On Thu, Apr 01, 2021 at 08:30:55AM +0200, Christoph Hellwig wrote:
> On Wed, Mar 31, 2021 at 01:56:00PM +0200, Thomas Bogendoerfer wrote:
> > +#define __get_user_nofault(dst, src, type, err_label) \
> > +do { \
> > + int __gu_err; \
> > + \
> > + __get_user_common(*((type *)(dst)), sizeof(type), \
> > + (__force type *)(src)); \
> > + if (unlikely(__gu_err)) \
> > + goto err_label; \
> > +} while (0)
> > +
> > +
> > +static inline int __get_addr(unsigned long *a, unsigned long *p, bool user)
> > +{
> > + if (user)
> > + __get_user_nofault(a, p, unsigned long, fault);
> > + else
> > + __get_kernel_nofault(a, p, unsigned long, fault);
> > +
> > + return 0;
> > +
> > +fault:
> > + return -EFAULT;
> > +}
>
> Why can't these use plain old get_user and get_kernel_nofault?
> You "optimize" away the access_ok / get_kernel_nofaul_allowed checks
> here, but now use totally non-standard and possibly dangerous APIs.
thanks, I was too deep into the macro wormhole... using standard API
makes this even look nicer. Posting v3 in a few minutes.
Thomas.
--
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea. [ RFC1925, 2.3 ]
