[PATCH 1/1] mm: Remove the access_ok() call from gup_fast_fallback().
From: David Laight
Date: Sun Feb 09 2025 - 12:47:28 EST
Historiaclly the code relied on access_ok() to validate the address range.
Commit 26f4c328079d7 added an explicit wrap check before access_ok().
Commit c28b1fc70390d then changed the wrap test to use check_add_overflow().
Commit 6014bc27561f2 relaxed the checks in x86-64's access_ok() and added
an explicit check for TASK_SIZE here to make up for it.
That left a pointless access_ok() call with its associated 'lfence' that
can never actually fail.
So just delete the test.
Signed-off-by: David Laight <david.laight.linux@xxxxxxxxx>
---
mm/gup.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 3883b307780e..79a3d2228bf9 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -2757,7 +2757,7 @@ EXPORT_SYMBOL(get_user_pages_unlocked);
*
* *) ptes can be read atomically by the architecture.
*
- * *) access_ok is sufficient to validate userspace address ranges.
+ * *) valid user addesses are below TASK_MAX_SIZE
*
* The last two assumptions can be relaxed by the addition of helper functions.
*
@@ -3411,8 +3411,6 @@ static int gup_fast_fallback(unsigned long start, unsigned long nr_pages,
return -EOVERFLOW;
if (end > TASK_SIZE_MAX)
return -EFAULT;
- if (unlikely(!access_ok((void __user *)start, len)))
- return -EFAULT;
nr_pinned = gup_fast(start, end, gup_flags, pages);
if (nr_pinned == nr_pages || gup_flags & FOLL_FAST_ONLY)
--
2.39.5