From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 870BD371041 for ; Mon, 16 Mar 2026 23:19:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773703176; cv=none; b=NTcCAUUxQcg4Tgl3+kwdoTSjIiOY5ZNv5EzPqrjyrCJp+QBMpCGr8yHq2A6PsGKq2YcWI5dx5d7vZDY5/649TuVm3pfh9LzYrXOZ5biqWQRiwTaLbwEj+JDhQuYUao6+JtbLDSnahskMhBEfaxw/ekKVPrm/nQrRNFjC64BJFMY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773703176; c=relaxed/simple; bh=jOUZUx95LvrmEW0OcCljpXucgFDRGr4c4nbnmNCdqYc=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NO6jsc2mDuGFey5bo1VC0RvzcdEkFU6ZDh6XODeS5Eec6sg3LDoc0GUgVICGKVRj2HgSK1UbxhAo2ff0FrhsykaM29LH2HYFBY5bY8iar8AHrDw1oMHT4OlP0F5LeMfXvzfQLFjbvzQqiczxU5qXyiLp3u3UEpZtISnlSmenczQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XSMs7/nF; arc=none smtp.client-ip=209.85.128.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XSMs7/nF" Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-4852f8ac7e9so61584455e9.1 for ; Mon, 16 Mar 2026 16:19:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773703173; x=1774307973; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=0QlT1+cD5mH+crxcqsXp9NhmJtTE6cI+0w6HT55leUk=; b=XSMs7/nFUZv+2elh4izPL2FoCnAvM+LLU0BPV4y/2M7KC6mGVfSEvqlKZmSMwj+5g0 bVDzesgQMnghXTEGD8pGVFYFlzNCU9h4CdPwrEj/xbLMcaVAb0RNY9s5xYjNJcIJ22qj rCWal1mPNUc8/o5uqIf3b0Y+fnL27d5sXdaAisYIhoRvT47VT32xdbXhHFllCgOPmV+W 3HEtOsjfE7UEBqDhqA8IjHUp9n87INNerA+Acx7Ntgao321a11Bci8MzorDNsY1S88Q5 1WRakiLw0B9AWvZt8QFCYkAEI7o0mE0mK3wF1oUOW1BVk6XV++iG2XVFLia23VcZmN9L Z4tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773703173; x=1774307973; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=0QlT1+cD5mH+crxcqsXp9NhmJtTE6cI+0w6HT55leUk=; b=D/9ewptuszC012NeHCSSeFm1yDGeyWmph0EowEvYBzbrMf7SOXvyabpu4rtksssq53 +IYA258AgCSWCCVogn9SXrHfiQQZgCDCwFKb1KzzYW8VWcHPuiFYHR1K63f6c7mJq+Jk 1flpFXT39uGYocDEw96JTN9mHfzmdLvIin+nvKLsOYmKOQd0mYF9hpuHeNJlAAbLpV/n cpqHPRIMXMSuSzgX3ZjFP5PDTZj86VioyMtVFMgt2am069wMay1ulcSW22uzUkgDkw3U FumpWy9pzKGASiTJH6RL26LEKEC2ONvTrLzHVkeNJDiZyrmknafTQCzKSvLlGh/WpmAK tm7g== X-Forwarded-Encrypted: i=1; AJvYcCWtktD+Mynnupi0eihGdzdME0L3utrU1+qpnho3h46F8IVCzRUoy5ylRqdu5mDzr91uhH/HgxzoDxKWfuA=@vger.kernel.org X-Gm-Message-State: AOJu0YzmylI3CDz1PBdwkVjHMRiV2opnykwTK++sRiJLQFhLlrGqJMa+ JW8PwpgNYyfLPTzo9pRUJvRgqpC2dV4ZME+oYrAPh9qSVkd8lj3UKOYs X-Gm-Gg: ATEYQzwGWDAIjdUsx2O9jZZMwmdbg14NjvcHKArPndF8mIRMKnWIiKxk9frFupFQZ0A R8r5ujm00DZA+b0m8C0EF2/4uuH64lgV2eukStg3G3kCmSQJN9JnS6QQQ0qs+8YRUepFpRTUHzV pjkaUN6QhO73ZbQgUH7Oi/Su9cyIHf2S5lVKX58fvrnyWGEQ8F1d+x6gfRXWoO9yYcjWPs5pjxj 42a5uqIHNCMY8Fcp9+Vpwph14Cf6aH+ni7Cp6x8AGRni7C+rbODml6vVzp/ge5xEXPPxruDmV+q JvX6YW/8CuEQblW9Raj3TBhVo39BNYW0NddyKYIKlUHKIXTbuuneNBsPwJ8ydKNj1+sgZMxdZoX aBv/IgbYgu1ZvZLo+9FRW6Gn3iBOYtibig/OICu2U35fj81hbFn+gEXrkJG42OslxRlAi/QVLJm 616NlF27++EVHA8v6CB/zu5L/Hm4ojQCMG83MJyReIQTqNOoD2zxdPGeeVS18Z8lgT X-Received: by 2002:a05:600c:8b45:b0:485:2ce2:4c87 with SMTP id 5b1f17b1804b1-485566cf8abmr257444255e9.4.1773703172772; Mon, 16 Mar 2026 16:19:32 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4856ea8e3cdsm26131835e9.2.2026.03.16.16.19.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Mar 2026 16:19:32 -0700 (PDT) Date: Mon, 16 Mar 2026 23:19:30 +0000 From: David Laight To: Linus Torvalds Cc: "Christophe Leroy (CS GROUP)" , Alexander Viro , Christian Brauner , Jan Kara , Thomas Gleixner , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] fs: Replace user_access_{begin/end} by scoped user access Message-ID: <20260316231930.288e9bf4@pumpkin> In-Reply-To: References: <23f19c88e763beb852a4891b2a908890bdd01b66.1773651096.git.chleroy@kernel.org> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 16 Mar 2026 10:12:23 -0700 Linus Torvalds wrote: > On Mon, 16 Mar 2026 at 01:53, Christophe Leroy (CS GROUP) > wrote: > > > > - if (!user_write_access_begin(dirent, > > - (unsigned long)(dirent->d_name + namlen + 1) - > > - (unsigned long)dirent)) > > - goto efault; > > This was already pretty unreadable (my bad), but.. > > > + scoped_user_write_access_size(dirent, (unsigned long)(dirent->d_name + namlen + 1) - > > + (unsigned long)dirent, efault) { > > .. in my opinion, this is even worse. It's a 90+ character long line > (or something), *and* it continues on the next line. > > Yes, yes, the old code was disgusting too, but when changing it for > something that is supposed to be easier to read, please let's make it > *really* easier to read. > > (And yes, there's another case of this same pattern a bit later). > > Adding a helper inline function like dirent_size() might do it. And I > think it might as well be cleaned up while at it, and make it be > something like > > static inline size_t dirent_size(int namelen) > { > return offsetof(struct linux_dirent, d_name) + namelen + 1; > } That definition would fit one one line (possibly as a continuation line). > [ Making things doubly sad, the size shouldn't even be *used* in sane > situations, because the user access validity is often checked by only > checking the beginning, > > The x86-64 __access_ok() does actually do that optimization, but > only if we can statically see that the thing is smaller than one page, > which in this case it can't, because while namelen is range checked, > it is allowed to be up to PATH_MAX in size, so even if the compiler > does do the full value range analysis, we'd need to relax that > __access_ok() check a bit more ] Except is doesn't matter for x86-64 because this is the 'masked' case where the accesses are required to be 'reasonably sequential'. Although requiring a guard page on all architectures would make life simpler overall. I'm not even sure that some of the reasons that x86-64 has to have a guard page (to stop speculative execution and system call return to non-canonical addresses) don't have potential counterparts on x86-32 and other architectures. For x86-32 I believe that historically the user stack was right at the top of the user address space (or the constant wouldn't be STACK_TOP). So forcing a guard page would realign the stack. But I've not got an x86-32 system setup (I've got plenty of hardware) so see what actually happens or test any hacking. I'm also not sure where the vdso ends up - I'd have thought it might be right at the top? David > > Hmm? Can you do at least that dirent_size() kind of cleanup? > > Linus