Re: [PATCH v2 13/18] uaccess: generalize access_ok()
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: David Laight <David.Laight@xxxxxxxxxx>
- Subject: Re: [PATCH v2 13/18] uaccess: generalize access_ok()
- From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
- Date: Fri, 18 Feb 2022 10:07:07 -0800
- Cc: Arnd Bergmann <arnd@xxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Christoph Hellwig <hch@xxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "viro@xxxxxxxxxxxxxxxxxx" <viro@xxxxxxxxxxxxxxxxxx>, "linux@xxxxxxxxxxxxxxx" <linux@xxxxxxxxxxxxxxx>, "will@xxxxxxxxxx" <will@xxxxxxxxxx>, "guoren@xxxxxxxxxx" <guoren@xxxxxxxxxx>, "bcain@xxxxxxxxxxxxxx" <bcain@xxxxxxxxxxxxxx>, "geert@xxxxxxxxxxxxxx" <geert@xxxxxxxxxxxxxx>, "monstr@xxxxxxxxx" <monstr@xxxxxxxxx>, "tsbogend@xxxxxxxxxxxxxxxx" <tsbogend@xxxxxxxxxxxxxxxx>, "nickhu@xxxxxxxxxxxxx" <nickhu@xxxxxxxxxxxxx>, "green.hu@xxxxxxxxx" <green.hu@xxxxxxxxx>, "dinguyen@xxxxxxxxxx" <dinguyen@xxxxxxxxxx>, "shorne@xxxxxxxxx" <shorne@xxxxxxxxx>, "deller@xxxxxx" <deller@xxxxxx>, "mpe@xxxxxxxxxxxxxx" <mpe@xxxxxxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "mark.rutland@xxxxxxx" <mark.rutland@xxxxxxx>, "hca@xxxxxxxxxxxxx" <hca@xxxxxxxxxxxxx>, "dalias@xxxxxxxx" <dalias@xxxxxxxx>, "davem@xxxxxxxxxxxxx" <davem@xxxxxxxxxxxxx>, "richard@xxxxxx" <richard@xxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "jcmvbkbc@xxxxxxxxx" <jcmvbkbc@xxxxxxxxx>, "ebiederm@xxxxxxxxxxxx" <ebiederm@xxxxxxxxxxxx>, "akpm@xxxxxxxxxxxxxxxxxxxx" <akpm@xxxxxxxxxxxxxxxxxxxx>, "ardb@xxxxxxxxxx" <ardb@xxxxxxxxxx>, "linux-alpha@xxxxxxxxxxxxxxx" <linux-alpha@xxxxxxxxxxxxxxx>, "linux-snps-arc@xxxxxxxxxxxxxxxxxxx" <linux-snps-arc@xxxxxxxxxxxxxxxxxxx>, "linux-csky@xxxxxxxxxxxxxxx" <linux-csky@xxxxxxxxxxxxxxx>, "linux-hexagon@xxxxxxxxxxxxxxx" <linux-hexagon@xxxxxxxxxxxxxxx>, "linux-ia64@xxxxxxxxxxxxxxx" <linux-ia64@xxxxxxxxxxxxxxx>, "linux-m68k@xxxxxxxxxxxxxxxxxxxx" <linux-m68k@xxxxxxxxxxxxxxx>, "linux-mips@xxxxxxxxxxxxxxx" <linux-mips@xxxxxxxxxxxxxxx>, "openrisc@xxxxxxxxxxxxxxxxxxxx" <openrisc@xxxxxxxxxxxxxxxxxxxx>, "linux-parisc@xxxxxxxxxxxxxxx" <linux-parisc@xxxxxxxxxxxxxxx>, "linuxppc-dev@xxxxxxxxxxxxxxxx" <linuxppc-dev@xxxxxxxxxxxxxxxx>, "linux-riscv@xxxxxxxxxxxxxxxxxxx" <linux-riscv@xxxxxxxxxxxxxxxxxxx>, "linux-s390@xxxxxxxxxxxxxxx" <linux-s390@xxxxxxxxxxxxxxx>, "linux-sh@xxxxxxxxxxxxxxx" <linux-sh@xxxxxxxxxxxxxxx>, "sparclinux@xxxxxxxxxxxxxxx" <sparclinux@xxxxxxxxxxxxxxx>, "linux-um@xxxxxxxxxxxxxxxxxxx" <linux-um@xxxxxxxxxxxxxxxxxxx>, "linux-xtensa@xxxxxxxxxxxxxxxx" <linux-xtensa@xxxxxxxxxxxxxxxx>
- In-reply-to: <93a1ee797e9d4f789dff85a3c0f0c232@AcuMS.aculab.com>
- References: <20220216131332.1489939-1-arnd@kernel.org> <20220216131332.1489939-14-arnd@kernel.org> <CALCETrVOvYPN4_6hS8wpm2v9bGZupZ5x4=vZAseG57OUgvLGfw@mail.gmail.com> <93a1ee797e9d4f789dff85a3c0f0c232@AcuMS.aculab.com>
On Fri, Feb 18, 2022 at 1:30 AM David Laight <David.Laight@xxxxxxxxxx> wrote:
>
> From: Andy Lutomirski
> > Sent: 17 February 2022 19:15
> ...
> > This isn't actually optimal. On x86, TASK_SIZE_MAX is a bizarre
> > constant that has a very specific value to work around a bug^Wdesign
> > error^Wfeature of Intel CPUs. TASK_SIZE_MAX is the maximum address at
> > which userspace is permitted to allocate memory, but there is a huge
> > gap between user and kernel addresses, and any value in the gap would
> > be adequate for the comparison. If we wanted to optimize this, simply
> > checking the high bit (which x86 can do without any immediate
> > constants at all) would be sufficient and, for an access known to fit
> > in 32 bits, one could get even fancier and completely ignore the size
> > of the access. (For accesses not known to fit in 32 bits, I suspect
> > some creativity could still come up with a construction that's
> > substantially faster than the one in your patch.)
> >
> > So there's plenty of room for optimization here.
> >
> > (This is not in any respect a NAK -- it's just an observation that
> > this could be even better.)
>
> For 64bit arch that use the top bit to separate user/kernel
> you can test '(addr | size) >> 62)'.
> The compiler optimises out constant sizes.
>
> This has all been mentioned a lot of times.
> You do get different fault types.
>
> OTOH an explicit check for constant size (less than something big)
> can use the cheaper test of the sign bit.
> Big constant sizes could be compile time errors.
The different fault type issue may well be a real problem. Right now
the core x86 fault code reserves the right to grouch if we get #GP
instead of #PF. We could change that.
[Index of Archives]
[Linux Kernel]
[Sparc Linux]
[DCCP]
[Linux ARM]
[Yosemite News]
[Linux SCSI]
[Linux x86_64]
[Linux for Ham Radio]
