| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e57ae14b-806e-854d-d43b-e6278b89ae04@csgroup.eu>
Date: Wed, 10 Mar 2021 09:14:23 +0100
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Daniel Axtens <dja@...ens.net>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>
Cc: linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 01/15] powerpc/uaccess: Remove __get_user_allowed() and
unsafe_op_wrap()
Le 01/03/2021 à 23:02, Daniel Axtens a écrit :
>
>
> Christophe Leroy <christophe.leroy@...roup.eu> writes:
>
>> Those two macros have only one user which is unsafe_get_user().
>>
>> Put everything in one place and remove them.
>>
>> Signed-off-by: Christophe Leroy <christophe.leroy@...roup.eu>
>> ---
>> arch/powerpc/include/asm/uaccess.h | 10 +++++-----
>> 1 file changed, 5 insertions(+), 5 deletions(-)
>>
>> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
>> index 78e2a3990eab..8cbf3e3874f1 100644
>> --- a/arch/powerpc/include/asm/uaccess.h
>> +++ b/arch/powerpc/include/asm/uaccess.h
>> @@ -53,9 +53,6 @@ static inline bool __access_ok(unsigned long addr, unsigned long size)
>> #define __put_user(x, ptr) \
>> __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
>>
>> -#define __get_user_allowed(x, ptr) \
>> - __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false)
>> -
>> #define __get_user_inatomic(x, ptr) \
>> __get_user_nosleep((x), (ptr), sizeof(*(ptr)))
>> #define __put_user_inatomic(x, ptr) \
>> @@ -482,8 +479,11 @@ user_write_access_begin(const void __user *ptr, size_t len)
>> #define user_write_access_begin user_write_access_begin
>> #define user_write_access_end prevent_current_write_to_user
>>
>> -#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0)
>> -#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e)
>> +#define unsafe_get_user(x, p, e) do { \
>> + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\
>> + goto e; \
>> +} while (0)
>> +
>
> This seems correct to me.
>
> Checkpatch does have one check that is relevant:
>
> CHECK: Macro argument reuse 'p' - possible side-effects?
> #36: FILE: arch/powerpc/include/asm/uaccess.h:482:
> +#define unsafe_get_user(x, p, e) do { \
> + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\
> + goto e; \
> +} while (0)
>
> Given that we are already creating a new block, should we do something
> like this (completely untested):
>
> #define unsafe_get_user(x, p, e) do { \
> __typeof__(p) __p = (p);
> if (unlikely(__get_user_nocheck((x), (__p), sizeof(*(__p)), false)))\
> goto e; \
> } while (0)
>
As mentioned by Segher, this is not needed, sizeof(p) doesn't evaluate (p) so (p) is only evaluated
once in the macro, so no risk of side-effects with that.
Christophe
Powered by blists - more mailing lists