From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EEC7C77B7F for ; Tue, 24 Jun 2025 15:22:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AECA76B009C; Tue, 24 Jun 2025 11:22:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A9BC06B00A1; Tue, 24 Jun 2025 11:22:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9640D6B00A3; Tue, 24 Jun 2025 11:22:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 8437F6B009C for ; Tue, 24 Jun 2025 11:22:29 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5C7351A0B49 for ; Tue, 24 Jun 2025 15:22:29 +0000 (UTC) X-FDA: 83590660818.19.0D63DAA Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) by imf14.hostedemail.com (Postfix) with ESMTP id 2053B100004 for ; Tue, 24 Jun 2025 15:22:26 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=YjeYSRZp; spf=pass (imf14.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.208.52 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750778547; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=eLkoFblRVcI4qlzicS3evY0eDoBrk4ZSgrPnvsJhZ+Q=; b=2Lkq5DxKmP5bwibcG7r7HE399kuBd+2bZaWP3uGc5I01LTd7ZnTeUNMJmGMATHAZwijaT1 m5ga7N5RnXDFUWxqQ1fq252QzGFcZLVSikwF1M3PB+T8yWVrn1jXe4R1LZoSN7BQLVe+9I jkNkza23RhnqyKs1Ifcbwi46ThkBDmI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750778547; a=rsa-sha256; cv=none; b=Tnh03ROj9cBM1BKQsH9AvPTGzqOAXTgHF6TTitAUTJ6416fqGFKdYrcPz8MZDm+TcFnudW kicS3FxQtgG4fGHv7Y1wIUruZ/TihreRiENsOqc7TLXyHFHPBB3s98iE5/2kmUP2FR+Z1F 4YaoYooS/6BvmBiWsHpQgkObNvQHYxQ= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=YjeYSRZp; spf=pass (imf14.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.208.52 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none Received: by mail-ed1-f52.google.com with SMTP id 4fb4d7f45d1cf-60707b740a6so8359907a12.0 for ; Tue, 24 Jun 2025 08:22:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1750778545; x=1751383345; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eLkoFblRVcI4qlzicS3evY0eDoBrk4ZSgrPnvsJhZ+Q=; b=YjeYSRZpfQQiLae9B9UQWrrlS08SRpC4Pd/vO+fmPZnBkg6P9iP38jcEwbGrrkWkeH WctpII91RZ/nPzBd4pwfY6pxW0dyRf3W8WtKb5j5WLsH1v/APLiRKXq10XSMCw2oEAVV p2divKW68n0zHMV+CHTGjkIVHT7hMt8yYkoQU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750778545; x=1751383345; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eLkoFblRVcI4qlzicS3evY0eDoBrk4ZSgrPnvsJhZ+Q=; b=RyYjLoV58mIqV327VasxTF8kGigNKczXW1rKXga8d1Df6MSDmMHzY5ikf/kz1gQxIg Fn1VJ55fK3Zs+1sXAkCjpgOyB8bTsleTo5qn4FMpL2/6JNQe8SUxv7bcWH1/rUKK+ykb r67Nbgmb+ssUZBVjSCFZTk9F/IZYlgr/7FyhL6h9e9vn23iYV2XqJEaS9V4j56Z73Y2G v6tUMVh/myPLO1kdx5GBHqqrDliDX8MFkNbQ3t96MUTr/pKqqNf8/cV85o7ncG/CEy1l jqDHYFbww9+rb1aPAgzNExVrXV+nPUdqy3aW4aEdwFyQ9GQfpNuoWcdDsWXGsPusjeZG l5GQ== X-Forwarded-Encrypted: i=1; AJvYcCUDdk5wrizQTWLhHZSGPEyKdkvkLNc/e6/stiGA+fSmWpL3DD4H8Pkf5JdNhG2QcyWCuC8MpeiLvg==@kvack.org X-Gm-Message-State: AOJu0Yywd/WnFXIeudZVTimJcgw4wuea/WLzj1MSJW+MJIeboCsLkB8S dVD1y2CpqHSsfOeEdKw/Yp7npsMydp14HRs+yB+j+RtVV2E464VaFkATV4jiS7PhZ41iFjZJAHa YSQB1zQg= X-Gm-Gg: ASbGncuSZxG4MmTikFh9UdeUDyEgkchfVGo9zpeIirP9lFCt1zkWPX7CPIvpaKJOmpU fhqqyO8fjBfgU2Q+xnZjwa/ZkoHjQt0r3KD9WCqkhe4+xWZWnQy2YSyBOqHL6W3+YMb87miqZzS uUcJ5jmT4H4LNaEhVZpTpcqC/aZgbzXgu5JatZrMri9IR16JTDjtUnhsx4Zkcz/LB0qIRFLUI6b RVXvYGBMBm/8Ebj86oRqYw7w1zvBSnjLWv43V8KiavZuQSnygEvNvJLgAxX6VMe5KewM3UcFN0K uWAuwgocenvECeNEtjpgPoc8T6fAZrF4EHSYsjJwjSQ9iWgWKas8dTbhRLeT/yD29o2ylHmSZ1m IeSXINpBIEjdVQArDwDwEJgFGsYpa6Sl8OPPr X-Google-Smtp-Source: AGHT+IHJm2+r1Pqu8U1DZirZXmKE2sBmuD2HhsdRctKdELZ7trjb+wf8Y9s1sl/IUkVR9qD/gJBbCA== X-Received: by 2002:a05:6402:35cc:b0:601:d77f:47d9 with SMTP id 4fb4d7f45d1cf-60a1cd1a8a4mr14193947a12.5.1750778545169; Tue, 24 Jun 2025 08:22:25 -0700 (PDT) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com. [209.85.208.53]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-60c2f196c01sm1176672a12.8.2025.06.24.08.22.24 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 24 Jun 2025 08:22:24 -0700 (PDT) Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-6077dea37easo10410542a12.3 for ; Tue, 24 Jun 2025 08:22:24 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCXlocYj7eNP9SYIYEcfTENMI/TxLexQi5dg6XlDPb1t19wC0//4QpgBLIr/6jrHXn2z+w/EToQpQg==@kvack.org X-Received: by 2002:a05:6402:4308:b0:608:330a:9f67 with SMTP id 4fb4d7f45d1cf-60a1d1a2ecamr15042057a12.32.1750778131214; Tue, 24 Jun 2025 08:15:31 -0700 (PDT) MIME-Version: 1.0 References: <2f569008-dd66-4bb6-bf5e-f2317bb95e10@csgroup.eu> In-Reply-To: <2f569008-dd66-4bb6-bf5e-f2317bb95e10@csgroup.eu> From: Linus Torvalds Date: Tue, 24 Jun 2025 08:15:14 -0700 X-Gmail-Original-Message-ID: X-Gm-Features: Ac12FXyiIOMeVWX36Mt87GnZfIOR3ssqbql1oPQlXRyO409zF_tN4rQRqufbqcw Message-ID: Subject: Re: [PATCH 2/5] uaccess: Add speculation barrier to copy_from_user_iter() To: Christophe Leroy Cc: Michael Ellerman , Nicholas Piggin , Naveen N Rao , Madhavan Srinivasan , Alexander Viro , Christian Brauner , Jan Kara , Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Darren Hart , Davidlohr Bueso , Andre Almeida , Andrew Morton , David Laight , Dave Hansen , linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 2053B100004 X-Stat-Signature: tuhnnfhggs33user5ftor57pphkc9693 X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1750778546-495644 X-HE-Meta: U2FsdGVkX19mhWTIDzgpsxrVjtjMYVH4xtwecxLATIMeBUJFMxOQNrbarqG+BeMNGTHiM6WLSyVxWf+VMk2r3MHfvk8lHup90GTWlurwpAf9pizzn9MWgrG4CuyCpMz/AvsFqIKJBPgTH3h9NpMxkVtwRUXl8rP+F9pWuIPc97UpaWgz/FIshBI4jLvx7nmAAdd0MXruo19YIFnqXxvtLgIktiPK7yLWzMe8OTnQyEhfD4nY4ElPd6uVjiwP6DxUoIOe6+uKOTrxSXTHbvKbFQqC/uVh0JU6eDhvxG7FXAVSjiW4iJKxkkfo6wi+DwU3pAHuGGauBmEZiG6cbMUvtp6ZoMizcPityXeLJvCj9z6nz7wTxOBhY9Ekx14sHC1ibCS6RHcfS7LFxZb1tE1ryjjJXgY09IsmUut/R9T3QV7ajwY94jMgBfI3s4WDzXJTgi+pbeAc4ATQRLndw1iI3lEKgRhJVJfFNztGOKrTO+jWlrW+N3OMrU/z6KY+ugn9CG3XAFo1j2CfKGq0At4Zd4mzRWlQwkIztimZEGyzZul9eahPQOZyFAK6Qm0GKn5L2n7GIs+O0eDyWR93xFY6D97xq/BOIbHrDKDmq8t7idINwQTJbf/zm319Lz6pTpDPE+DOqtdyt4d714gJXlej5TrutCKyk5c1bol5WdYtP3xOUok+qgpGHK/2ThzentA9R+mBUoeB3rRQQCRy1E6fFL9WIiFwNtLy+dtzJd9wTpwC8japUB7cJcUrLomTRh8Q0aRdWZMiuo1S6zpb/nU7Wj1f9RNnlU2GuO2KVMRPIuLH5/PH+Q/3TV5uJxYIUB70fshXK1+n/Yyu0tUvUGziYzGCGB22UsQDi9qmHzLuRUBTfCYOxAbl7ucE5EO5YIlqDqEzA0ZSRDuV5v0nuX50oHpx1+Ih3LGiI1XgSvux9PU6xM4Hs3lqPqPjLlIsSdJHHR3+CIN9Tjfalp47/hB 1sd3ob3o lYIHjHqTTYc97Lh6X+tqxM2P+ygHWOMTW32JsQrQvh9423RtiG7QKEpY4Jd2NB0YCNSrc4K74iN/BJI6hfxbh8QYrbXxV28npsLdE2zgecVhJ7/kklPWdi+lS+ackemOVjukX/50dSIrLKE4kCFDKqTfnRyT30oYbLVCJslo0vdP/cLJeKzlnILVnYhx51zN7KGQ0wMql0iXY/56l+Rf2KOe65lYyWPC2+mcpYN+T9wuajgr7LqUDFxbvH+flAsy7xUQ2vzjbmdlOn68JzWCMJN1iIikFoAhD4Vk7dQuIycnhUe6eNpm5nKOxN7KEX3Wt9Qu3xOJS6A1+M9ncG5+bxTbS4deyuYBZ+3ddvUHcBXLMGaD9l8o0c8LT7217fatGdwqzAakwW//LFZLLlxw/GvEFUCzuF0SBoV7kKoHd1i1OS+hJNzjsYysGp0GT+WpGPEC0kXVt8qCFHvKAcKwjSbvBuUWv9xLCf7YE3OoKYG90NEJL4ekU/WWgI9FDedkhuqlzPqZrszYD5CaGEvIROl3CRYr9qKnEgkvsv52YYd0J9SFa28D183sLxynXKI/sJsgMb0l8tdymjzCpIy5kthzpCsaQ5H/1dlYmPMaGpe/DE1BEf361ZSX70klvg3tsY3ZdaPSADglmUaD2tkVaEQVczXgPTLogIGb26OtMIT8WSoUX2OBx8tI1Eg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, 23 Jun 2025 at 22:49, Christophe Leroy wrote: > > > > > (Although I also suspect that when we added ITER_UBUF we might have > > created cases where those user addresses aren't checked at iter > > creation time any more). > > > > Let's take the follow path as an exemple: > > snd_pcm_ioctl(SNDRV_PCM_IOCTL_WRITEI_FRAMES) > snd_pcm_common_ioctl() > snd_pcm_xferi_frames_ioctl() > snd_pcm_lib_write() > __snd_pcm_lib_xfer() > default_write_copy() > copy_from_iter() > _copy_from_iter() > __copy_from_iter() > iterate_and_advance() > iterate_and_advance2() > iterate_iovec() > copy_from_user_iter() > > As far as I can see, none of those functions check the accessibility of > the iovec. Am I missing something ? So we still to do this checking at creation time (see import_iovec -> __import_iovec, and import_ubuf). In the path you give as an example, the check happens at that "do_transfer()" stage when it does err = import_ubuf(type, (__force void __user *)data, bytes, &iter); but yeah, it's very non-obvious (see __snd_pcm_lib_xfer(), which calls writer() which is either interleaved_copy() or noninterleaved_copy(), and then they do that do_transfer() thing which does that import_ubuf() thing. So *because* you were supposed to have checked your iov_iters beforehand, the actual iter code itself at some point just used __copy_to_user() directly with no checking at all. And that all was really *much* too subtle, and Al fixed this a few years ago (see commit 09fc68dc66f7: "iov_iter: saner checks on copyin/copyout") Linus