From: David Laight <David.Laight@ACULAB.COM>
To: 'Arnd Bergmann' <arnd@arndb.de>,
"chenjiahao (C)" <chenjiahao16@huawei.com>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>,
Sam Ravnborg <sam@ravnborg.org>,
Stafford Horne <shorne@gmail.com>,
Dinh Nguyen <dinguyen@kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Linux FS-devel Mailing List <linux-fsdevel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>
Subject: RE: [PATCH -next] uaccess: fix __access_ok limit setup in compat mode
Date: Wed, 23 Mar 2022 01:35:34 +0000 [thread overview]
Message-ID: <bdebdcb56b8a4af8a6b1d22029a2e7ba@AcuMS.aculab.com> (raw)
In-Reply-To: <CAK8P3a3_iZihNmgRNz7Ntrp8sj0hB_Yrpu5iT++ivMjsUXH7+w@mail.gmail.com>
From: Arnd Bergmann
> Sent: 22 March 2022 14:41
>
> On Tue, Mar 22, 2022 at 1:55 PM chenjiahao (C) <chenjiahao16@huawei.com> wrote:
> > 在 2022/3/18 15:44, Arnd Bergmann 写道:
> > >
> > > This should not result in any user visible difference, in both cases
> > > user process will see a -EFAULT return code from its system call.
> > > Are you able to come up with a test case that shows an observable
> > > difference in behavior?
> >
> > Actually, this patch do comes from a testcase failure, the code is
> > pasted below:
>
> Thank you for the test case!
>
...
> > ret = pread64(fd, buf, -1, 1);
> > if((-1 == ret) && (EFAULT == errno))
> > {
...
> > printf("PASS\n");
...
> > In my explanation, pread64 is called with count '0xffffffffull' and
> > offset '1', which might still not trigger
> >
> > page fault in 64-bit kernel.
> >
> >
> > This patch uses TASK_SIZE as the addr_limit to performance a stricter
> > address check and intercepts
>
> I see. So while the kernel behavior was not meant to change from
> my patch, it clearly did, which may cause problems. However, I'm
> not sure if the changed behavior is actually wrong.
It isn't really any different from passing a length of (1 << 30)
(and a buffer at a low user address).
The entire buffer is valid user addresses, but most of it is
invalid because there is nothing mapped at the relevant addresses.
Unless you actually try to access one of the memory locations
you won't get a fault - and the correct return is then a partial read.
Similarly it is valid for the kernel to ensure there is an
unmapped page between user and kernel addresses and then
not check the buffer size at all - requiring the kernel code
do (adequately) sequential accesses.
Again your test 'fails'.
You could equally well argue that the 'old' behaviour is wrong!
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2022-03-23 1:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-18 7:11 [PATCH -next] uaccess: fix __access_ok limit setup in compat mode Chen Jiahao
2022-03-18 7:44 ` Arnd Bergmann
2022-03-22 12:55 ` chenjiahao (C)
2022-03-22 14:41 ` Arnd Bergmann
2022-03-23 1:35 ` David Laight [this message]
2022-03-23 10:34 ` chenjiahao (C)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bdebdcb56b8a4af8a6b1d22029a2e7ba@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=arnd@arndb.de \
--cc=chenjiahao16@huawei.com \
--cc=dinguyen@kernel.org \
--cc=ebiederm@xmission.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sam@ravnborg.org \
--cc=shorne@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox