From: Al Viro <viro@ftp.linux.org.uk>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Mike Frysinger <vapier@gentoo.org>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/4] asm-generic: uaccess: do not expand args multiple times
Date: Wed, 24 Jun 2009 05:38:35 +0100 [thread overview]
Message-ID: <20090624043835.GM8633@ZenIV.linux.org.uk> (raw)
In-Reply-To: <200906142214.40532.arnd@arndb.de>
On Sun, Jun 14, 2009 at 10:14:39PM +0200, Arnd Bergmann wrote:
> On Sunday 14 June 2009, Mike Frysinger wrote:
> > While it's debatable whether {get,put}_user() should be called with
> > arguments that have side effects, macro's should be written safely in the
> > first place. In this case, a slightly off version of put_user() ended up
> > causing random userspace corruption and these things aren't trivial to
> > track down.
> >
> > While some of these conversions aren't strictly necessary, I think it's
> > better to do all of them so as to be proactive in people accidently
> > screwing it up in the future.
>
> I've tried this and failed. This change adds an endless number of sparse
> warnings in put_user and even gcc warnings in get_user. The problem
> is that typeof() carries over the 'const' and '__user' modifiers, both
> of which prevent you from assigning data to the new pointer that you
> constructed.
>
> I'd love to see a way to do this correctly, but this patch won't cut it.
Note that sizeof(*(ptr)) does *NOT* evaluate ptr, unless we are dealing
with variably-modified type. The same goes for typeof. And chk_user_ptr()
expands to (void)0 during the build. So I don't believe that existing variant
is incorrect - we do not evaluate the argument twice.
next prev parent reply other threads:[~2009-06-24 4:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-14 6:00 [PATCH 1/4] asm-generic: uaccess: do not expand args multiple times Mike Frysinger
2009-06-14 6:00 ` [PATCH 2/4] asm-generic: uaccess: add missing access_ok() check to strnlen_user() Mike Frysinger
2009-06-14 20:35 ` Arnd Bergmann
2009-06-14 6:00 ` [PATCH 3/4] asm-generic: uaccess: fix up local access_ok() usage Mike Frysinger
2009-06-14 20:35 ` Arnd Bergmann
2009-06-14 6:00 ` [PATCH 4/4] asm-generic: uaccess: fix access_ok() prototype Mike Frysinger
2009-06-14 20:17 ` Arnd Bergmann
2009-06-16 10:34 ` Mike Frysinger
2009-06-14 20:14 ` [PATCH 1/4] asm-generic: uaccess: do not expand args multiple times Arnd Bergmann
2009-06-24 4:38 ` Al Viro [this message]
2009-06-24 11:35 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090624043835.GM8633@ZenIV.linux.org.uk \
--to=viro@ftp.linux.org.uk \
--cc=arnd@arndb.de \
--cc=linux-kernel@vger.kernel.org \
--cc=vapier@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox