| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250818125943.7c0cba5a@pumpkin> Date: Mon, 18 Aug 2025 12:59:43 +0100 From: David Laight <david.laight.linux@...il.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Thomas Gleixner <tglx@...utronix.de>, LKML <linux-kernel@...r.kernel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Peter Zijlstra <peterz@...radead.org>, Darren Hart <dvhart@...radead.org>, Davidlohr Bueso <dave@...olabs.net>, André Almeida <andrealmeid@...lia.com>, x86@...nel.org, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org Subject: Re: [patch 0/4] uaccess: Provide and use helpers for user masked access On Sun, 17 Aug 2025 08:36:05 -0700 Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Sun, 17 Aug 2025 at 08:29, David Laight <david.laight.linux@...il.com> wrote: > > > > Just requiring the caller pass &user_ptr would make it more obvious. > > The generated code (with 'src' -> *&src) will be the same. > > I personally absolutely detest passing pointers in and then hoping the > compiler will fix it up and not make the assembler do the stupid thing > that the source code does. I do generally dislike passing integers and pointers by reference. It typically generates horrid code further down the function as well as all the costs of the memory references themselves. But hidden updates to variables are worse. And we know (and can verify) that the generated code here is sane. A possible problem with the 'hidden update' is that someone could easily write code (eg in an ioctl handler) where the user pointer is in a buffer that gets written back to user space. Passing the pointer by reference makes it rather more obvious it can get changed. > That's actually true in general - I strive to make the source code and > the generated code line up fairly closely, rather than "compilers fix > up the mistakes in the source code". Especially when you are trying to code what it thinks is 'a mistake' :-) > > > We've done this before, and I have done it myself. The classic example > > > is the whole "do_div()" macro that everybody hated because it did > > > exactly the same thing > > > > Divide is (well was, I think my zen5 has a fast divide) also slow enough that > > I doubt it would have mattered. > > It mattered for code generation quality and smaller simpler code to look at. > > I still look at the generated asm (not for do_div(), but other > things), and having compiler-generated code that makes sense and > matches the source is a big plus in my book. Don't worry I also keep looking at generated code, some of it is stunningly bad (and seems to get worse with each new compiler version). Don't even think about what happens for C++ std::ostringstream. David > > Linus
Powered by blists - more mailing lists