Re: [PATCH RFC] uaccess: user_access_begin_after_access_ok()

[Al Viro <viro@zeniv.linux.org.uk>]

On Tue, Jun 02, 2020 at 06:15:57PM +0800, Jason Wang wrote:
> 
> On 2020/6/2 下午4:45, Michael S. Tsirkin wrote:
> > So vhost needs to poke at userspace *a lot* in a quick succession.  It
> > is thus benefitial to enable userspace access, do our thing, then
> > disable. Except access_ok has already been pre-validated with all the
> > relevant nospec checks, so we don't need that.  Add an API to allow
> > userspace access after access_ok and barrier_nospec are done.
> > 
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > ---
> > 
> > Jason, so I've been thinking using something along these lines,
> > then switching vhost to use unsafe_copy_to_user and friends would
> > solve lots of problems you observed with SMAP.
> > 
> > What do you think?
> 
> 
> I'm fine with this approach.

I am not.

> >   Do we need any other APIs to make it practical?
> 
> 
> It's not clear whether we need a new API, I think __uaccess_being() has the
> assumption that the address has been validated by access_ok().

__uaccess_begin() is a stopgap, not a public API.

The problem is real, but "let's add a public API that would do user_access_begin()
with access_ok() already done" is no-go.