From: Linus Torvalds <torvalds@linux-foundation.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: "Eugenio Pérez" <eperezma@redhat.com>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"Alexei Starovoitov" <ast@kernel.org>,
"Alexey Dobriyan" <adobriyan@gmail.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Arnd Bergmann" <arnd@kernel.org>,
"Borislav Petkov" <bp@alien8.de>,
"Cong Wang" <cong.wang@bytedance.com>,
"Dan Williams" <dan.j.williams@intel.com>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
"David Laight" <David.Laight@aculab.com>,
"David Lechner" <dlechner@baylibre.com>,
"Dinh Nguyen" <dinguyen@kernel.org>,
"Eduard Zingerman" <eddyz87@gmail.com>,
"Gatlin Newhouse" <gatlin.newhouse@gmail.com>,
"Hao Luo" <haoluo@google.com>, "Ingo Molnar" <mingo@redhat.com>,
"Jakub Sitnicki" <jakub@cloudflare.com>,
"Jan Hendrik Farr" <kernel@jfarr.cc>,
"Jason Wang" <jasowang@redhat.com>,
"Jiri Olsa" <jolsa@kernel.org>,
"John Fastabend" <john.fastabend@gmail.com>,
"Jonathan Cameron" <Jonathan.Cameron@huawei.com>,
"Josh Poimboeuf" <jpoimboe@kernel.org>,
"KP Singh" <kpsingh@kernel.org>, "Kees Cook" <kees@kernel.org>,
"Luc Van Oostenryck" <luc.vanoostenryck@gmail.com>,
"Marc Herbert" <Marc.Herbert@linux.intel.com>,
"Martin KaFai Lau" <martin.lau@linux.dev>,
"Mateusz Guzik" <mjguzik@gmail.com>,
"Michal Luczaj" <mhal@rbox.co>, "Miguel Ojeda" <ojeda@kernel.org>,
"Mykola Lysenko" <mykolal@fb.com>, NeilBrown <neil@brown.name>,
"Peter Zijlstra" <peterz@infradead.org>,
"Przemek Kitszel" <przemyslaw.kitszel@intel.com>,
"Sami Tolvanen" <samitolvanen@google.com>,
"Shuah Khan" <shuah@kernel.org>, "Song Liu" <song@kernel.org>,
"Stanislav Fomichev" <sdf@fomichev.me>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Thorsten Blum" <thorsten.blum@linux.dev>,
"Uros Bizjak" <ubizjak@gmail.com>,
"Xuan Zhuo" <xuanzhuo@linux.alibaba.com>,
"Yafang Shao" <laoar.shao@gmail.com>,
"Ye Bin" <yebin10@huawei.com>,
"Yonghong Song" <yonghong.song@linux.dev>,
"Yufeng Wang" <wangyufeng@kylinos.cn>,
bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-sparse@vger.kernel.org, virtualization@lists.linux.dev,
x86@kernel.org
Subject: Re: [PATCH 4/7] arch/nios: replace "__auto_type" with "auto"
Date: Fri, 18 Jul 2025 15:48:44 -0700 [thread overview]
Message-ID: <CAHk-=whrbqBn_rCnPNwtLuoGHwjkqsLgDXYgjA0NW2ShAwqNkw@mail.gmail.com> (raw)
In-Reply-To: <CAHk-=whGcopJ_wewAtzfTS7=cG1yvpC90Y-xz5t-1Aw0ew682w@mail.gmail.com>
On Fri, 18 Jul 2025 at 14:49, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Fri, 18 Jul 2025 at 14:34, H. Peter Anvin <hpa@zytor.com> wrote:
> >
> > - __auto_type __pu_ptr = (ptr); \
> > + auto __pu_ptr = (ptr); \
> > typeof(*__pu_ptr) __pu_val = (typeof(*__pu_ptr))(x); \
>
> But that second case obviously is exactly the "auto type" case, just
> written using __typeof__.
Actually, looking at it, I actually think the NIOS2 header is a bit
buggy here, exactly because it should *not* have that cast to force
the types the same.
It's the exact same situation that on x86 is inside
do_put_user_call(), and on x86 uses that
__typeof__(*(ptr)) __x = (x); /* eval x once */
pattern instead: we don't want a cast, because we actually want just
the implicit type conversions, and a warning if the types aren't
compatible. Writing things to user space is still supposed to catch
type safety issues.
So having that '(typeof(*__pu_ptr))' cast of the value of '(x)' is
actually wrong, because it will silently (for example) convert a
pointer into a 'unsigned long' or vice versa, and __put_user() just
shouldn't do that.
If the user access is to a 'unsigned long __user *' location, the
kernel shouldn't be writing pointers into it.
Do we care? No. This is obviously nios2-specific, and the x86 version
will catch any generic mis-uses where somebody would try to
'put_user()' the wrong type.
And any "auto" conversion wouldn't change the bug anyway. But I
thought I'd mention it since it started bothering me and I went and
looked closer at that case I quoted.
And while looking at this, I think we have a similar mis-feature / bug
on x86 too: the unsafe_put_user() macro does exactly that cast:
#define unsafe_put_user(x, ptr, label) \
__put_user_size((__typeof__(*(ptr)))(x), ..
and I think that cast is wrong.
I wonder if it's actively hiding some issue with unsafe_put_user(), or
if I'm just missing something.
Linus
next prev parent reply other threads:[~2025-07-18 22:49 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-18 21:32 [PATCH 0/7] Replace "__auto_type" with "auto" H. Peter Anvin
2025-07-18 21:32 ` [PATCH 1/7] compiler_types.h: add "auto" as a macro for "__auto_type" H. Peter Anvin
2025-07-18 21:32 ` [PATCH 2/7] include/linux: change "__auto_type" to "auto" H. Peter Anvin
2025-07-18 21:32 ` [PATCH 3/7] fs/proc: replace "__auto_type" with "auto" H. Peter Anvin
2025-07-19 14:26 ` Alexey Dobriyan
2025-07-18 21:32 ` [PATCH 4/7] arch/nios: " H. Peter Anvin
2025-07-18 21:49 ` Linus Torvalds
2025-07-18 22:11 ` H. Peter Anvin
2025-07-18 22:48 ` Linus Torvalds [this message]
2025-07-18 22:58 ` Linus Torvalds
2025-07-19 9:06 ` David Laight
2025-07-19 9:52 ` David Laight
2025-07-18 21:32 ` [PATCH 5/7] arch/x86: " H. Peter Anvin
2025-07-18 21:32 ` [PATCH 6/7] selftests/bpf: " H. Peter Anvin
2025-07-18 21:32 ` [PATCH 7/7] tools/virtio: " H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whrbqBn_rCnPNwtLuoGHwjkqsLgDXYgjA0NW2ShAwqNkw@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=David.Laight@aculab.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=Marc.Herbert@linux.intel.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andrii@kernel.org \
--cc=arnd@kernel.org \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=cong.wang@bytedance.com \
--cc=dan.j.williams@intel.com \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=dinguyen@kernel.org \
--cc=dlechner@baylibre.com \
--cc=eddyz87@gmail.com \
--cc=eperezma@redhat.com \
--cc=gatlin.newhouse@gmail.com \
--cc=haoluo@google.com \
--cc=hpa@zytor.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=jakub@cloudflare.com \
--cc=jasowang@redhat.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=jpoimboe@kernel.org \
--cc=kees@kernel.org \
--cc=kernel@jfarr.cc \
--cc=kpsingh@kernel.org \
--cc=laoar.shao@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=luc.vanoostenryck@gmail.com \
--cc=martin.lau@linux.dev \
--cc=mhal@rbox.co \
--cc=mingo@redhat.com \
--cc=mjguzik@gmail.com \
--cc=mst@redhat.com \
--cc=mykolal@fb.com \
--cc=neil@brown.name \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=przemyslaw.kitszel@intel.com \
--cc=samitolvanen@google.com \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=tglx@linutronix.de \
--cc=thorsten.blum@linux.dev \
--cc=ubizjak@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=virtualization@lists.linux.dev \
--cc=wangyufeng@kylinos.cn \
--cc=x86@kernel.org \
--cc=xuanzhuo@linux.alibaba.com \
--cc=yebin10@huawei.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).