On Tue, 5 Mar 2019 15:53:06 +0100 Peter Zijlstra <pet...@infradead.org> wrote:
> On Tue, Mar 05, 2019 at 10:58:01PM +0900, Masami Hiramatsu wrote: > > > Could you tell me why WARN_ON_ONCE(!in_task()) is needed in access_ok()? > > That came from here: > > lkml.kernel.org/r/20190225145240.gb32...@hirez.programming.kicks-ass.net > > Because in-irq usage is dodgy, since we don't actually know what mm or > ds it loaded. Yes, I would like to allow it only if setting pagefault-disable correctly. (and setting ds too, it is good to me) > > > > I dislike that whole KERNEL_DS thing, but obviously that's not something > > > that's going away. > > > > > > Would something like: > > > > > > WARN_ON_ONCE(!(in_task || segment_eq(get_fs(), USER_DS))) > > > > > > Work? Then we allow KERNEL_DS in task context, but for interrupt and > > > others require USER_DS. > > > > But what would this mean? I can't understand why we limit using > > access_ok() so strictly and narrow the cases. > > Because it's been a source of bugs. Any sanity checking we can put in > seems like a good thing at this point. Hmm, I see yours is strict, fit with current code, but complicated rule. - strncpy_from_user() can access user memory with set_fs(USER_DS) in task context - strncpy_from_user() can access kernel memory with set_fs(KERNEL_DS) in task context - strncpy_from_user() can access user memory in IRQ context if pagefault is disabled and with set_fs(USER_DS). (but pagefault-disabled is not verified) - strncpy_from_user() never allowed to access kernel memory in IRQ context, even if pagefault is disabled and with set_fs(KERNEL_DS). And mine is simple. - strncpy_from_user() can access user memory with set_fs(USER_DS) in task context - strncpy_from_user() can access kernel memory with set_fs(KERNEL_DS) in task context - strncpy_from_user() can access user/kernel memory (depends on DS) in IRQ context if pagefault is disabled. (both verified) Thank you, -- Masami Hiramatsu <mhira...@kernel.org>
