lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Apr 2020 18:10:08 -0700 From: Andy Lutomirski <luto@...capital.net> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Dan Williams <dan.j.williams@...el.com>, "Luck, Tony" <tony.luck@...el.com>, Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Borislav Petkov <bp@...en8.de>, stable <stable@...r.kernel.org>, the arch/x86 maintainers <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Paul Mackerras <paulus@...ba.org>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Erwin Tsaur <erwin.tsaur@...el.com>, Michael Ellerman <mpe@...erman.id.au>, Arnaldo Carvalho de Melo <acme@...nel.org>, linux-nvdimm <linux-nvdimm@...ts.01.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2 0/2] Replace and improve "mcsafe" with copy_safe() > On Apr 30, 2020, at 5:40 PM, Linus Torvalds <torvalds@...ux-foundation.org> wrote: > > On Thu, Apr 30, 2020 at 5:23 PM Andy Lutomirski <luto@...capital.net> wrote: >> >>> But anyway, I don't hate something like "copy_to_user_fallible()" >>> conceptually. The naming needs to be fixed, in that "user" can always >>> take a fault, so it's the _source_ that can fault, not the "user" >>> part. >> >> I don’t like this. “user” already implied that basically anything can be wrong with the memory > > Maybe I didn't explain. > > "user" already implies faulting. We agree. > > And since we by definition cannot know what the user has mapped into > user space, *every* normal copy_to_user() has to be able to handle > whatever faults that throws at us. > > The reason I dislike "copy_to_user_fallible()" is that the user side > already has that 'fallible". > > If it's the _source_ being "fallible" (it really needs a better name - > I will not call it just "f") then it should be "copy_f_to_user()". > > That would be ok. > > So "copy_f_to_user()" makes sense. But "copy_to_user_f()" does not. > That puts the "f" on the "user", which we already know can fault. > > See what I want in the name? I want the name to say which side can > cause problems! We are in violent agreement. I’m moderately confident that I never suggested copy_from_user_f(). We appear to agree completely.
Powered by blists - more mailing lists