Re: [PATCH RESEND 1/4] uaccess: Add user_read_access_begin/end and user_write_access_begin/end
From: Kees Cook
Date: Thu Apr 02 2020 - 16:27:53 EST
On Thu, Apr 02, 2020 at 12:26:52PM -0700, Linus Torvalds wrote:
> On Thu, Apr 2, 2020 at 11:36 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > Yup, I think it's a weakness of the ARM implementation and I'd like to
> > not extend it further. AFAIK we should never nest, but I would not be
> > surprised at all if we did.
>
> Wel, at least the user_access_begin/end() sections can't nest. objtool
> verifies and warns about that on x86.
Right, yes, I mentioned that earlier in the thread. I meant I wasn't
100% sure about ARM's corner cases. I would _hope_ it doesn't.
> > If we were looking at a design goal for all architectures, I'd like
> > to be doing what the public PaX patchset
>
> We already do better than PaX ever did. Seriously. Mainline has long
> since passed their hacky garbage.
I was just speaking to design principles in this area: if the "enable"
is called when already enabled, Something Is Wrong. :) (And one thing
still missing in this general subject is that x86 still lacks SMAP
emulation. And yes, I understand it's just not been a priority for anyone
that can work on it, but it is still a gap.)
--
Kees Cook