On Tue, May 9, 2017 at 9:00 AM, Andy Lutomirski [off-list ref] wrote:

On Tue, May 9, 2017 at 1:56 AM, Christoph Hellwig [off-list ref] wrote:

quoted

On Tue, May 09, 2017 at 08:45:22AM +0200, Ingo Molnar wrote:

quoted

We only have ~115 code blocks in the kernel that set/restore KERNEL_DS, it would
be a pity to add a runtime check to every system call ...

I think we should simply strive to remove all of them that aren't
in core scheduler / arch code.  Basically evetyytime we do the

        oldfs = get_fs();
        set_fs(KERNEL_DS);
        ..
        set_fs(oldfs);

trick we're doing something wrong, and there should always be better
ways to archive it.  E.g. using iov_iter with a ITER_KVEC type
consistently would already remove most of them.

How about trying to remove all of them?  If we could actually get rid
of all of them, we could drop the arch support, and we'd get faster,
simpler, shorter uaccess code throughout the kernel.

The ones in kernel/compat.c are generally garbage.  They should be
using compat_alloc_user_space().  Ditto for kernel/power/user.c.

compat_alloc_user_space() is a hack that should go away too.  It ends
up copying the data three times.

The more efficient solution to this is to have a core syscall function
that only accesses kernel memory, and then have two front-end
functions (native and compat) that do the actual reads and writes to
userspace, with conversion in the compat case.

--
Brian Gerst