lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <051e9722-44ad-4547-af5d-3e42c8cfe8d9@csgroup.eu>
Date: Wed, 11 Jun 2025 15:48:30 +0200
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: David Laight <david.laight.linux@...il.com>
Cc: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
 linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
 linux-sound@...r.kernel.org, Herve Codina <herve.codina@...tlin.com>,
 Mark Brown <broonie@...nel.org>
Subject: Re: [PATCH] ALSA: pcm: Convert multiple {get/put}_user to
 user_access_begin/user_access_end()



Le 10/06/2025 à 21:53, David Laight a écrit :
> On Sat,  7 Jun 2025 13:37:42 +0200
> Christophe Leroy <christophe.leroy@...roup.eu> wrote:
> 
>> With user access protection (Called SMAP on x86 or KUAP on powerpc)
>> each and every call to get_user() or put_user() performs heavy
>> operations to unlock and lock kernel access to userspace.
>>
>> To avoid that, perform user accesses by blocks using
>> user_access_begin/user_access_end() and unsafe_get_user()/
>> unsafe_put_user() and alike.
> 
> Did you consider using masked_user_access_begin() ?
> It removes a conditional branch and lfence as well.

Thanks, was not aware of that new function, allthought I remember some 
discussion about masked user access.

Looks like this is specific to x86 at the time being. I would have 
expected that to be transparent to the consumer. Allthought looking at 
strncpy_from_user() I understand the benefit of keeping it separate.

However is it worth the effort and the ugliness of having to do (copied 
from fs/select.c):

		if (can_do_masked_user_access())
			from = masked_user_access_begin(from);
		else if (!user_read_access_begin(from, sizeof(*from)))
			return -EFAULT;

In addition I would expect a masked_user_read_access_begin() and a 
masked_write_access_begin(). It looks odd (and would be wrong on 
powerpc) to not be able to differentiate between read and write in the 
begin yet using user_read_access_end() at the end, ref get_sigset_argpack()

Christophe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ