Thread (19 messages) 19 messages, 6 authors, 2025-08-25

Re: [PATCH v2 02/10] uaccess: Add speculation barrier to copy_from_user_iter()

From: David Laight <hidden>
Date: 2025-08-22 18:53:10
Also in: linux-fsdevel, linux-mm, linuxppc-dev, lkml

On Fri, 22 Aug 2025 09:46:37 -0400
Linus Torvalds [off-list ref] wrote:
On Fri, 22 Aug 2025 at 05:58, Christophe Leroy
[off-list ref] wrote:
quoted
The results of "access_ok()" can be mis-speculated.  The result is that
you can end speculatively:

        if (access_ok(from, size))
                // Right here
I actually think that we should probably just make access_ok() itself do this.
You'd need to re-introduce the read/write parameter.
And you'd want it to be compile time.
Although going through the code changing them to read_access_ok()
and write_access_ok() would probably leave you with a lot fewer calls.
We don't have *that* many users since we have been de-emphasizing the
"check ahead of time" model, and any that are performance-critical can
these days be turned into masked addresses.
Or aim to allocate a guard page on all archs, support 'masked' access
on all of them, and then just delete access_ok().
That'll make it look less ugly.
Perhaps not this week though :-)

	David
As it is, now we're in the situation that careful places - like
_inline_copy_from_user(), and with your patch  copy_from_user_iter() -
do maybe wethis by hand and are ugly as a result, and lazy and
probably incorrect places don't do it at all.

That said, I don't object to this patch and maybe we should do that
access_ok() change later and independently of any powerpc work.

                 Linus
  
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help