On Sat, May 30, 2020 at 08:19:40PM +0100, Al Viro wrote: > On Sat, May 30, 2020 at 11:52:44AM -0700, Linus Torvalds wrote: > > > And I don't understand why you mention set_fs() vs access_ok(). None > > of this code has anything that messes with set_fs(). The access_ok() > > is garbage and shouldn't exist, and those user accesses should all use > > the checking versions and the double underscores are wrong. > > > > I have no idea why you think the double underscores could _possibly_ > > be worth defending. > > I do not. What I'm saying is that this just might be a beast different > from *both* __... and the normal ones. I'm not saying that this > __put_user() (or __clear_user(), etc.) is the right primitive here. > If anything, it's closer to the situation for (x86) copy_stack_trace(). ... and no, I'm not saying that copy_stack_trace() should stay with __get_user() either. It feels like we are lacking primitives needed to express that cleanly and copy_stack_trace() currently cobbles something up out of what we have. Which works for arch-specific code, but yes, that kind of thing is brittle for arch-independent places like virt/kvm; I wonder if e.g. s390 is really OK there.
