On Sun, 9 Feb 2025 12:40:32 -0800 Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Sun, 9 Feb 2025 at 11:48, David Laight <david.laight.linux@xxxxxxxxx> wrote: > > > > You almost need it to be 'void masked_user_access_begin(&uaddr)'. > > Maybe we just need to make it a two-stage thing, with > > if (!user_access_ok(uaddr, size)) > return -EFAULT; > user_read_access_begin(&uaddr); > unsafe_get_user(val1, &uaddr->one, Efault); > unsafe_get_user(val2, &uaddr->two, Efault); > user_read_access_end(); > ... all done .. > > Efault: > user_read_access_end(); > return -EFAULT; > > and that would actually simplify some things: right now we have > separate versions of the user address checking (for > read/write/either): user_read_access_begin() and friends. > > We still need those three versions, but now we'd only need them for > the simpler non-conditional case that doesn't have to bother about the > size. Except for the ppc? case which needs the size to open a bounded window. (I'm not sure how that handler r/w access.) So you either have to pass the size twice or come back to: if (!user_read_access_begin(&uaddr, size)) return -EFAULT; unsafe_get_user(...); David
