From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 14AB7C4829A
	for <linux-mm@archiver.kernel.org>; Sat, 10 Feb 2024 11:07:46 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0FC386B006E; Sat, 10 Feb 2024 06:07:45 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 0856D6B0072; Sat, 10 Feb 2024 06:07:45 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E40806B0074; Sat, 10 Feb 2024 06:07:44 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id D13506B006E
	for <linux-mm@kvack.org>; Sat, 10 Feb 2024 06:07:44 -0500 (EST)
Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 5A75F40294
	for <linux-mm@kvack.org>; Sat, 10 Feb 2024 11:07:44 +0000 (UTC)
X-FDA: 81775618848.05.081B0D0
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24])
	by imf17.hostedemail.com (Postfix) with ESMTP id 164C840011
	for <linux-mm@kvack.org>; Sat, 10 Feb 2024 11:07:41 +0000 (UTC)
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=arndb.de header.s=fm3 header.b=Fqn+q85q;
	dkim=pass header.d=messagingengine.com header.s=fm3 header.b=cGJX3AQm;
	dmarc=pass (policy=none) header.from=arndb.de;
	spf=pass (imf17.hostedemail.com: domain of arnd@arndb.de designates 64.147.123.24 as permitted sender) smtp.mailfrom=arnd@arndb.de
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1707563262;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=9uilVm3D/MMbser1uZtQKDyGLwAzTQ8TW6+338pZ8yw=;
	b=0kfQ/iBfNlHxbcorNak+bHKBgLEsWlkh1KMlzacnEaMilDeDHruZfrrY90xqu1GugoQZro
	ORk1lBu2v8iJ/tGQIH4As87DUBR9apm2O5zBy9JfQlGhbyYvpiK5pO28kOqCe8mO7MD47y
	u2wZuf5iDd+rn0qzQJsfeGI175cUplg=
ARC-Authentication-Results: i=1;
	imf17.hostedemail.com;
	dkim=pass header.d=arndb.de header.s=fm3 header.b=Fqn+q85q;
	dkim=pass header.d=messagingengine.com header.s=fm3 header.b=cGJX3AQm;
	dmarc=pass (policy=none) header.from=arndb.de;
	spf=pass (imf17.hostedemail.com: domain of arnd@arndb.de designates 64.147.123.24 as permitted sender) smtp.mailfrom=arnd@arndb.de
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707563262; a=rsa-sha256;
	cv=none;
	b=s19tzbQ99th/Z+eWe933E6Y8DWCrwTr/OVE9ak9DQ7kjY0iSIOxIeTkUQvtMvfW3rejBal
	d1I70ssoSnEpg7OGrA3dPMDejfe5F731SEkxgk1y8cp0i0iPY0PGwB9CQvLDveAVeEws6o
	l1C8E8vJTcxx7jRGz51bqlqg151VkvY=
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.west.internal (Postfix) with ESMTP id 0C7483200A5F;
	Sat, 10 Feb 2024 06:07:36 -0500 (EST)
Received: from imap51 ([10.202.2.101])
  by compute5.internal (MEProxy); Sat, 10 Feb 2024 06:07:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1707563256; x=1707649656; bh=9uilVm3D/M
	Mbser1uZtQKDyGLwAzTQ8TW6+338pZ8yw=; b=Fqn+q85qMMTQgeeFDEsmpSIl2D
	X3wNRSmv45afnLiC/uz8FvyWsAnpz00Cz6lkz6/Qo+1U4GtPScr2zsY4S5Y/nyW8
	3kBnJO9nN5adabBnZPZYuHAkoVkeeW70nTYu6inc3Y8ocmZO3p3aFJ0gvP+JLAk4
	By+xNlMVc7JIAzzWClOinLWJqp/a+uxVbWPTMDHHv9cpf4fg8Hv47ZGQ4JtWInir
	mXsx3boylvQ8R75ePufpt3Em0Z2QnKzNG/JjNQc4V77/xNSrc1xkB9AFEnSgmRhe
	eGSY6f9/Q7uMi9iqv33H+k/oOnGy+lqSePzIXROCpjnTZj2v1gW/5JqYlrtg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm3; t=1707563256; x=1707649656; bh=9uilVm3D/MMbser1uZtQKDyGLwAz
	TQ8TW6+338pZ8yw=; b=cGJX3AQm22MSYxwVTGgvL+mgcY4JAQMN0KbgVweiVAbs
	TVpoRaiY4GVG/HHa1pHNi3eQcdI5Zy1Hq3o8ko/AewZttye6TQSmzVoPDVMKz2os
	55W+wOUdwZwpjgiiS8Q6zmVGMU8S4CK1cGOh2RwN4bfAmvdcL9J30DTDg+LI+GPa
	++vToLjf6IOS6fLd6oGS9rft/KqjMveBHGcfsh1U+uY3e+VOFrCReP5b26OUrw0L
	PQVM/0zeulSDYmyxthLgv3sqn4HrENEuA8h9a9GhjIAixOHa/Bpi4kgpAbsyAEjG
	V0O4v0DyyUbB0iPyqTOpQbU2c/T8JrD4n3Gk8O2wQg==
X-ME-Sender: <xms:91jHZZyHoCprPvf4x45yC4a6Yjtx14hY3whrUarkrclAriDtYHFywA>
    <xme:91jHZZQB9vO3o2F9iB_N7qUlh9pXH9o-N4A-bySiNgzUf3Mdk1IeAvJM9h6TJ4RrL
    lLp1lO_ZZEsDgoYcF0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrtdekgddvfecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdetrhhn
    ugcuuegvrhhgmhgrnhhnfdcuoegrrhhnugesrghrnhgusgdruggvqeenucggtffrrghtth
    gvrhhnpeffheeugeetiefhgeethfejgfdtuefggeejleehjeeutefhfeeggefhkedtkeet
    ffenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrh
    hnugesrghrnhgusgdruggv
X-ME-Proxy: <xmx:91jHZTX8-ag8N1lBgGiGUHJ8h95C2odBrVs-GDUgvdgngwVz7Xwoqg>
    <xmx:91jHZbhsx0Yx6UfJEo6P27knUhwPnVoHb-fC5cQuZ629_7wqnxHaPw>
    <xmx:91jHZbBeelQa3F2V7VZUfRDxTE_znH00nxalAS9KxgdKlpHd64gu4Q>
    <xmx:-FjHZZ5K-wwnea69aZ0UT8lCYw4q95jy73IL340a9VETyzE5kXJ8mg>
Feedback-ID: i56a14606:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id BE585B6008D; Sat, 10 Feb 2024 06:07:35 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-144-ge5821d614e-fm-20240125.002-ge5821d61
MIME-Version: 1.0
Message-Id: <4f0eb08d-bb5d-4544-aeba-ac9d8a663005@app.fastmail.com>
In-Reply-To: <202402091606.A181673F0A@keescook>
References: <20240208-alice-mm-v2-0-d821250204a6@google.com>
 <20240208-alice-mm-v2-2-d821250204a6@google.com>
 <202402091606.A181673F0A@keescook>
Date: Sat, 10 Feb 2024 12:07:14 +0100
From: "Arnd Bergmann" <arnd@arndb.de>
To: "Kees Cook" <keescook@chromium.org>, "Alice Ryhl" <aliceryhl@google.com>
Cc: "Miguel Ojeda" <ojeda@kernel.org>, "Alex Gaynor" <alex.gaynor@gmail.com>,
 "Wedson Almeida Filho" <wedsonaf@gmail.com>,
 "Boqun Feng" <boqun.feng@gmail.com>, "Gary Guo" <gary@garyguo.net>,
 =?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>,
 "Benno Lossin" <benno.lossin@proton.me>,
 "Andreas Hindborg" <a.hindborg@samsung.com>,
 "Alexander Viro" <viro@zeniv.linux.org.uk>,
 "Andrew Morton" <akpm@linux-foundation.org>,
 "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
 =?UTF-8?Q?Arve_Hj=C3=B8nnev=C3=A5g?= <arve@android.com>,
 "Todd Kjos" <tkjos@android.com>, "Martijn Coenen" <maco@android.com>,
 "Joel Fernandes" <joel@joelfernandes.org>,
 "Carlos Llamas" <cmllamas@google.com>,
 "Suren Baghdasaryan" <surenb@google.com>, linux-mm@kvack.org,
 linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org,
 "Christian Brauner" <brauner@kernel.org>
Subject: Re: [PATCH v2 2/4] uaccess: always export _copy_[from|to]_user with
 CONFIG_RUST
Content-Type: text/plain
X-Rspamd-Queue-Id: 164C840011
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Stat-Signature: isnz5ie1dj5xn4uyggj6wm8j5rgortnx
X-HE-Tag: 1707563261-221517
X-HE-Meta: U2FsdGVkX1+V1xyZy/qEukJRN2TPqI1dIfsr2VhVRcHD6xsFmDGYOM41VAWXUBDRmjxqsquocyC0TWSawdKa5m11/RgpmvAyNsufPLo2TFQoFY+6Mapk79F2w+6xapJSSC99FrOylzNsom2tAAm/X91Va99x8pH6Uim6XpjwEZ8V+NiQzScSa9HCoVdsWpWd7vuwHyHIAQlPYDsnvpAxOy+2P6HlkZTsEhHPcDTdF0RVK2LvmM8ra5b72U7AwaCiV/m1wA9MSQkWItkQxV6xWrvOP1F2lB+cjCZyjSgGsNIoC4joVLf8BWb6e6nZVWZs53ZHBtwxbhTFg3U9kWnQOcbHz8zJCoVz5zof+4Io3SrI6UePW9r/aXKi2bx6nVGq1hkp9MvHbj17Q3pC28kast+EFfsTex9mSi6KMMERdKBUePG09m9uBMSp6vHGo9c1T8nIW83xtu8m8cFK/jj3zD1BV5GQ4Lg4meBxabyr2dwXAyKv5AxQ41rIcsqvCRjqcTQYtU4IqOBu6I2WUgpD05RK/uBJMHVnmmyvwPOSV/4Qbwu3u2Kp0bB2+5C1lNyis+kemqFkFoMIxNf14pNLJbKQt5E0INY+KpzPlSRdS2hOja1e9YFciwPwPpbulnNRNcT7FVNfBPSEqBMNO5Ya2EqVXHueMMbuzvZqZ48IQgotBCnDREUrU9/5GhcWlJ5ZOFbZ3BNTf7GF0RHD5agtmr6seQvPS0g4cmcqDv04CuLeyokEerPmXN7XBGFxUjK4oXDPiLJdNbmyzimPid+ncC6Y7bu/ik0AyHF7b8VngBWwylAWxAkTw+8VEF+RSwcLODTGWIMHL0oNxSdmO/ShhPEHq0/KdCKpV00VCPKjjG1kxsp0fR7Zrw+dQzxaARWHUcXJUZ/ySMNODdY5My07IBwVmkkJe+SUknFV82TZgTBHsoFhbMhQIBljEoHRLysCBeguYIseskdrtPesVnW
 WEMMfNd1
 wEd37XixnC8oDXBPPpqloZbfdcuZ/PDTmD2CJZwb59OxYwNzRBbhZ6IG/rDz27YcoyiCY1+G7IR8l0VgMQ9bbsVWTqmM82GmSi1ZGT0jDeMIVp4M1N8tuwgLrN+4DyOuwY/qX9AkhT1ycHpGE+eq1MkPC2uWR93Xox5HMAfbMUMRWVkcCPibp0bjc7PSOQO1Ws/ktE1VwH/aRp5BSa0+syHdhIpVmDzjzNVS/RbCsEW2MFhokwRbCE2+rhArsSZRC11hyr7ljwBjAJzLsFFnvIC/H26+fw2RBIsD7
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Sat, Feb 10, 2024, at 01:15, Kees Cook wrote:
> On Thu, Feb 08, 2024 at 03:47:52PM +0000, Alice Ryhl wrote:
>>  	unsigned long res = n;
>>  	might_fault();
>>  	if (!should_fail_usercopy() && likely(access_ok(from, n))) {
>> +		/*
>> +		 * Ensure that bad access_ok() speculation will not
>> +		 * lead to nasty side effects *after* the copy is
>> +		 * finished:
>> +		 */
>> +		barrier_nospec();
>
> This means all callers just gained this barrier. That's a behavioral
> change -- is it intentional here? I don't see it mentioned in the commit
> log.

My bad, I probably should have explained it when I did the
patch as this is very subtle:

The barrier_nospec() definition is a nop on everything other
than x86 and powerpc, but those two were using the out-of-line
version that did in fact use it.

After this patch, the out-of-line function calls the inline
function, so it needs to be added here to keep the behavior
unchanged on the architectures that need it. For the rest,
this change has no effect.

     Arnd