On Sat, May 21, 2016 at 09:59:07PM -0700, Linus Torvalds wrote:
> We really should avoid the "__{get,put}_user()" functions entirely,
> because they can easily be mis-used and the original intent of being
> used for simple direct user accesses no longer holds in a post-SMAP/PAN
> world.
>
> Manually optimizing away the user access range check makes no sense any
> more, when the range check is generally much cheaper than the "enable
> user accesses" code that the __{get,put}_user() functions still need.
>
> So instead of __put_user(), use the unsafe_put_user() interface with
> user_access_{begin,end}() that really does generate better code these
> days, and which is generally a nicer interface. Under some loads, the
> multiple user writes that filldir() does are actually quite noticeable.
>
> This also makes the dirent name copy use unsafe_put_user() with a couple
> of macros. We do not want to make function calls with SMAP/PAN
> disabled, and the code this generates is quite good when the
> architecture uses "asm goto" for unsafe_put_user() like x86 does.
>
> Note that this doesn't bother with the legacy cases. Nobody should use
> them anyway, so performance doesn't really matter there.
>
> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Linus,
this patch causes all my sparc64 emulations to stall during boot. It causes
all alpha emulations to crash with [1a] and [1b] when booting from a virtual
disk, and one of the xtensa emulations to crash with [2].
Reverting this patch fixes the problem.
Guenter
---
[1a]
Unable to handle kernel paging request at virtual address 0000000000000004
rcS(47): Oops -1
pc = [<0000000000000004>] ra = [<fffffc00004512e4>] ps = 0000 Not tainted
pc is at 0x4
ra is at filldir64+0x64/0x320
v0 = 0000000000000000 t0 = 0000000000000000 t1 = 0000000120117e8b
t2 = 646e617275303253 t3 = 646e617275300000 t4 = 0000000000007fe8
t5 = 0000000120117e78 t6 = 0000000000000000 t7 = fffffc0007ec8000
s0 = fffffc0007dbca56 s1 = 000000000000000a s2 = 0000000000000020
s3 = fffffc0007ecbec8 s4 = 0000000000000008 s5 = 0000000000000021
s6 = 1cd2631fe897bf5a
a0 = fffffc0007dbca56 a1 = 2f2f2f2f2f2f2f2f a2 = 000000000000000a
a3 = 1cd2631fe897bf5a a4 = 0000000000000021 a5 = 0000000000000008
t8 = 0000000000000020 t9 = 0000000000000000 t10= fffffc0007dbca60
t11= 0000000000000001 pv = fffffc0000b9a810 at = 0000000000000001
gp = fffffc0000f03930 sp = (____ptrval____)
Disabling lock debugging due to kernel taint
Trace:
[<fffffc00004e7a08>] call_filldir+0xe8/0x1b0
[<fffffc00004e8684>] ext4_readdir+0x924/0xa70
[<fffffc0000ba3088>] _raw_spin_unlock+0x18/0x30
[<fffffc00003f751c>] __handle_mm_fault+0x9fc/0xc30
[<fffffc0000450c68>] iterate_dir+0x198/0x240
[<fffffc0000450b2c>] iterate_dir+0x5c/0x240
[<fffffc00004518b8>] ksys_getdents64+0xa8/0x160
[<fffffc0000451990>] sys_getdents64+0x20/0x40
[<fffffc0000451280>] filldir64+0x0/0x320
[<fffffc0000311634>] entSys+0xa4/0xc0
---
[1b]
Unable to handle kernel paging request at virtual address 0000000000000004
reboot(50): Oops -1
pc = [<0000000000000004>] ra = [<fffffc00004512e4>] ps = 0000 Tainted: G D
pc is at 0x4
ra is at filldir64+0x64/0x320
v0 = 0000000000000000 t0 = 0000000067736d6b t1 = 000000012011445b
t2 = 0000000000000000 t3 = 0000000000000000 t4 = 0000000000007ef8
t5 = 0000000120114448 t6 = 0000000000000000 t7 = fffffc0007eec000
s0 = fffffc000792b5c3 s1 = 0000000000000004 s2 = 0000000000000018
s3 = fffffc0007eefec8 s4 = 0000000000000008 s5 = 00000000f00000a3
s6 = 000000000000000b
a0 = fffffc000792b5c3 a1 = 2f2f2f2f2f2f2f2f a2 = 0000000000000004
a3 = 000000000000000b a4 = 00000000f00000a3 a5 = 0000000000000008
t8 = 0000000000000018 t9 = 0000000000000000 t10= 0000000022e1d02a
t11= 000000011f8fd3b8 pv = fffffc0000b9a810 at = 0000000022e1ccf8
gp = fffffc0000f03930 sp = (____ptrval____)
Trace:
[<fffffc00004ccba0>] proc_readdir_de+0x170/0x300
[<fffffc0000451280>] filldir64+0x0/0x320
[<fffffc00004c565c>] proc_root_readdir+0x3c/0x80
[<fffffc0000450c68>] iterate_dir+0x198/0x240
[<fffffc00004518b8>] ksys_getdents64+0xa8/0x160
[<fffffc0000451990>] sys_getdents64+0x20/0x40
[<fffffc0000451280>] filldir64+0x0/0x320
[<fffffc0000311634>] entSys+0xa4/0xc0
---
[2]
Unable to handle kernel paging request at virtual address 0000000000000004
reboot(50): Oops -1
pc = [<0000000000000004>] ra = [<fffffc00004512e4>] ps = 0000 Tainted: G D
pc is at 0x4
ra is at filldir64+0x64/0x320
v0 = 0000000000000000 t0 = 0000000067736d6b t1 = 000000012011445b
t2 = 0000000000000000 t3 = 0000000000000000 t4 = 0000000000007ef8
t5 = 0000000120114448 t6 = 0000000000000000 t7 = fffffc0007eec000
s0 = fffffc000792b5c3 s1 = 0000000000000004 s2 = 0000000000000018
s3 = fffffc0007eefec8 s4 = 0000000000000008 s5 = 00000000f00000a3
s6 = 000000000000000b
a0 = fffffc000792b5c3 a1 = 2f2f2f2f2f2f2f2f a2 = 0000000000000004
a3 = 000000000000000b a4 = 00000000f00000a3 a5 = 0000000000000008
t8 = 0000000000000018 t9 = 0000000000000000 t10= 0000000022e1d02a
t11= 000000011fd6f3b8 pv = fffffc0000b9a810 at = 0000000022e1ccf8
gp = fffffc0000f03930 sp = (____ptrval____)
Trace:
[<fffffc00004ccba0>] proc_readdir_de+0x170/0x300
[<fffffc0000451280>] filldir64+0x0/0x320
[<fffffc00004c565c>] proc_root_readdir+0x3c/0x80
[<fffffc0000450c68>] iterate_dir+0x198/0x240
[<fffffc00004518b8>] ksys_getdents64+0xa8/0x160
[<fffffc0000451990>] sys_getdents64+0x20/0x40
[<fffffc0000451280>] filldir64+0x0/0x320
[<fffffc0000311634>] entSys+0xa4/0xc0
Code:
00000000
00063301
000007a3
00001111
00003f64
Segmentation fault
