| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7b895389-3da8-f634-4a13-82e533398ec5@csgroup.eu>
Date: Thu, 3 Sep 2020 18:03:56 +0200
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Christoph Hellwig <hch@....de>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
Michael Ellerman <mpe@...erman.id.au>, x86@...nel.org,
linux-arch@...r.kernel.org, Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org, Luis Chamberlain <mcgrof@...nel.org>,
linux-fsdevel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
Alexey Dobriyan <adobriyan@...il.com>
Subject: Re: [PATCH 14/14] powerpc: remove address space overrides using
set_fs()
Le 03/09/2020 à 17:56, Christoph Hellwig a écrit :
> On Thu, Sep 03, 2020 at 05:49:09PM +0200, Christoph Hellwig wrote:
>> On Thu, Sep 03, 2020 at 05:43:25PM +0200, Christophe Leroy wrote:
>>>
>>>
>>> Le 03/09/2020 à 16:22, Christoph Hellwig a écrit :
>>>> Stop providing the possibility to override the address space using
>>>> set_fs() now that there is no need for that any more.
>>>>
>>>> Signed-off-by: Christoph Hellwig <hch@....de>
>>>> ---
>>>
>>>
>>>> -static inline int __access_ok(unsigned long addr, unsigned long size,
>>>> - mm_segment_t seg)
>>>> +static inline bool __access_ok(unsigned long addr, unsigned long size)
>>>> {
>>>> - if (addr > seg.seg)
>>>> - return 0;
>>>> - return (size == 0 || size - 1 <= seg.seg - addr);
>>>> + if (addr >= TASK_SIZE_MAX)
>>>> + return false;
>>>> + return size == 0 || size <= TASK_SIZE_MAX - addr;
>>>> }
>>>
>>> You don't need to test size == 0 anymore. It used to be necessary because
>>> of the 'size - 1', as size is unsigned.
>>>
>>> Now you can directly do
>>>
>>> return size <= TASK_SIZE_MAX - addr;
>>>
>>> If size is 0, this will always be true (because you already know that addr
>>> is not >= TASK_SIZE_MAX
>>
>> True. What do you think of Linus' comment about always using the
>> ppc32 version on ppc64 as well with this?
I have nothing against it. That's only adding a substract, all args are
already in registers so that will be in the noise for a modern CPU.
>
> i.e. something like this folded in:
>
> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
> index 5363f7fc6dd06c..be070254e50943 100644
> --- a/arch/powerpc/include/asm/uaccess.h
> +++ b/arch/powerpc/include/asm/uaccess.h
> @@ -11,26 +11,14 @@
> #ifdef __powerpc64__
> /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */
> #define TASK_SIZE_MAX TASK_SIZE_USER64
> -
> -/*
> - * This check is sufficient because there is a large enough gap between user
> - * addresses and the kernel addresses.
> - */
> -static inline bool __access_ok(unsigned long addr, unsigned long size)
> -{
> - return addr < TASK_SIZE_MAX && size < TASK_SIZE_MAX;
> -}
> -
> #else
> #define TASK_SIZE_MAX TASK_SIZE
> +#endif
>
> static inline bool __access_ok(unsigned long addr, unsigned long size)
> {
> - if (addr >= TASK_SIZE_MAX)
> - return false;
> - return size == 0 || size <= TASK_SIZE_MAX - addr;
> + return addr < TASK_SIZE_MAX && size <= TASK_SIZE_MAX - addr;
> }
> -#endif /* __powerpc64__ */
>
> #define access_ok(addr, size) \
> (__chk_user_ptr(addr), \
>
Christophe
Powered by blists - more mailing lists