<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 03/03/26 20:47, Christophe Leroy (CS
GROUP) wrote:<br>
</div>
<blockquote type="cite"
cite="mid:b605bdcf-fe10-4fe3-9a83-8c542e980a3e@kernel.org">Hi once
more,
<br>
<br>
Le 03/03/2026 à 16:10, Christophe Leroy (CS GROUP) a écrit :
<br>
<blockquote type="cite">Hi Again,
<br>
<br>
Le 03/03/2026 à 15:57, Christophe Leroy (CS GROUP) a écrit :
<br>
<blockquote type="cite">Hi,
<br>
<br>
Le 03/03/2026 à 10:19, Sayali Patil a écrit :
<br>
<blockquote type="cite">
<br>
On 02/03/26 16:42, Christophe Leroy (CS GROUP) wrote:
<br>
<blockquote type="cite">
<br>
</blockquote>
Hi Christophe,
<br>
Thanks for the review.
<br>
With the suggested change, we are hitting a compilation
error.
<br>
<br>
The issue is related to how KUAP enforces the access
direction.
<br>
allow_user_access() contains:
<br>
<br>
BUILD_BUG_ON(!__builtin_constant_p(dir));
<br>
<br>
which requires that the access direction is a compile-time
constant.
<br>
If we pass a runtime value (for example, an unsigned long),
the
<br>
__builtin_constant_p() check fails and triggers the
following build error.
<br>
<br>
Error:
<br>
In function 'allow_user_access', inlined from
'__copy_tofrom_user_vmx' at
arch/powerpc/lib/vmx-helper.c:19:3:
<br>
BUILD_BUG_ON failed: !__builtin_constant_p(dir) 706
<br>
<br>
<br>
The previous implementation worked because
allow_user_access() was invoked with enum
<br>
constants (READ, WRITE, READ_WRITE), which satisfied the
__builtin_constant_p() requirement.
<br>
So in this case, the function must be called with a
compile-time constant to satisfy KUAP.
<br>
<br>
Please let me know if you would prefer a different approach.
<br>
<br>
</blockquote>
<br>
Ah, right, I missed that. The problem should only be in
vmx-helper.c
<br>
<br>
</blockquote>
<br>
Thinking about it once more, I realised that powerpc does not
define INLINE_COPY_FROM_USER nor INLINE_COPY_TO_USER.
<br>
<br>
This means that raw_copy_from_user() and raw_copy_to_user() will
in really not be called much. Therefore __copy_tofrom_user_vmx()
could remain in uaccess.h as static __always_inline allthough it
requires exporting enter_vmx_usercopy() and exit_vmx_usercopy().
<br>
</blockquote>
<br>
That would result in something like:
<br>
<br>
static __always_inline bool will_use_vmx(unsigned long n)
<br>
{
<br>
return IS_ENABLED(CONFIG_ALTIVEC) &&
cpu_has_feature(CPU_FTR_VMX_COPY) &&
<br>
n > VMX_COPY_THRESHOLD;
<br>
}
<br>
<br>
static __always_inline unsigned long
<br>
raw_copy_tofrom_user(void __user *to, const void __user *from,
unsigned long n, unsigned long dir)
<br>
{
<br>
unsigned long ret;
<br>
<br>
if (will_use_vmx(n) && enter_vmx_usercopy()) {
<br>
allow_user_access(to, dir);
<br>
ret = __copy_tofrom_user_power7_vmx(to, from, size);
<br>
prevent_user_access(dir);
<br>
exit_vmx_usercopy();
<br>
<br>
if (unlikely(ret)) {
<br>
allow_user_access(to, dir);
<br>
ret = __copy_tofrom_user_base(to, from, size);
<br>
prevent_user_access(dir);
<br>
}
<br>
return ret;
<br>
}
<br>
allow_user_access(to, dir);
<br>
ret = __copy_tofrom_user(to, from, n);
<br>
prevent_user_access(dir);
<br>
return ret;
<br>
}
<br>
<br>
<br>
Christophe <br>
<br>
</blockquote>
<font face="monospace" size="4">Thanks Christophe for the review and
suggestions. We have incorporated<br aria-hidden="true">
these changes in v3.<br>
<br aria-hidden="true">
v3:
<a class="moz-txt-link-freetext" href="https://lore.kernel.org/all/20260304053506.118632-1-sayalip@linux.ibm.com/">https://lore.kernel.org/all/20260304053506.118632-1-sayalip@linux.ibm.com/</a> </font>
</body>
</html>