Re: [PATCH v1 01/15] powerpc/uaccess: Remove __get_user_allowed() and unsafe_op_wrap()
Le 01/03/2021 à 23:02, Daniel Axtens a écrit : Christophe Leroy writes: Those two macros have only one user which is unsafe_get_user(). Put everything in one place and remove them. Signed-off-by: Christophe Leroy --- arch/powerpc/include/asm/uaccess.h | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 78e2a3990eab..8cbf3e3874f1 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -53,9 +53,6 @@ static inline bool __access_ok(unsigned long addr, unsigned long size) #define __put_user(x, ptr) \ __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) -#define __get_user_allowed(x, ptr) \ - __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false) - #define __get_user_inatomic(x, ptr) \ __get_user_nosleep((x), (ptr), sizeof(*(ptr))) #define __put_user_inatomic(x, ptr) \ @@ -482,8 +479,11 @@ user_write_access_begin(const void __user *ptr, size_t len) #define user_write_access_begin user_write_access_begin #define user_write_access_end prevent_current_write_to_user -#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0) -#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e) +#define unsafe_get_user(x, p, e) do { \ + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ + goto e; \ +} while (0) + This seems correct to me. Checkpatch does have one check that is relevant: CHECK: Macro argument reuse 'p' - possible side-effects? #36: FILE: arch/powerpc/include/asm/uaccess.h:482: +#define unsafe_get_user(x, p, e) do { \ + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ + goto e; \ +} while (0) Given that we are already creating a new block, should we do something like this (completely untested): #define unsafe_get_user(x, p, e) do { \ __typeof__(p) __p = (p); if (unlikely(__get_user_nocheck((x), (__p), sizeof(*(__p)), false)))\ goto e; \ } while (0) As mentioned by Segher, this is not needed, sizeof(p) doesn't evaluate (p) so (p) is only evaluated once in the macro, so no risk of side-effects with that. Christophe
Re: [PATCH v1 01/15] powerpc/uaccess: Remove __get_user_allowed() and unsafe_op_wrap()
On Tue, Mar 02, 2021 at 09:02:54AM +1100, Daniel Axtens wrote: > Checkpatch does have one check that is relevant: > > CHECK: Macro argument reuse 'p' - possible side-effects? > #36: FILE: arch/powerpc/include/asm/uaccess.h:482: > +#define unsafe_get_user(x, p, e) do { > \ > + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ > + goto e; \ > +} while (0) sizeof (of something other than a VLA) does not evaluate its operand. The checkpatch warning is incorrect (well, it does say "possible" -- it just didn't find a possible problem here). You can write bla = sizeof *p++; and p is *not* incremented. Segher
Re: [PATCH v1 01/15] powerpc/uaccess: Remove __get_user_allowed() and unsafe_op_wrap()
Christophe Leroy writes: > Those two macros have only one user which is unsafe_get_user(). > > Put everything in one place and remove them. > > Signed-off-by: Christophe Leroy > --- > arch/powerpc/include/asm/uaccess.h | 10 +- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/arch/powerpc/include/asm/uaccess.h > b/arch/powerpc/include/asm/uaccess.h > index 78e2a3990eab..8cbf3e3874f1 100644 > --- a/arch/powerpc/include/asm/uaccess.h > +++ b/arch/powerpc/include/asm/uaccess.h > @@ -53,9 +53,6 @@ static inline bool __access_ok(unsigned long addr, unsigned > long size) > #define __put_user(x, ptr) \ > __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) > > -#define __get_user_allowed(x, ptr) \ > - __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false) > - > #define __get_user_inatomic(x, ptr) \ > __get_user_nosleep((x), (ptr), sizeof(*(ptr))) > #define __put_user_inatomic(x, ptr) \ > @@ -482,8 +479,11 @@ user_write_access_begin(const void __user *ptr, size_t > len) > #define user_write_access_begin user_write_access_begin > #define user_write_access_endprevent_current_write_to_user > > -#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0) > -#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e) > +#define unsafe_get_user(x, p, e) do { > \ > + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ > + goto e; \ > +} while (0) > + This seems correct to me. Checkpatch does have one check that is relevant: CHECK: Macro argument reuse 'p' - possible side-effects? #36: FILE: arch/powerpc/include/asm/uaccess.h:482: +#define unsafe_get_user(x, p, e) do { \ + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ + goto e; \ +} while (0) Given that we are already creating a new block, should we do something like this (completely untested): #define unsafe_get_user(x, p, e) do { \ __typeof__(p) __p = (p); if (unlikely(__get_user_nocheck((x), (__p), sizeof(*(__p)), false)))\ goto e; \ } while (0) Kind regards, Daniel > #define unsafe_put_user(x, p, e) \ > __unsafe_put_user_goto((__typeof__(*(p)))(x), (p), sizeof(*(p)), e) > > -- > 2.25.0
[PATCH v1 01/15] powerpc/uaccess: Remove __get_user_allowed() and unsafe_op_wrap()
Those two macros have only one user which is unsafe_get_user(). Put everything in one place and remove them. Signed-off-by: Christophe Leroy --- arch/powerpc/include/asm/uaccess.h | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 78e2a3990eab..8cbf3e3874f1 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -53,9 +53,6 @@ static inline bool __access_ok(unsigned long addr, unsigned long size) #define __put_user(x, ptr) \ __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) -#define __get_user_allowed(x, ptr) \ - __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false) - #define __get_user_inatomic(x, ptr) \ __get_user_nosleep((x), (ptr), sizeof(*(ptr))) #define __put_user_inatomic(x, ptr) \ @@ -482,8 +479,11 @@ user_write_access_begin(const void __user *ptr, size_t len) #define user_write_access_beginuser_write_access_begin #define user_write_access_end prevent_current_write_to_user -#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0) -#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e) +#define unsafe_get_user(x, p, e) do { \ + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ + goto e; \ +} while (0) + #define unsafe_put_user(x, p, e) \ __unsafe_put_user_goto((__typeof__(*(p)))(x), (p), sizeof(*(p)), e) -- 2.25.0