Re: [PATCH RFC] uaccess: user_access_begin_after_access_ok()

From: Al Viro
Date: Tue Jun 02 2020 - 12:33:11 EST


On Tue, Jun 02, 2020 at 06:15:57PM +0800, Jason Wang wrote:
>
> On 2020/6/2 äå4:45, Michael S. Tsirkin wrote:
> > So vhost needs to poke at userspace *a lot* in a quick succession. It
> > is thus benefitial to enable userspace access, do our thing, then
> > disable. Except access_ok has already been pre-validated with all the
> > relevant nospec checks, so we don't need that. Add an API to allow
> > userspace access after access_ok and barrier_nospec are done.
> >
> > Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
> > ---
> >
> > Jason, so I've been thinking using something along these lines,
> > then switching vhost to use unsafe_copy_to_user and friends would
> > solve lots of problems you observed with SMAP.
> >
> > What do you think?
>
>
> I'm fine with this approach.

I am not.

> > Do we need any other APIs to make it practical?
>
>
> It's not clear whether we need a new API, I think __uaccess_being() has the
> assumption that the address has been validated by access_ok().

__uaccess_begin() is a stopgap, not a public API.

The problem is real, but "let's add a public API that would do user_access_begin()
with access_ok() already done" is no-go.