| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a60f6ea2-4f37-4e74-b626-acc3013e4ad7@citrix.com>
Date: Fri, 17 Oct 2025 12:29:13 +0100
From: Andrew Cooper <andrew.cooper@...rix.com>
To: Thomas Gleixner <tglx@...utronix.de>, LKML <linux-kernel@...r.kernel.org>
Cc: Christophe Leroy <christophe.leroy@...roup.eu>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
kernel test robot <lkp@...el.com>, Russell King <linux@...linux.org.uk>,
linux-arm-kernel@...ts.infradead.org, x86@...nel.org,
Madhavan Srinivasan <maddy@...ux.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>,
linuxppc-dev@...ts.ozlabs.org, Paul Walmsley <pjw@...nel.org>,
Palmer Dabbelt <palmer@...belt.com>, linux-riscv@...ts.infradead.org,
Heiko Carstens <hca@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Sven Schnelle <svens@...ux.ibm.com>, linux-s390@...r.kernel.org,
Julia Lawall <Julia.Lawall@...ia.fr>, Nicolas Palix <nicolas.palix@...g.fr>,
Peter Zijlstra <peterz@...radead.org>, Darren Hart <dvhart@...radead.org>,
Davidlohr Bueso <dave@...olabs.net>, André Almeida
<andrealmeid@...lia.com>, Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
linux-fsdevel@...r.kernel.org
Subject: Re: [patch V3 07/12] uaccess: Provide scoped masked user access
regions
On 17/10/2025 12:21 pm, Thomas Gleixner wrote:
> On Fri, Oct 17 2025 at 12:08, Andrew Cooper wrote:
>
>> On 17/10/2025 11:09 am, Thomas Gleixner wrote:
>>> --- a/include/linux/uaccess.h
>>> +++ b/include/linux/uaccess.h
>>> +#define __scoped_masked_user_access(_mode, _uptr, _size, _elbl) \
>>> +for (bool ____stop = false; !____stop; ____stop = true) \
>>> + for (typeof((_uptr)) _tmpptr = __scoped_user_access_begin(_mode, _uptr, _size, _elbl); \
>>> + !____stop; ____stop = true) \
>>> + for (CLASS(masked_user_##_mode##_access, scope) (_tmpptr); !____stop; \
>>> + ____stop = true) \
>>> + /* Force modified pointer usage within the scope */ \
>>> + for (const typeof((_uptr)) _uptr = _tmpptr; !____stop; ____stop = true) \
>>> + if (1)
>>> +
>> Truly a thing of beauty. At least the end user experience is nice.
>>
>> One thing to be aware of is that:
>>
>> scoped_masked_user_rw_access(ptr, efault) {
>> unsafe_get_user(rval, &ptr->rval, efault);
>> unsafe_put_user(wval, &ptr->wval, efault);
>> } else {
>> // unreachable
>> }
>>
>> will compile. Instead, I think you want the final line of the macro to
>> be "if (0) {} else" to prevent this.
> Duh. yes. But I can just remove the 'if (1)' completely. That's a
> leftover from some earlier iteration of this.
Oh, of course. That works too.
>
>> While we're on the subject, can we find some C standards people to lobby.
>>
>> C2Y has a proposal to introduce "if (int foo =" syntax to generalise the
>> for() loop special case. Can we please see about fixing the restriction
>> of only allowing a single type per loop? This example could be a
>> single loop if it weren't for that restriction.
> That'd be nice. But we can't have nice things, can we?
Well, the worst they can say is no :)
~Andrew
Powered by blists - more mailing lists