gu_val, (ptr), label); \
(x) = (__force __typeof__(*(ptr)))__gu_val; \
next prev parent reply other threads:[~2025-10-27 8:43 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-27 8:43 [patch V5 00/12] uaccess: Provide and use scopes for user access Thomas Gleixner
2025-10-27 8:43 ` [patch V5 01/12] ARM: uaccess: Implement missing __get_user_asm_dword() Thomas Gleixner
2025-10-28 13:35 ` Mathieu Desnoyers
2025-10-27 8:43 ` [patch V5 02/12] uaccess: Provide ASM GOTO safe wrappers for unsafe_*_user() Thomas Gleixner
2025-10-27 12:12 ` Andrew Cooper
2025-10-28 13:44 ` Mathieu Desnoyers
2025-10-28 14:04 ` Yann Ylavic
2025-10-28 15:53 ` Thomas Gleixner
2025-10-29 9:40 ` [patch V6 " Thomas Gleixner
2025-11-04 6:11 ` [patch V5 " Christophe Leroy
2025-10-27 8:43 ` [patch V5 03/12] x86/uaccess: Use unsafe wrappers for ASM GOTO Thomas Gleixner
2025-10-28 13:50 ` Mathieu Desnoyers
2025-10-27 8:43 ` [patch V5 04/12] powerpc/uaccess: " Thomas Gleixner
2025-10-28 13:51 ` Mathieu Desnoyers
2025-11-04 6:15 ` Christophe Leroy
2025-10-27 8:43 ` Thomas Gleixner [this message]
2025-10-28 13:52 ` [patch V5 05/12] riscv/uaccess: " Mathieu Desnoyers
2025-10-27 8:43 ` [patch V5 06/12] s390/uaccess: " Thomas Gleixner
2025-10-28 13:54 ` Mathieu Desnoyers
2025-10-27 8:43 ` [patch V5 07/12] uaccess: Provide scoped user access regions Thomas Gleixner
2025-10-28 14:11 ` Mathieu Desnoyers
2025-11-04 6:20 ` Christophe Leroy
2025-11-07 19:17 ` David Laight
2025-10-27 8:43 ` [patch V5 08/12] uaccess: Provide put/get_user_inline() Thomas Gleixner
2025-10-28 14:12 ` Mathieu Desnoyers
2025-11-04 6:30 ` Christophe Leroy
2025-10-27 8:43 ` [patch V5 09/12] [RFC] coccinelle: misc: Add scoped_masked_$MODE_access() checker script Thomas Gleixner
2025-10-27 8:44 ` [patch V5 10/12] futex: Convert to get/put_user_inline() Thomas Gleixner
2025-10-28 14:24 ` Mathieu Desnoyers
2025-10-28 15:56 ` Thomas Gleixner
2025-10-28 16:02 ` Mathieu Desnoyers
2025-10-28 16:13 ` Linus Torvalds
2025-11-04 6:31 ` Christophe Leroy
2025-10-27 8:44 ` [patch V5 11/12] x86/futex: Convert to scoped user access Thomas Gleixner
2025-10-27 8:44 ` [patch V5 12/12] select: " Thomas Gleixner
2025-10-28 14:42 ` Mathieu Desnoyers
2025-11-04 6:32 ` Christophe Leroy
2025-10-27 15:53 ` [patch V5 00/12] uaccess: Provide and use scopes for " Linus Torvalds
2025-10-29 10:23 ` Peter Zijlstra
2025-11-03 14:46 ` Peter Zijlstra
2025-11-04 6:35 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251027083745.419351819@linutronix.de \
--to=tglx@linutronix.de \
--cc=Julia.Lawall@inria.fr \
--cc=andrealmeid@igalia.com \
--cc=andrew.cooper3@citrix.com \
--cc=borntraeger@linux.ibm.com \
--cc=brauner@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=dave@stgolabs.net \
--cc=david.laight.linux@gmail.com \
--cc=dvhart@infradead.org \
--cc=hca@linux.ibm.com \
--cc=jack@suse.cz \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lkp@intel.com \
--cc=maddy@linux.ibm.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mpe@ellerman.id.au \
--cc=nicolas.palix@imag.fr \
--cc=npiggin@gmail.com \
--cc=palmer@dabbelt.com \
--cc=peterz@infradead.org \
--cc=pjw@kernel.org \
--cc=svens@linux.ibm.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).