From: Takashi Iwai <tiwai@suse.de>
To: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-sound@vger.kernel.org,
Herve Codina <herve.codina@bootlin.com>,
Mark Brown <broonie@kernel.org>
Subject: Re: [PATCH v2] ALSA: pcm: Convert multiple {get/put}_user to user_access_begin/user_access_end()
Date: Mon, 09 Jun 2025 10:10:52 +0200 [thread overview]
Message-ID: <87zfeh72sz.wl-tiwai@suse.de> (raw)
In-Reply-To: <d2609397eafc2b55ec1f44a3f30ccec00e0c7f6e.1749455639.git.christophe.leroy@csgroup.eu>
On Mon, 09 Jun 2025 10:00:38 +0200,
Christophe Leroy wrote:
>
> With user access protection (Called SMAP on x86 or KUAP on powerpc)
> each and every call to get_user() or put_user() performs heavy
> operations to unlock and lock kernel access to userspace.
>
> To avoid that, perform user accesses by blocks using
> user_access_begin/user_access_end() and unsafe_get_user()/
> unsafe_put_user() and alike.
>
> As an exemple, before the patch the 9 calls to put_user() at the
> end of snd_pcm_ioctl_sync_ptr_compat() imply the following set of
> instructions about 9 times (access_ok - enable user - write - disable
> user):
> 0.00 : c057f858: 3d 20 7f ff lis r9,32767
> 0.29 : c057f85c: 39 5e 00 14 addi r10,r30,20
> 0.77 : c057f860: 61 29 ff fc ori r9,r9,65532
> 0.32 : c057f864: 7c 0a 48 40 cmplw r10,r9
> 0.36 : c057f868: 41 a1 fb 58 bgt c057f3c0 <snd_pcm_ioctl+0xbb0>
> 0.30 : c057f86c: 3d 20 dc 00 lis r9,-9216
> 1.95 : c057f870: 7d 3a c3 a6 mtspr 794,r9
> 0.33 : c057f874: 92 8a 00 00 stw r20,0(r10)
> 0.27 : c057f878: 3d 20 de 00 lis r9,-8704
> 0.28 : c057f87c: 7d 3a c3 a6 mtspr 794,r9
> ...
>
> A perf profile shows that in total the 9 put_user() represent 36% of
> the time spent in snd_pcm_ioctl() and about 80 instructions.
>
> With this patch everything is done in 13 instructions and represent
> only 15% of the time spent in snd_pcm_ioctl():
>
> 0.57 : c057f5dc: 3d 20 dc 00 lis r9,-9216
> 0.98 : c057f5e0: 7d 3a c3 a6 mtspr 794,r9
> 0.16 : c057f5e4: 92 7f 00 04 stw r19,4(r31)
> 0.63 : c057f5e8: 93 df 00 0c stw r30,12(r31)
> 0.16 : c057f5ec: 93 9f 00 10 stw r28,16(r31)
> 4.95 : c057f5f0: 92 9f 00 14 stw r20,20(r31)
> 0.19 : c057f5f4: 92 5f 00 18 stw r18,24(r31)
> 0.49 : c057f5f8: 92 bf 00 1c stw r21,28(r31)
> 0.27 : c057f5fc: 93 7f 00 20 stw r27,32(r31)
> 5.88 : c057f600: 93 36 00 00 stw r25,0(r22)
> 0.11 : c057f604: 93 17 00 00 stw r24,0(r23)
> 0.00 : c057f608: 3d 20 de 00 lis r9,-8704
> 0.79 : c057f60c: 7d 3a c3 a6 mtspr 794,r9
>
> Note that here the access_ok() in user_write_access_begin() is skipped
> because the exact same verification has already been performed at the
> beginning of the fonction with the call to user_read_access_begin().
>
> A couple more can be converted as well but require
> unsafe_copy_from_user() which is not defined on x86 and arm64, so
> those are left aside for the time being and will be handled in a
> separate patch.
>
> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> ---
> v2: Split out the two hunks using copy_from_user() as unsafe_copy_from_user() is not implemented on x86 and arm64 yet.
Thanks for the patch.
The idea looks interesting, but the implementations with
unsafe_get_user() leads to very ugly goto lines, and that's too bad;
it makes the code flow much more difficult to follow.
I guess that, in most cases this patch tries to cover, we just use
another temporary variable for compat struct, copy fields locally,
then run copy_to_user() in a shot instead.
Takashi
next prev parent reply other threads:[~2025-06-09 8:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-09 8:00 [PATCH v2] ALSA: pcm: Convert multiple {get/put}_user to user_access_begin/user_access_end() Christophe Leroy
2025-06-09 8:10 ` Takashi Iwai [this message]
2025-06-09 10:02 ` Christophe Leroy
2025-06-09 11:00 ` Takashi Iwai
2025-06-12 10:39 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zfeh72sz.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=broonie@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=herve.codina@bootlin.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sound@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).