Re: [PATCH v2 1/4] riscv: implement user_access_begin and families

From: Cyril Bur
Date: Tue Feb 18 2025 - 14:21:16 EST




On 14/2/2025 3:16 am, Ben Dooks wrote:
On 13/02/2025 17:07, Cyril Bur wrote:


On 6/2/2025 1:08 am, Ben Dooks wrote:
On 17/01/2025 23:21, Charlie Jenkins wrote:
On Mon, Nov 18, 2024 at 11:01:09PM +0000, Cyril Bur wrote:
From: Jisheng Zhang <jszhang@xxxxxxxxxx>

Currently, when a function like strncpy_from_user() is called,
the userspace access protection is disabled and enabled
for every word read.

By implementing user_access_begin and families, the protection
is disabled at the beginning of the copy and enabled at the end.

The __inttype macro is borrowed from x86 implementation.

Signed-off-by: Jisheng Zhang <jszhang@xxxxxxxxxx>
Signed-off-by: Cyril Bur <cyrilbur@xxxxxxxxxxxxxxx>

If we're doing this, then saving the STATUS.SUM flag is going to
be more important than before. We had this discussion when the
initial user-access with syzbot stress testing turned up.

We partially fixed this by rewriting the ordering in the __put_user
function to stop the 'x' argument being evaluated inside the area
where SUM is enabled, but this is going to make the window of
opportunity of a thread switch much bigger and the bug will just
come back and bite harder.

If you want I can look at re-doing my original patch and resubmitting.

Oh! Could you please link the patch? I haven't seen it and can't seem to find it now.

https://lore.kernel.org/linux-riscv/20210318151010.100966-1- ben.dooks@xxxxxxxxxxxxxxx/

I agree we want this patch. Or at least we want clarity around calling schedule inside SUM enabled sections.

Other arches are stricter about not calling schedule at all. I'm not really going to advocate for one way or the other right now but I believe your patch would solve the problem.

Cyril


Thanks.