lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250915193716.5357b448@gandalf.local.home>
Date: Mon, 15 Sep 2025 19:37:16 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: David Laight <david.laight.linux@...il.com>
Cc: LKML <linux-kernel@...r.kernel.org>, Linux Trace Kernel
 <linux-trace-kernel@...r.kernel.org>, Linus Torvalds
 <torvalds@...ux-foundation.org>, linux-mm@...ck.org, Kees Cook
 <keescook@...omium.org>, Aleksa Sarai <cyphar@...har.com>, Al Viro
 <viro@...IV.linux.org.uk>
Subject: Re: [PATCH] uaccess: Comment that copy to/from inatomic requires
 page fault disabled

On Mon, 15 Sep 2025 16:43:13 +0100
David Laight <david.laight.linux@...il.com> wrote:

> > @@ -124,7 +130,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
> >   * Copy data from kernel space to user space.  Caller must check
> >   * the specified block with access_ok() before calling this function.
> >   * The caller should also make sure he pins the user space address
> > - * so that we don't result in page fault and sleep.
> > + * or call page_fault_disable() so that we don't result in a page fault
> > + * and sleep.  
> 
> It is worse than that - it must avoid a COW fault as well.
> I suspect the comment should really be that these are not the functions you
> are looking for, you probably want the 'nofault' variants.
> 
> Even if the code thinks it has pinned the user buffer it has to be better
> to use the 'nofault' variant.
> 
> The only exception might be in code that already has page faults disabled.
> But even then it would have to be pretty performance critical for normal code.

OK, perhaps just change the comments to state that this is an internal
version and should be avoided unless you know what you are doing. Otherwise
use the _nofault() versions.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ