From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C7C74C7EE2A
	for <linux-mm@archiver.kernel.org>; Tue, 24 Jun 2025 05:49:09 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 55B6E6B00A7; Tue, 24 Jun 2025 01:49:09 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5336F6B00A8; Tue, 24 Jun 2025 01:49:09 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 46FD86B00A9; Tue, 24 Jun 2025 01:49:09 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 3802B6B00A7
	for <linux-mm@kvack.org>; Tue, 24 Jun 2025 01:49:09 -0400 (EDT)
Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 8893C141994
	for <linux-mm@kvack.org>; Tue, 24 Jun 2025 05:49:08 +0000 (UTC)
X-FDA: 83589215976.15.C7633D7
Received: from pegase1.c-s.fr (pegase1.c-s.fr [93.17.236.30])
	by imf03.hostedemail.com (Postfix) with ESMTP id 6F6AE20008
	for <linux-mm@kvack.org>; Tue, 24 Jun 2025 05:49:06 +0000 (UTC)
Authentication-Results: imf03.hostedemail.com;
	dkim=none;
	spf=pass (imf03.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu;
	dmarc=pass (policy=quarantine) header.from=csgroup.eu
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1750744146;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=2Vxy75RJgMKu3B8tS63p7PxkIPm8NMgd8FlTRr9EKfM=;
	b=wfSSYGMNWWYlFHcLiiOVJiFMB9F4PDzOQIdAt6zPkvamuKz3m7FOFoooCwuYm8h1QhLpJy
	ZjGAvSs733+UvgqKYPzen3mfa9ifDnh7hfDcv9HiPsQMPAKN4/E54mj+Ks5yz+yBDqAuv7
	0piF3Ck/RlPhLFwZYNc0gVqxBFtN3vw=
ARC-Authentication-Results: i=1;
	imf03.hostedemail.com;
	dkim=none;
	spf=pass (imf03.hostedemail.com: domain of christophe.leroy@csgroup.eu designates 93.17.236.30 as permitted sender) smtp.mailfrom=christophe.leroy@csgroup.eu;
	dmarc=pass (policy=quarantine) header.from=csgroup.eu
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750744146; a=rsa-sha256;
	cv=none;
	b=W0LkQw8UmbDG8R2B/3NzE4SylK0b7bajoNoXOA4iVw75GEpzJ7olqFxEBUEDal4nftRCh5
	w7kFPDPzc/U53cSNnDHJ0q0citRtzBosCFKeLNtTgUem7T8CDptSsSjdfy8Ph9UuYT5w8D
	zdPbQV+EKykDNN8aaZndccLD00PXnQQ=
Received: from localhost (mailhub3.si.c-s.fr [192.168.12.233])
	by localhost (Postfix) with ESMTP id 4bRDXc6lZ6z9sSD;
	Tue, 24 Jun 2025 07:49:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
	by localhost (pegase1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 6SIPJQNC9zCD; Tue, 24 Jun 2025 07:49:04 +0200 (CEST)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
	by pegase1.c-s.fr (Postfix) with ESMTP id 4bRDXc5TpXz9sYQ;
	Tue, 24 Jun 2025 07:49:04 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by messagerie.si.c-s.fr (Postfix) with ESMTP id 5C7138B768;
	Tue, 24 Jun 2025 07:49:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
	by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
	with ESMTP id 7ZgexA602m3K; Tue, 24 Jun 2025 07:49:04 +0200 (CEST)
Received: from [192.168.235.99] (unknown [192.168.235.99])
	by messagerie.si.c-s.fr (Postfix) with ESMTP id 79C188B767;
	Tue, 24 Jun 2025 07:49:03 +0200 (CEST)
Message-ID: <2f569008-dd66-4bb6-bf5e-f2317bb95e10@csgroup.eu>
Date: Tue, 24 Jun 2025 07:49:03 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 2/5] uaccess: Add speculation barrier to
 copy_from_user_iter()
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin
 <npiggin@gmail.com>, Naveen N Rao <naveen@kernel.org>,
 Madhavan Srinivasan <maddy@linux.ibm.com>,
 Alexander Viro <viro@zeniv.linux.org.uk>,
 Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 Peter Zijlstra <peterz@infradead.org>, Darren Hart <dvhart@infradead.org>,
 Davidlohr Bueso <dave@stgolabs.net>, Andre Almeida <andrealmeid@igalia.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 David Laight <david.laight.linux@gmail.com>,
 Dave Hansen <dave.hansen@linux.intel.com>, linux-kernel@vger.kernel.org,
 linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org,
 linux-mm@kvack.org
References: <cover.1750585239.git.christophe.leroy@csgroup.eu>
 <f4b2a32853b5daba7aeac9e9b96ec1ab88981589.1750585239.git.christophe.leroy@csgroup.eu>
 <CAHk-=wj4P6p1kBVW7aJbWAOGJZkB7fXFmwaXLieBRhjmvnWgvQ@mail.gmail.com>
Content-Language: fr-FR
From: Christophe Leroy <christophe.leroy@csgroup.eu>
In-Reply-To: <CAHk-=wj4P6p1kBVW7aJbWAOGJZkB7fXFmwaXLieBRhjmvnWgvQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 6F6AE20008
X-Stat-Signature: kbdj78iyjw4r6xsa9rqr1uyjom8y1q3k
X-Rspam-User: 
X-HE-Tag: 1750744146-574302
X-HE-Meta: U2FsdGVkX19BaSLU5t3UlFzDudcILi6w0gJ7JJa95Xla76/nz0pcuHQ9NNGDpUAP1k96GifEb01KDvnwNr6W77UXFkFsgQHcuHwRov89LuxnlonwJU2F5RqnXkNLDiuuU01i/m7UwH8WXkZ9vwDvds+3wzSPZ4QqjEknSVndlyBzV+zAL0S85aQCQFw8g6WjSV8xwF6/M2groS2TvZac/03oj/jDNRMISLDNCdm8LpoblvfhteajlnotCyi+vECO2HrrOimx3aypyicfQOCz82Rr4HfnvVU05a4qPTIuGumL6VAGPRh2AaUfInFQCZk1L30qMSwwoYnA1+dRhCDQeuOIVOGAe+JXam3qyjuvpdIovTDkgtehYKyQjjAAi8Ui0oNIat9LCZHUNFOo2RYitn2SKECKNjyk5JmqYE0giw7q7cNWR+fJidhtbtED1a7Mh6r2APk1TdtYeJJ1xCVAd2CNF0ZC328OR7lcd2el2rHvl9XgMUtSK/T1Jc6s4/1KDmLeGcqTMqKXzqvY6bWwmUOgOJ1ZuhSX//HCIcZYaIWfw/AupNTntKUjE9mg+KQ/JFRaeb0g9U5exox3/feJ4dvsyWLp1eMZufII9opRLTcQvzDvJ85ybHTcYW/YzwCBZJooXBQo8Aq0WfU6Tc7taIg5+uc5NRNiwFhpbjhA4CTgbXpTvZ4if/wnKfaZ2Xz2Po9IaGacGS9oivd7EQur6LLURPJnCJOEtkKBsmCy8MdroDEm9opjlHJ4Dh2YxPwTjRD5YKo7lfpZa/XOzo9DQzfvk5e8BvHXHblxHck2E34rgpI75PjmMokfC1kPiTJ/xwDEMZoADoKsT36nk/qQhJIF1KAqqmaJ6tqk2VO5BfAPqzIiAv4/znl73xgGXnS49wcyHn//ELK9RdEE+isFLmlz7dyYy4nINUYjeI7321a/kPrR1G+eHRixmunRy7a1IMC56tjnbZdSs1Tr3+K
 1X5JZydi
 TlD8sFi+07giqjGVlunpGwriKN3wgPpcbbUKtVIJrJZbt8Balf0otklqkT+4Xu/2h80vaSQNIi+MJOPzKfEmDjkSDwD5ctRixiT0tKjlxNVAYe4xJHFaU54vksxGXxWskYHJMUrAdM0ABhz0jYh7KgHUf/8DnEVfi/xAvpN+PAA+kInIorgokRH8edgZrBkShkalcUq0TQhI+QBZU65sXsHzIjKmHpmakWoW+bcY9tqLsEu9oJGl8vmNq6PK+m0bRfiIBc1eG6fGp6vxGDiFXdbGGcpTNs3830bH/CllQZQy8WMDKLkhVowV4UoG6SPoztKzu2CkeIwYjtE37tgdbpA2piLrfnVS+zTGxP62GPxGUkZ74pkRPtWnQtg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>



Le 22/06/2025 à 18:57, Linus Torvalds a écrit :
> On Sun, 22 Jun 2025 at 02:52, Christophe Leroy
> <christophe.leroy@csgroup.eu> wrote:
>>
>> The results of "access_ok()" can be mis-speculated.
> 
> Hmm. This code is critical. I think it should be converted to use that
> masked address thing if we have to add it here.

Ok, I'll add it.

> 
> And at some point this access_ok() didn't even exist, because we check
> the addresses at iter creation time. So this one might be a "belt and
> suspenders" check, rather than something critical.
> 
> (Although I also suspect that when we added ITER_UBUF we might have
> created cases where those user addresses aren't checked at iter
> creation time any more).
> 

Let's take the follow path as an exemple:

snd_pcm_ioctl(SNDRV_PCM_IOCTL_WRITEI_FRAMES)
   snd_pcm_common_ioctl()
     snd_pcm_xferi_frames_ioctl()
       snd_pcm_lib_write()
         __snd_pcm_lib_xfer()
           default_write_copy()
             copy_from_iter()
               _copy_from_iter()
                 __copy_from_iter()
                   iterate_and_advance()
                     iterate_and_advance2()
                       iterate_iovec()
                         copy_from_user_iter()

As far as I can see, none of those functions check the accessibility of 
the iovec. Am I missing something ?

Christophe