Re: [PATCH 1/3] x86: fix access_ok() and valid_user_address() using wrong USER_PTR_MAX in modules

Next message: Christoph Lameter (Ampere): "Re: [PATCH RFC 00/19] slab: replace cpu (partial) slabs with sheaves"
Previous message: Rob Clark: "[PATCH] MAINTAINERS: Add Akhil as a reviewer for the Adreno driver"
In reply to: Borislav Petkov: "Re: [PATCH 1/3] x86: fix access_ok() and valid_user_address() using wrong USER_PTR_MAX in modules"
Next in thread: Borislav Petkov: "Re: [PATCH 1/3] x86: fix access_ok() and valid_user_address() using wrong USER_PTR_MAX in modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Linus Torvalds

Date: Tue Nov 04 2025 - 17:06:39 EST

On Wed, 5 Nov 2025 at 05:18, Borislav Petkov <bp@xxxxxxxxx> wrote:
>
> On Wed, Nov 05, 2025 at 04:07:44AM +0900, Linus Torvalds wrote:
> > In fact, Josh Poimboeuf tried to do that __get_user() fix fairly
> > recently, but he hit at least the "coco" code mis-using this thing.
> >
> > See vc_read_mem() in arch/x86/coco/sev/vc-handle.c.
>
> So Tom and I did pre-fault this whole deal just now: so we need an atomic way
> to figure out whether we'll fault on the address and then handle that result
> properly. Which we do. So we only need to know whether it'll fault or not,
> without sleeping.
>
> So the question is, what would be an alternative to do that? Should we do
> something homegrown?

So I think that since it's x86-specific code, maybe something
homegrown is the way to go. I mean, that cdoe already effectively is.

With a *BIG* comment about what is going on, something like

pagefault_disable();
stac();
unsafe_get_user(val, ptr, fault_label);
clac();
pagefault_enable();
return 0;

fault_label:
clac();
return 1;

but any other users of __get_user() that aren't in x86-specific code
can't do that, so I do think it's probably better to just migrate the
*good* cases - the ones known to actually be about user space - away
from __get_user() and just leave these turds alone.

Linus