From: Christoph Hellwig <hch@infradead.org>
To: Ben Dooks <ben.dooks@codethink.co.uk>
Cc: Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
linux-riscv@lists.infradead.org,
Terry Hu <kejia.hu@codethink.co.uk>, Arnd Bergman <arnd@arndb.de>
Subject: Re: [PATCH] RFC: riscv: evaluate put_user() arg before enabling user access
Date: Fri, 19 Mar 2021 13:05:14 +0000 [thread overview]
Message-ID: <20210319130514.GA1053613@infradead.org> (raw)
In-Reply-To: <20210318224135.134344-1-ben.dooks@codethink.co.uk>
On Thu, Mar 18, 2021 at 10:41:35PM +0000, Ben Dooks wrote:
> The <asm/uaccess.h> header has a problem with
> put_user(a, ptr) if the 'a' is not a simple
> variable, such as a function. This can lead
> to the compiler producing code as so:
Nit: your commit log seeems to truncate lines after 50 chars, you can
and should use almost 1.5 as much.
> * @ptr must have pointer-to-simple-variable type, and @x must be assignable
> - * to the result of dereferencing @ptr.
> + * to the result of dereferencing @ptr. The @x is copied inside the macro
> + * to avoid code re-ordering where @x gets evaulated within the block that
> + * enables user-space access (thus possibly bypassing some of the protection
> + * this feautre provides).
Well, hopefully the compiler is smart enought to not actually copy.
So we should probably talk about evaluating the argument here.
> #define __put_user(x, ptr) \
> ({ \
> __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
> + __typeof__(*__gu_ptr) __val = (x); \
> long __pu_err = 0; \
> \
> __chk_user_ptr(__gu_ptr); \
> \
> __enable_user_access(); \
> - __put_user_nocheck(x, __gu_ptr, __pu_err); \
> + __put_user_nocheck(__val, __gu_ptr, __pu_err); \
> __disable_user_access(); \
It looks like __get_user needs the same treatment.
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2021-03-19 13:05 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 22:41 [PATCH] RFC: riscv: evaluate put_user() arg before enabling user access Ben Dooks
2021-03-18 22:48 ` Arnd Bergmann
2021-03-18 23:46 ` Ben Dooks
2021-03-19 13:05 ` Christoph Hellwig [this message]
2021-03-19 14:19 ` Ben Dooks
2021-03-19 15:03 ` Alex Ghiti
2021-03-19 15:09 ` Ben Dooks
2021-03-19 16:12 ` Alex Ghiti
2021-03-19 21:56 ` Ben Dooks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210319130514.GA1053613@infradead.org \
--to=hch@infradead.org \
--cc=arnd@arndb.de \
--cc=ben.dooks@codethink.co.uk \
--cc=kejia.hu@codethink.co.uk \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox