[PATCH v3 2/6] x86/uaccess: Avoid barrier_nospec() in 64-bit __get_user()
David Laight
David.Laight at ACULAB.COM
Sun Nov 17 08:38:35 AEDT 2024
From: Linus Torvalds
> Sent: 16 November 2024 01:27
>
> On Fri, 15 Nov 2024 at 15:06, Josh Poimboeuf <jpoimboe at kernel.org> wrote:
> >
> > It's sad that __get_user() is now slower than get_user() on x86, it kind
> > of defeats the whole point!
>
> Well, honestly, we've been trying to get away from __get_user() and
> __put_user() for a long long time.
>
> With CLAC/STAC, it's been probably a decade or two since __get_user()
> and friends were actually a worthwhile optimization, so let's just
> strive to get rid of the ones that matter.
Thinks....
If __get_user() is the same as get_user() then all the access_ok()
outside of get/put_user() and copy_to/from_user() can be removed
because they are pointless (anyone that brave?).
There is no point optimising the code to fast-path bad user pointers.
> We already have this with user_access_begin() + unsafe_get_user().
> There's also a version which masks the address: masked_user_access_begin().
That sounds as though it is begging for a simple to use:
masked_addr = user_access_begin(addr, size, error_label);
and
val = unsafe_get_user(masked_addr, error_label);
form?
Probably with objtool checking they are all in a valid sequence
with no functions calls (etc).
If address masking isn't needed (by an architecture) the address can be left
unchanged.
A quick grep shows access_ok() in 66 .c and 8 .h files outside the arch code.
And 69 .c file in arch, most of the arch .h are uaccess.h and futex.h.
I suspect the audit wouldn't tale that long.
Getting any patches accepted is another matter.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
More information about the Linuxppc-dev
mailing list