From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 46267C48BC4
	for <linux-mm@archiver.kernel.org>; Wed, 14 Feb 2024 10:51:52 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id CF36B6B00A3; Wed, 14 Feb 2024 05:51:51 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CA2E98D0001; Wed, 14 Feb 2024 05:51:51 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B6B226B00A5; Wed, 14 Feb 2024 05:51:51 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id A650D6B00A3
	for <linux-mm@kvack.org>; Wed, 14 Feb 2024 05:51:51 -0500 (EST)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 17C8DC0D63
	for <linux-mm@kvack.org>; Wed, 14 Feb 2024 10:51:51 +0000 (UTC)
X-FDA: 81790094022.30.3791080
Received: from mail-vk1-f175.google.com (mail-vk1-f175.google.com [209.85.221.175])
	by imf20.hostedemail.com (Postfix) with ESMTP id 328831C000D
	for <linux-mm@kvack.org>; Wed, 14 Feb 2024 10:51:48 +0000 (UTC)
Authentication-Results: imf20.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b="fllX/g/E";
	spf=pass (imf20.hostedemail.com: domain of aliceryhl@google.com designates 209.85.221.175 as permitted sender) smtp.mailfrom=aliceryhl@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1707907909;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=2g1mQizjkEn3VxHNfnwCGd5SJVNpMNtdqZQAgI51wCU=;
	b=GYzwZ+hUgLxyrhtQk4Eed5cmHE/HkN48Mu3pF/LBJjUsIMDGCTPYdaO409DbCcPkvSy8qS
	OCx9K+Ssig7/LCmQHm/ZEbvkn9ez5rST1E027GGCIaTdSk6S8RdD3mi+6q/j02Jf8EP82q
	HJ9fegNty2bQIVx3r4ZmUPcsJfEvWi0=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707907909; a=rsa-sha256;
	cv=none;
	b=fdagGH5vqv6EiA8/rPUgm++rAJoAVXI9aPUbAnmsHDj3nf8He1yVlYBhdTR3rnDCitI0Eu
	UsFQgbqSCO7BcnMixjIezdm8a6Orqpbzj3hwRcYJEItHvcY+UT9Bg41BBV/TfxMy05o9wm
	Z1kD1UEofcLYy9Ak4htA7Koi0Ni2Rmc=
ARC-Authentication-Results: i=1;
	imf20.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b="fllX/g/E";
	spf=pass (imf20.hostedemail.com: domain of aliceryhl@google.com designates 209.85.221.175 as permitted sender) smtp.mailfrom=aliceryhl@google.com;
	dmarc=pass (policy=reject) header.from=google.com
Received: by mail-vk1-f175.google.com with SMTP id 71dfb90a1353d-4b978e5e240so1959973e0c.0
        for <linux-mm@kvack.org>; Wed, 14 Feb 2024 02:51:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1707907908; x=1708512708; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=2g1mQizjkEn3VxHNfnwCGd5SJVNpMNtdqZQAgI51wCU=;
        b=fllX/g/ELwgotJilhoPuED50ONAnfEjSbO8abendk9Vb1De9Oxo+IEiQwQkY+U6Y8A
         17O4vnvjpS54n+i4mE756T4be/bDy1ey/gIjnXymPfIXMfuJm/eCTO2KWhmhe+uAbT+5
         v3gZqmAXIes3EZHf5nBZMUbmhiLTyrS0o44MdFIdQU2aJLtvNDZ9CaC5QqgeC6Lcx0Jz
         ozoPaQ4fwOI5KL4dc7ldvra3gtb16ai/tnymCBOMFvGGoyzp5662ZcBvfg8WpQWwRfwM
         rz6G+MsFm5FzEh6ZNSnQMbq+XScBZ4Eb7dHQxHnYtduSyxuffLZXHiiGUpypRzNJyrha
         tFZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1707907908; x=1708512708;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=2g1mQizjkEn3VxHNfnwCGd5SJVNpMNtdqZQAgI51wCU=;
        b=wLnaypy21njGwNkzAxhL6qKhJf/dwKcDlgJbm2by2UxqdBA80W8jc6FC3QHockMlxR
         tHPhAMzNG2NlynV39OuXw4jcQfdI0dVfNjEZM2CcDJ8ybF9k+gVMZPQHYAkojafxkfEp
         MikFtQCLhfUIqp0TtvzVVjaU6E4s25SYuUlOkrABwPDNBXUwRq8p0fTyOVKQqYOGIgkN
         kCpqhGpJ9HMVum5vqgj7URhdDB3xuMbmdqhu7uYHpGuDAR6QNP1WEhHVOFu/rMG25b2A
         qdkBaQIEW59C+FCJ7MXIs2NJLyAezffsn6eUni8Oa5sZ6G1HP3l+ySCzdhAU7+jXixHH
         WUPA==
X-Forwarded-Encrypted: i=1; AJvYcCVxYVRUZNW7F3aYbTwX/dlY0mdshTlAS9zOOxqrVcuZSpTGBfFStLnuP5so6aMXwi3jJFmGU7LjTKBWvKaEoDq27QA=
X-Gm-Message-State: AOJu0Ywx28Jh4jfumkGf/206ACHHwRVogmFi4rWvjSVWh8LT9mksozqV
	hkWL58WLzo47NlByfUGSwv/sRCqv/IV109+ntk1NrUeU/UddD91DTCSkk6SN4yhTpZ5UpTcITpr
	VImScM1AKFohIGWDTwNuphiivUSFD2EWzMbkf
X-Google-Smtp-Source: AGHT+IExci4zElcZtqMQOuT6NK38iGJAdkqnfcCqnUfNn0vIoBFYe9CwwBiX3ybhUh7K3qqNBm1b+K7r0Iz04LypLPw=
X-Received: by 2002:a1f:e084:0:b0:4c0:2a9f:d3ec with SMTP id
 x126-20020a1fe084000000b004c02a9fd3ecmr2466287vkg.6.1707907908067; Wed, 14
 Feb 2024 02:51:48 -0800 (PST)
MIME-Version: 1.0
References: <20240208-alice-mm-v2-0-d821250204a6@google.com>
 <20240208-alice-mm-v2-2-d821250204a6@google.com> <202402091606.A181673F0A@keescook>
In-Reply-To: <202402091606.A181673F0A@keescook>
From: Alice Ryhl <aliceryhl@google.com>
Date: Wed, 14 Feb 2024 11:51:36 +0100
Message-ID: <CAH5fLggZc_Fxi1gjx9jxGDgyYOj1NLz5MYxzRxEja6vV0WffGg@mail.gmail.com>
Subject: Re: [PATCH v2 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST
To: Kees Cook <keescook@chromium.org>
Cc: Miguel Ojeda <ojeda@kernel.org>, Alex Gaynor <alex.gaynor@gmail.com>, 
	Wedson Almeida Filho <wedsonaf@gmail.com>, Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>, 
	=?UTF-8?Q?Bj=C3=B6rn_Roy_Baron?= <bjorn3_gh@protonmail.com>, 
	Benno Lossin <benno.lossin@proton.me>, Andreas Hindborg <a.hindborg@samsung.com>, 
	Al Viro <viro@zeniv.linux.org.uk>, Andrew Morton <akpm@linux-foundation.org>, 
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>, =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= <arve@android.com>, 
	Todd Kjos <tkjos@android.com>, Martijn Coenen <maco@android.com>, 
	Joel Fernandes <joel@joelfernandes.org>, Carlos Llamas <cmllamas@google.com>, 
	Suren Baghdasaryan <surenb@google.com>, Arnd Bergmann <arnd@arndb.de>, linux-mm@kvack.org, 
	linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, 
	Christian Brauner <brauner@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 328831C000D
X-Rspam-User: 
X-Rspamd-Server: rspam11
X-Stat-Signature: qheafnxjqtd89wmutmrkcxkf1qbaqutu
X-HE-Tag: 1707907908-851446
X-HE-Meta: U2FsdGVkX1/TfuKCQkOaqG4FovcCTQqRPGJM7J9soz1cEbW07IEsoDCnFbJzJN2+una5C7G8cS+82xSWwYPEW1m6waF4sQzhtRwv2QtqCfsDq6rzB4LA6BkwdShbc7JsiUFBUbWVZkHVfp+xyBe+DPx6PUfkYWtTGMe0ZmoHgwCXe72PFbkzjIh0hcECllZFf190NqiEFQMIAxA6ulGlCZ1BAnE+NMX0DfZQFBtF0J1tuo0Oyrabp65dTVdhXTGN/YxP2NjoZ4VF/KJ/xK5JiBW65AE6qmVSE/EA4krvEnXjk0Z7TRVwVlPqrAKz3Dsa6EyYRz6KnpT9cjcKJuvfzLR+AqpKaSU14gtLIHlka3gLvqYr8PikUOjU/mXtRA7/BXoivbPhvJtcvMq64n1CpE+AUTiYxb813Pg59MPoJXZWmkvR/iNHTEMg+yDQwJ+9Lw/m1LdmUuaEmO+8x+Ok48D74yg520DXrvp1AlsY2jpXk7hJ2DTByQXsuLCWFSlqGbsUu3j0eN3eaewvtt7Ry/avoQeW39hC9IgPNYjy8nIvMX8H40mjaJudHiI7VBjykQhYufvLU++poPTSQjYMGM1dSBfTDbAZZ1hPHSgjDAWcsk4FC4yZSYXxte46TfiJ4ijSI0sUFMSSQ6c7PedigYmzvwa6dywQSVlWw8AAkvHv/1ubVvwPJZozWlUvB74FYhHnx0huXj5fw2bWpSz5wVuIRxnqEU2oSQ4RtJsvrVZaz76rb2Q/+n4xnvgvy9Xh1wsD7y9GauZaEVWV66fu8KS8OGoA8XGR7nTXY4extY59leVOzTdnumVv2cmWPJxZep/Ao6WDef0EAmkszCNY69iG2U6ZFeTnPwpoi9ySmEKfWl1F1XA2YcOYXR4cznafREH7HwlbVV/IKi+Lap/8Nvyq3rx6Jbdy+sLI2Xmyao1BPOKbw0lP59VzCO0/DAbiwJnOKYqqheHSpVHeqNT
 cfxlVu/Z
 1JNctyvK5ZWnbLl4txOGQM/ACa07rmjfunpv5TlWP7I3k7Vk4xSOXMiI6vphiMnPYKe9lOQonX+SawYDYXG9cBmn6EJwkAKkH2+ofb50H1a0B2pQPZRLEXPJsNIwUA/MQTKKkhxtVJrDSQLoplYXrtrgzsZ/q7fc/lzOtxdJPjiz76X5rN67gkzTdgbYX92myA90O/borNQZnHEtCozeUJheoUCM8oyxKdmltaXnhxYC30w7L4cxOLELewk/+/XKqqJ4xRM8ooueKnVUG9bnlCePg/dBE10nkxGzsgYiIs2WmFMw3AgZP0ecz/NpD9HeaiRTae5RxbFHlPY5wfZ3wr/m69u0iiuHqELcPzlO4icLjctsCv3hfMe0s9sS52VSivUXodBxSGE3HNuyjy19Skw/qR+QWilvr2diU
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Sat, Feb 10, 2024 at 1:15=E2=80=AFAM Kees Cook <keescook@chromium.org> w=
rote:
>
> On Thu, Feb 08, 2024 at 03:47:52PM +0000, Alice Ryhl wrote:
> >       unsigned long res =3D n;
> >       might_fault();
> >       if (!should_fail_usercopy() && likely(access_ok(from, n))) {
> > +             /*
> > +              * Ensure that bad access_ok() speculation will not
> > +              * lead to nasty side effects *after* the copy is
> > +              * finished:
> > +              */
> > +             barrier_nospec();
>
> This means all callers just gained this barrier. That's a behavioral
> change -- is it intentional here? I don't see it mentioned in the commit
> log.
>
> Also did this get tested with the CONFIG_TEST_USER_COPY tests? I would
> expect it to be fine, but better to check and mention it in the commit
> log.

I just ran this with CONFIG_TEST_USER_COPY on x86 using the Android
cuttlefish emulator and it passed there. I also verified that it fails
if I remove the access_ok check. However, the tests succeed even if
the barrier_nospec() call is removed.

That said, it seems like it fails to compile on some other platforms.
It seems like we need to add #include <linux/nospec.h> to uaccess.h to
fix it.

Alice