| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <03a15dbd-bdb9-1c72-a5cd-2e6a6d49af2b@roeck-us.net>
Date: Sun, 4 Jul 2021 14:47:24 -0700
From: Guenter Roeck <linux@...ck-us.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christoph Hellwig <hch@....de>, Al Viro <viro@...iv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
David Sterba <dsterba@...e.com>,
Miklos Szeredi <miklos@...redi.hu>,
Anton Altaparmakov <anton@...era.com>,
David Howells <dhowells@...hat.com>,
Matthew Wilcox <willy@...radead.org>,
Pavel Begunkov <asml.silence@...il.com>
Subject: Re: [PATCH] iov_iter: separate direction from flavour
On 7/4/21 1:41 PM, Linus Torvalds wrote:
> On Sun, Jul 4, 2021 at 1:28 PM Guenter Roeck <linux@...ck-us.net> wrote:
>>
>> Turns out that, at least on m68k/nommu, USER_DS and KERNEL_DS are the same.
>>
>> #define USER_DS MAKE_MM_SEG(TASK_SIZE)
>> #define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF)
>
> Ahh. So the code is fine, it's just that "uaccess_kernel()" isn't
> something that can be reliably even tested for, and it will always
> return true on those nommu platforms.
>
> And we don't have a "uaccess_user()" macro that would test if it
> matches USER_DS (and that also would always return true on those
> configurations), so we can't just change the
>
> WARN_ON_ONCE(uaccess_kernel());
>
> into a
>
> WARN_ON_ONCE(!uaccess_user());
>
> instead.
>
> Very annoying. Basically, every single use of "uaccess_kernel()" is unreliable.
>
> There aren't all that many of them, and most of them are irrelevant
> for no-mmu anyway (like the bpf tracing ones, or mm/memory.c). So this
> iov_iter.c case is likely the only one that would be an issue.
>
> That warning is something that should go away eventually anyway, but I
> _like_ that warning for now, just to get coverage. But apparently it's
> just not going to be the case for these situations.
>
> My inclination is to keep it around for a while - to see if it catches
> anything else - but remove it for the final 5.14 release because of
> these nommu issues.
>
> Of course, I will almost certainly not remember to do that unless
> somebody reminds me...
>
> The other alternative would be to just make nommu platforms that have
> KERNEL_DS==USER_DS simply do
>
> #define uaccess_kernel() (false)
>
> and avoid it that way, since that's closer to what the modern
> non-CONFIG_SET_FS world view is, and is what include/linux/uaccess.h
> does for that case..
>
Theoretically, but arm defines it as true with !CONFIG_MMU and then
uses it in user_addr_max():
#define user_addr_max() \
(uaccess_kernel() ? ~0UL : get_fs())
with !CONFIG_MMU:
#define KERNEL_DS 0x00000000
#define get_fs() (KERNEL_DS)
How about the following ?
WARN_ON_ONCE(IS_ENABLED(CONFIG_MMU) && uaccess_kernel());
Guenter
Powered by blists - more mailing lists