From nobody Thu Oct 2 13:03:28 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 06B5227713; Tue, 16 Sep 2025 16:33:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040393; cv=none; b=Gd5pQWTo6MJQ178dPxgJTs5HogTxSiFX2I4gMTef9oSMWY2rIGB3b5zyKZMydUCPgbaFocmteJ/YuZexwLrqr+fEQgwyuhW0jZe9Oi/+E0HwRpkPQHXjd5tWEjx7aLCzfujV/BLz69tcStA7s4w//Eh2LIxPhJDclEWCFsc2nd4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040393; c=relaxed/simple; bh=aNA0BOq5pZa4UZHJvNSqUe7oskOnYx6OhDY2Zyl56cA=; h=Message-ID:From:To:Cc:Subject:References:MIME-Version: Content-Type:Date; b=j2gpA86x5WjqJCcW+uPOaCnbtpLYz7IH+awEWJxKYD82suMlaWsr1jxZeWiIUOEIgpNKxIEhf9N+b+gIsi8a2ZM/ZinV98Sa1bkkcUzuFTtlYA4TFn+j5NgkyFTI22V0nkUncGQswh9k+11FaYxsIzHccAOF9GDjA3tgzngArss= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=aAZOwPKM; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=/H9ENHoj; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="aAZOwPKM"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="/H9ENHoj" Message-ID: <20250916163252.037251747@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1758040389; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=B/RhS9MNlGp3gsd3Y5Hcz+zwOUSn+KCGsE63faUFAJ8=; b=aAZOwPKMm4jwayUq+qDJ8DY/iZjvms9gmpOm+ct7FIi2qfXqO2u1fVe2YStaVUIzzWxt9d tA8sboL0MDk+yZHp4z5FYKjRwQm14cSPwYvVNV4cZphj4sO5MO0rxwwhUtwG1Phz3gxBVv ZFYIud/j3ahpmykVe1dpyXZxMl2FJfFxy+vZxH2rjLe5TRh7eOIG+/2awPBlH+L7wFaChL 7hkPOhd7tSFEHwu622HJyBogkgSDWOXM+pL+8jvnvMcKRpMhn+0FBL6Y3MD3dkRfqsYCHT hf5xIyg4gcU0iS+UN7J6WeLF49JHHSFv2JnDsP9mfoQGUXRdms1Z8nZzc2UXZw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1758040389; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=B/RhS9MNlGp3gsd3Y5Hcz+zwOUSn+KCGsE63faUFAJ8=; b=/H9ENHojbyZCig4RCbcZB0AcR5KYCv6FUU8ji5Q7CeEhYJ1EZB4nUb9K7XrWSI/58jOkZC GD2DBAPopu7XXHDA== From: Thomas Gleixner To: LKML Cc: Linus Torvalds , Peter Zijlstra , kernel test robot , Russell King , linux-arm-kernel@lists.infradead.org, Nathan Chancellor , Christophe Leroy , Darren Hart , Davidlohr Bueso , =?UTF-8?q?Andr=C3=A9=20Almeida?= , x86@kernel.org, Alexander Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org Subject: [patch V2 1/6] ARM: uaccess: Implement missing __get_user_asm_dword() References: <20250916163004.674341701@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Date: Tue, 16 Sep 2025 18:33:09 +0200 (CEST) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When CONFIG_CPU_SPECTRE=3Dn then get_user() is missing the 8 byte ASM varia= nt for no real good reason. This prevents using get_user(u64) in generic code. Implement it as a sequence of two 4-byte reads with LE/BE awareness. Reported-by: kernel test robot Signed-off-by: Thomas Gleixner Cc: Russell King Cc: linux-arm-kernel@lists.infradead.org Closes: https://lore.kernel.org/oe-kbuild-all/202509120155.pFgwfeUD-lkp@int= el.com/ --- V2: New patch to fix the 0-day fallout --- arch/arm/include/asm/uaccess.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -295,6 +295,7 @@ do { \ case 1: __get_user_asm_byte(__gu_val, __gu_addr, err, __t); break; \ case 2: __get_user_asm_half(__gu_val, __gu_addr, err, __t); break; \ case 4: __get_user_asm_word(__gu_val, __gu_addr, err, __t); break; \ + case 8: __get_user_asm_dword(__gu_val, __gu_addr, err, __t); break; \ default: (__gu_val) =3D __get_user_bad(); \ } \ uaccess_restore(__ua_flags); \ @@ -353,6 +354,22 @@ do { \ #define __get_user_asm_word(x, addr, err, __t) \ __get_user_asm(x, addr, err, "ldr" __t) =20 +#ifdef __ARMEB__ +#define __WORD0_OFFS 4 +#define __WORD1_OFFS 0 +#else +#define __WORD0_OFFS 0 +#define __WORD1_OFFS 4 +#endif + +#define __get_user_asm_dword(x, addr, err, __t) \ + ({ \ + unsigned long __w0, __w1; \ + __get_user_asm(__w0, addr + __WORD0_OFFS, err, "ldr" __t); \ + __get_user_asm(__w1, addr + __WORD1_OFFS, err, "ldr" __t); \ + (x) =3D ((u64)__w1 << 32) | (u64) __w0; \ +}) + #define __put_user_switch(x, ptr, __err, __fn) \ do { \ const __typeof__(*(ptr)) __user *__pu_ptr =3D (ptr); \ From nobody Thu Oct 2 13:03:28 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B932730FC31; Tue, 16 Sep 2025 16:33:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040396; cv=none; b=RP5Sz9dTWcNlSPwFOU4eHeWJVlhtKCZQcY+9nmVZ0gGy9wzTU77oLwF6gtmqKFnKN+SWYO9bzgRwjn2rPuEpQ3b4TUbAfHDUFNftI6DDkCHNMVUYDV5Y2nVvdolq2dp8qpjekj5mMpPodmxCMDoSvLajw2jbC/cLzL0lu8Bpz2w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040396; c=relaxed/simple; bh=LmP1t1NEliIYRE1NqprRXU4f2LEUc9PuYT11S4SHt7g=; h=Message-ID:From:To:Cc:Subject:References:MIME-Version: Content-Type:Date; b=oU5QQQ+6eYrv/t8rihe4Igujf0zFaaz/z035m+OaTqdDtiNt29cT/BoIfAZi3bi1MbUfaEGjCoTptpEnWuQMWnzTwr9IevSjI3oa4hW+kqF6A4ZN8DfrLYdhAwcTiYZtlISVAvgTxovKyeipDG2j4/2mM3hdakMdDOxuATdtSMo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=tMTiXy8m; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=2X5FfAfx; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="tMTiXy8m"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="2X5FfAfx" Message-ID: <20250916163252.100835216@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1758040391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=buXtarGTm5jtJPETYvya0klPdCPo5lg6x42RHvHcKok=; b=tMTiXy8mUOfJCFDjOKCgDFF1NRDxySWAX2O8TLSvs30T9S1E2AiTsQVgh458xzHMSqXC+2 1kcDX0vVYCkmHTAnaz0FZEsRLQAAvYHzKDLzisOvelP0eqKwFI6cc4j+0qctuul9fH7MjB 7wIpQIG4gAC6OzloTYfH8zv2oLDUVnHsmZuwknO78ukUXHESIfyJ7Ol0y+74ie0REODCVS J7WwfoNfO3O6ow0DP1vSfLqvfBAxhU8IVWtU3vBeuW07mt/gQmZw61yF3qXI8YHcyvsOIp 13UYm6KCKQuy+rUfIT3REKlA5bOgbNNXmZZLG4ix/OlbvfXQOuxavMGPHieSdQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1758040391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=buXtarGTm5jtJPETYvya0klPdCPo5lg6x42RHvHcKok=; b=2X5FfAfxhvDIRItdbY0APY7iqOVIg/EJmgLkNdRtkF+wSl4K88PZjRMj9VVKNrzby18DHX Rzngsjl5TGRcEHBQ== From: Thomas Gleixner To: LKML Cc: Linus Torvalds , Peter Zijlstra , Nathan Chancellor , kernel test robot , Russell King , linux-arm-kernel@lists.infradead.org, Christophe Leroy , Darren Hart , Davidlohr Bueso , =?UTF-8?q?Andr=C3=A9=20Almeida?= , x86@kernel.org, Alexander Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org Subject: [patch V2 2/6] kbuild: Disable asm goto on clang < 17 References: <20250916163004.674341701@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Date: Tue, 16 Sep 2025 18:33:11 +0200 (CEST) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" clang < 17 fails to use scope local labels with asm goto: { __label__ local_lbl; ... unsafe_get_user(uval, uaddr, local_lbl); ... return 0; local_lbl: return -EFAULT; } when two such scopes exist in the same function: error: cannot jump from this asm goto statement to one of its possible ta= rgets That prevents using local labels for a cleanup based user access mechanism. As there is no way to provide a simple test case for the 'depends on' test in Kconfig, mark ASM goto broken on clang versions < 17 to get this road block out of the way. Signed-off-by: Thomas Gleixner Cc: Nathan Chancellor --- V2: New patch --- init/Kconfig | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/init/Kconfig +++ b/init/Kconfig @@ -96,9 +96,14 @@ config GCC_ASM_GOTO_OUTPUT_BROKEN default y if GCC_VERSION >=3D 120000 && GCC_VERSION < 120400 default y if GCC_VERSION >=3D 130000 && GCC_VERSION < 130300 =20 +config CLANG_ASM_GOTO_OUTPUT_BROKEN + bool + depends on CC_IS_CLANG + default y if CLANG_VERSION < 170000 + config CC_HAS_ASM_GOTO_OUTPUT def_bool y - depends on !GCC_ASM_GOTO_OUTPUT_BROKEN + depends on !GCC_ASM_GOTO_OUTPUT_BROKEN && !CLANG_ASM_GOTO_OUTPUT_BROKEN depends on $(success,echo 'int foo(int x) { asm goto ("": "=3Dr"(x) ::: b= ar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null) =20 config CC_HAS_ASM_GOTO_TIED_OUTPUT From nobody Thu Oct 2 13:03:28 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5D923469F6; Tue, 16 Sep 2025 16:33:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040397; cv=none; b=tDkK+CPvyMMgOPpSc7qiq2MyVMg+ugVNB0H34Um+hLDRTEHNopQIzaBSXben6haPguXD/WW388pZCLjAS+uJrVY2ddVPW5iPtolg8/FqlV9xI1WN3SdBzcpnj677UFPx+KAiawQQNj1DBTL3XRtgbLolvp4c33r7A6F9iRJ2EJY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040397; c=relaxed/simple; bh=/wayF/ykjt3o2/TfwFdRNrfa6lQV/ms4kUq0GZMusQo=; h=Message-ID:From:To:Cc:Subject:References:MIME-Version: Content-Type:Date; b=mk+Os+eF7TsTognwp/gpAFrBBlQIUSijPidzCr4XRVJEQW8GPFvvJW/6S3AwO0q/b9iGcKhn3gLJx/lw5hapCAJ7KXFvImI9XjQmvVYT9Zs7IftA3+0a06hx/mzBgu8qDgSt9HeV/2efTOsoKsMQJtrXVa8DhtFLlQg7LouSyts= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=L0Z/lwtG; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=f1EJzrU9; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="L0Z/lwtG"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="f1EJzrU9" Message-ID: <20250916163252.164475057@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1758040393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=ib+tYvB6+raN75IBUSlEV2Q6chmKOOXAleDMdfewJ7k=; b=L0Z/lwtGPk9Sgdt1ZYlxMINPo7dV83sl/4KOmCNUKFnOp8/6rpB/AF2j6b3HxDvIZ/drww pZn3nnBgf0AJwf2Bx/4rkB3T+ramZxTEO+ybShnv9ruhIOlaD+GDCpEmVZwLF84QG087vw 1gvdVKAZRqf+Mu1XVEw275JvQewA3ldn/uBitiVMO1FpjY0eEr05vanETrpGJ5008wifTh 3Chl3wMmSbFbCwHkbeRqrdu0tRAV80NW6bHlkwhJiKPj1EK5nUB490aeksetB2s1OTIkeQ lIwSFGzHnXv8x0FAPzcF+zrecYNa0vLk+i4/LhPOjhfojTl3iBKUfTqlR3XT/w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1758040393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=ib+tYvB6+raN75IBUSlEV2Q6chmKOOXAleDMdfewJ7k=; b=f1EJzrU944K2BVtYrVkMXmBt5BXNx/99RSi+rW/mpOel4RkYY/i6thuBmiuuuf+Gsor2CC CoY9EhUuPQA7pxBQ== From: Thomas Gleixner To: LKML Cc: Linus Torvalds , Peter Zijlstra , Christophe Leroy , kernel test robot , Russell King , linux-arm-kernel@lists.infradead.org, Nathan Chancellor , Darren Hart , Davidlohr Bueso , =?UTF-8?q?Andr=C3=A9=20Almeida?= , x86@kernel.org, Alexander Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org Subject: [patch V2 3/6] uaccess: Provide scoped masked user access regions References: <20250916163004.674341701@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Date: Tue, 16 Sep 2025 18:33:13 +0200 (CEST) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" User space access regions are tedious and require similar code patterns all over the place: if (!user_read_access_begin(from, sizeof(*from))) return -EFAULT; unsafe_get_user(val, from, Efault); user_read_access_end(); return 0; Efault: user_read_access_end(); return -EFAULT; This got worse with the recend addition of masked user access, which optimizes the speculation prevention: if (can_do_masked_user_access()) from =3D masked_user_read_access_begin((from)); else if (!user_read_access_begin(from, sizeof(*from))) return -EFAULT; unsafe_get_user(val, from, Efault); user_read_access_end(); return 0; Efault: user_read_access_end(); return -EFAULT; There have been issues with using the wrong user_*_access_end() variant in the error path and other typical Copy&Pasta problems, e.g. using the wrong fault label in the user accessor which ends up using the wrong accesss end variant.=20 These patterns beg for scopes with automatic cleanup. The resulting outcome is: scoped_masked_user_read_access(from, return -EFAULT, scoped_get_user(val, from); ); return 0; The scope guarantees the proper cleanup for the access mode is invoked both in the success and the failure (fault) path The fault label is scope local and always 'scope_fault:', which prevents mixing up fault labels between scopes. It is marked __maybe_unused so that user access, which does not use a fault label and modifies a result variable in the exception handler, does not cause a defined but unused warning. Signed-off-by: Thomas Gleixner Cc: Christophe Leroy --- V2: Remove the shady wrappers around the opening and use scopes with automa= tic cleanup --- include/linux/uaccess.h | 151 +++++++++++++++++++++++++++++++++++++++++++= +++++ 1 file changed, 151 insertions(+) --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -2,6 +2,7 @@ #ifndef __LINUX_UACCESS_H__ #define __LINUX_UACCESS_H__ =20 +#include #include #include #include @@ -35,9 +36,17 @@ =20 #ifdef masked_user_access_begin #define can_do_masked_user_access() 1 +# ifndef masked_user_write_access_begin +# define masked_user_write_access_begin masked_user_access_begin +# endif +# ifndef masked_user_read_access_begin +# define masked_user_read_access_begin masked_user_access_begin +#endif #else #define can_do_masked_user_access() 0 #define masked_user_access_begin(src) NULL + #define masked_user_read_access_begin(src) NULL + #define masked_user_write_access_begin(src) NULL #define mask_user_address(src) (src) #endif =20 @@ -569,6 +578,148 @@ static inline void user_access_restore(u #define user_read_access_end user_access_end #endif =20 +/* Define RW variant so the below _mode macro expansion works */ +#define masked_user_rw_access_begin(u) masked_user_access_begin(u) +#define user_rw_access_begin(u, s) user_access_begin(u, s) +#define user_rw_access_end() user_access_end() + +/* Scoped user access */ +#define USER_ACCESS_GUARD(_mode) \ +static __always_inline void __user * \ +class_masked_user_##_mode##_begin(void __user *ptr) \ +{ \ + return ptr; \ +} \ + \ +static __always_inline void \ +class_masked_user_##_mode##_end(void __user *ptr) \ +{ \ + user_##_mode##_access_end(); \ +} \ + \ +DEFINE_CLASS(masked_user_ ##_mode## _access, void __user *, \ + class_masked_user_##_mode##_end(_T), \ + class_masked_user_##_mode##_begin(ptr), void __user *ptr) \ + \ +static __always_inline class_masked_user_##_mode##_access_t \ +class_masked_user_##_mode##_access_ptr(void __user *scope) \ +{ \ + return scope; \ +} \ + +USER_ACCESS_GUARD(read) +USER_ACCESS_GUARD(write) +USER_ACCESS_GUARD(rw) +#undef USER_ACCESS_GUARD + +/** + * __scoped_masked_user_access - Open a scope for masked user access + * @_mode: The mode of the access class (read, write, rw) + * @_uptr: The pointer to access user space memory + * @_ecode: Code to inject for the failure case + * @_code: The code to inject inside the scope + * + * When the scope is left user_##@_mode##_access_end() is invoked, if the + * corresponding user_##@_mode##_masked_begin() succeeded. + * + * The user access function inside the scope must use a fault label, which + * is inside the scope. __scoped_masked_user_access() provides a default + * label @scope_label, which is placed right before @_ecode. This label is + * scope local, so multiple masked user scopes can be in one function. + * + * The user access helpers scoped_put_user() and scoped_get_user() use + * @scope_label automatically. + * + * A single line statement in the scope:: + * + * scoped_masked_user_read_access(ptr, return false, + * scoped_get_user(val, ptr);); + * + * Multi-line statement:: + * + * scoped_masked_user_rw_access(ptr, return false, { + * scoped_get_user(rval, &ptr->rval); + * scoped_put_user(wval, &ptr->wval); + * }); + */ +#define __scoped_masked_user_access(_mode, _uptr, _ecode, _code) \ +do { \ + unsigned long size =3D sizeof(*(_uptr)); \ + typeof((_uptr)) _tmpptr =3D (_uptr); \ + bool proceed =3D true; \ + \ + /* \ + * Must be outside the CLASS scope below to handle the fail \ + * of the non-masked access_begin() case correctly. \ + */ \ + if (can_do_masked_user_access()) \ + _tmpptr =3D masked_user_##_mode##_access_begin((_uptr)); \ + else \ + proceed =3D user_##_mode##_access_begin((_uptr), size); \ + \ + if (!proceed) { \ + _ecode; \ + } else { \ + __label__ scope_fault; \ + CLASS(masked_user_##_mode##_access, scope) (_tmpptr); \ + /* Force modified pointer usage in @_code */ \ + const typeof((_uptr)) _uptr =3D _tmpptr; \ + \ + _code; \ + if (0) { \ + scope_fault: \ + __maybe_unused; \ + _ecode; \ + } \ + } \ +} while (0) + +/** + * scoped_masked_user_read_access - Start a scoped __user_masked_read_acce= ss() + * @_usrc: Pointer to the user space address to read from + * @_ecode: Code to inject for the failure case + * + * For further information see __scoped_masked_user_access() above. + */ +#define scoped_masked_user_read_access(_usrc, _ecode, _code) \ + __scoped_masked_user_access(read, (_usrc), _ecode, ({_code})) + +/** + * scoped_masked_user_write_access - Start a scoped __user_masked_write_ac= cess() + * @_udst: Pointer to the user space address to write to + * @_ecode: Code to inject for the failure case + * + * For further information see __scoped_masked_user_access() above. + */ +#define scoped_masked_user_write_access(_udst, _ecode, _code) \ + __scoped_masked_user_access(write, (_udst), _ecode, ({_code})) + +/** + * scoped_masked_user_rw_access - Start a scoped __user_masked_rw_access() + * @_uptr Pointer to the user space address to read from and write to + * @_ecode: Code to inject for the failure case + * + * For further information see __scoped_masked_user_access() above. + */ +#define scoped_masked_user_rw_access(_uptr, _ecode, _code) \ + __scoped_masked_user_access(rw, (_uptr), _ecode, ({_code})) + +/** + * scoped_get_user - Read user memory from within a scoped masked access s= ection + * @_dst: The destination variable to store the read value + * @_usrc: Pointer to the user space address to read from + */ +#define scoped_get_user(_dst, _usrc) \ + unsafe_get_user((_dst), (_usrc), scope_fault) + +/** + * scoped_put_user - Write user memory from within a scoped masked access = section + * @_val: Value to write + * @_udst: Pointer to the user space address to write to + */ +#define scoped_put_user(_val, _udst) \ + unsafe_put_user((_val), (_udst), scope_fault) + #ifdef CONFIG_HARDENED_USERCOPY void __noreturn usercopy_abort(const char *name, const char *detail, bool to_user, unsigned long offset, From nobody Thu Oct 2 13:03:28 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E25A393DF9; Tue, 16 Sep 2025 16:33:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040400; cv=none; b=JWkAVQFURLYpCLp8VpXGI2zKyJlZJ3oOol2M8iBcB8VZV8wsI9oBN5p5KJG3Mnz83sb8vTSswMJ8Wd6gF66rwCYJB3Qeg54pZpBja3KFDNcxCguGDp+TDBYeMkOnkWJeubE7unF3qnGzH9FU/UAyvDz0AMSxLvmJeCPOFxzLtec= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040400; c=relaxed/simple; bh=By+6DyNxWx7g1a1/0Lmb8zlNPO1Lu9Z3J3mXom09XE4=; h=Message-ID:From:To:Cc:Subject:References:MIME-Version: Content-Type:Date; b=p7ZaDP+Atkoms0daSwpEmCOCy0bCT8UxZax6tDN8A6H/vLogA+/OJp8L2491rVF5yiwby93F8xHn58YfoCyaLWN4lKPpvav9ymoq3qkSDLj/KLVS4v7i/eG8ERLJc0qxLPX5BTXAELOWhmHtN4smP47mVfESLapH16J8KLqOMH8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=yyzLGVu/; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=9GyDKdnj; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="yyzLGVu/"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="9GyDKdnj" Message-ID: <20250916163252.227660125@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1758040395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=KxCoyZ/tM4V5cgHJsb0XJboqFn+/1+M5A9xLVrNQox0=; b=yyzLGVu/ABVBavv4AsytaQMxKIbr+AZPJaqBpVX9jTg7rBhW2P8Ob/yOOhgtFvi47gf5oe Sm/hgmy1LtJbYcnJatHSo2nifHh5YzyrJuvrGgFg+YRY099DxREKmHP2lNEQt3gSgvXhO9 FZXewu40o2mFTUDGRQEkaf+GZxYQbpBQJP0C/DPRJ3dn780vvHqjt9IkcwzKcMKlbIOh1h MFynsHg1iaGBfd37RGlFCgbCq7yP4xnzsD5vikVSD4lmda1+eJ0UN/KQYE+3AZDU0++hG3 rQK/184E5q6BflBIYUE881Uw8p4yGoe3JBFAOUTijn3684OcWY4pC1YSV6lnsg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1758040395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=KxCoyZ/tM4V5cgHJsb0XJboqFn+/1+M5A9xLVrNQox0=; b=9GyDKdnjHMYAG3ZLmNN2MzA1nbMshj2uBjzc0VA3S8FnFUJ7/BtFY6a9OLVNNtbnfmlflj b4MWhuriSCAu9DDA== From: Thomas Gleixner To: LKML Cc: Linus Torvalds , Peter Zijlstra , Darren Hart , Davidlohr Bueso , =?UTF-8?q?Andr=C3=A9=20Almeida?= , kernel test robot , Russell King , linux-arm-kernel@lists.infradead.org, Nathan Chancellor , Christophe Leroy , x86@kernel.org, Alexander Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org Subject: [patch V2 4/6] futex: Convert to scoped masked user access References: <20250916163004.674341701@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Date: Tue, 16 Sep 2025 18:33:15 +0200 (CEST) Content-Transfer-Encoding: quoted-printable From: Thomas Gleixner Replace the open coded implementation with the scoped masked user access mechanism. No functional change intended Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Darren Hart Cc: Davidlohr Bueso Cc: "Andr=C3=A9 Almeida" --- V2: Convert to scoped variant --- kernel/futex/futex.h | 37 ++++--------------------------------- 1 file changed, 4 insertions(+), 33 deletions(-) --- --- a/kernel/futex/futex.h +++ b/kernel/futex/futex.h @@ -285,48 +285,19 @@ static inline int futex_cmpxchg_value_lo * This does a plain atomic user space read, and the user pointer has * already been verified earlier by get_futex_key() to be both aligned * and actually in user space, just like futex_atomic_cmpxchg_inatomic(). - * - * We still want to avoid any speculation, and while __get_user() is - * the traditional model for this, it's actually slower than doing - * this manually these days. - * - * We could just have a per-architecture special function for it, - * the same way we do futex_atomic_cmpxchg_inatomic(), but rather - * than force everybody to do that, write it out long-hand using - * the low-level user-access infrastructure. - * - * This looks a bit overkill, but generally just results in a couple - * of instructions. */ static __always_inline int futex_get_value(u32 *dest, u32 __user *from) { - u32 val; - - if (can_do_masked_user_access()) - from =3D masked_user_access_begin(from); - else if (!user_read_access_begin(from, sizeof(*from))) - return -EFAULT; - unsafe_get_user(val, from, Efault); - user_read_access_end(); - *dest =3D val; + scoped_masked_user_read_access(from, return -EFAULT, + scoped_get_user(*dest, from); ); return 0; -Efault: - user_read_access_end(); - return -EFAULT; } =20 static __always_inline int futex_put_value(u32 val, u32 __user *to) { - if (can_do_masked_user_access()) - to =3D masked_user_access_begin(to); - else if (!user_write_access_begin(to, sizeof(*to))) - return -EFAULT; - unsafe_put_user(val, to, Efault); - user_write_access_end(); + scoped_masked_user_write_access(to, return -EFAULT, + scoped_put_user(val, to); ); return 0; -Efault: - user_write_access_end(); - return -EFAULT; } =20 static inline int futex_get_value_locked(u32 *dest, u32 __user *from) From nobody Thu Oct 2 13:03:28 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C7EF21D58B; Tue, 16 Sep 2025 16:33:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040404; cv=none; b=Oqj8Wvd52CaNyh0bTmZF1ne13He1g0syIc26bM42hV1fezTYpFu/vlpCbYdF3XCK7T9AOUE6eZhQMSTjtXhvig5JSaky598mB5e71BxUZQCq5rMqRAVpYjBm+T6MykUxYdGPoMWFN+YLW1CglidgV+mVQ05T4odD9h5zfRHv8z0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040404; c=relaxed/simple; bh=DYq2lXp98iL86huuVJGCtWOvblonl+oOJShJAfJDPJA=; h=Message-ID:From:To:Cc:Subject:References:MIME-Version: Content-Type:Date; b=Ur6JmNTR7X3d3Q/KORWsba7ILdHooTDbxQQX11Z1VGYXhjk8GI2yUZfZrdlaCLRjO2+zvSECCfEWE6xUmWphmTFjpHpflNjF4YEBayJQsldtqEt+CebzXoCo0bw53tANq5TXcvmlJWeg081C39MVVuWGTIxZD+0FmMsMl/nZR3M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=QqI77ncK; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=QJWEH9EO; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="QqI77ncK"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="QJWEH9EO" Message-ID: <20250916163252.290994801@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1758040397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=BmldD4A75BIJBF70pMggmackAjgs9KxvyTJlUqaikXQ=; b=QqI77ncKlEa6nB4I7sYOMDLEumijaVNglOlcMDNn1CMbhZHR0DuknAl6GECIu4yjb0g5dQ zHujwHWJZAXfYX515CXgxsR5I6amJZaRLi96MRgw7Xk3VA6P4QJdBFVN9BJcOd01IS73qp ePeKSm7d2MTSOAJ9CWxmJFgr2ArN+7ULtoBsBe5qaZSkAjss0ImuLTBHsMVIq8LOLSWG5Y 69OpWDnQirfnM7HxgVFz2qsfW+oFVncr+d4J1zwdl5zQuhQwv2xoat4x2ncPasKEBWHduu l7vilSoxDEFhca/blMbRzCljO7LiUol9D3PiCtGZGe3BMATM7my+qfPnxpiQkw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1758040397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=BmldD4A75BIJBF70pMggmackAjgs9KxvyTJlUqaikXQ=; b=QJWEH9EOQbeyB3lz6nAN0qgvWiaE9w4s2qFhRBPAT5xIHc/ZWjWp6uRNQxioA+QCnNj/5N z504OvajCpPXBYAA== From: Thomas Gleixner To: LKML Cc: Linus Torvalds , Peter Zijlstra , x86@kernel.org, kernel test robot , Russell King , linux-arm-kernel@lists.infradead.org, Nathan Chancellor , Christophe Leroy , Darren Hart , Davidlohr Bueso , =?UTF-8?q?Andr=C3=A9=20Almeida?= , Alexander Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org Subject: [patch V2 5/6] x86/futex: Convert to scoped masked user access References: <20250916163004.674341701@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Date: Tue, 16 Sep 2025 18:33:16 +0200 (CEST) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Replace the open coded implementation with the scoped masked user access mechanism. No functional change intended. Signed-off-by: Thomas Gleixner Cc: x86@kernel.org --- V2: Convert to scoped masked access Use RW access functions - Christophe --- arch/x86/include/asm/futex.h | 76 ++++++++++++++++++--------------------= ----- 1 file changed, 32 insertions(+), 44 deletions(-) --- --- a/arch/x86/include/asm/futex.h +++ b/arch/x86/include/asm/futex.h @@ -48,37 +48,29 @@ do { \ static __always_inline int arch_futex_atomic_op_inuser(int op, int oparg, = int *oval, u32 __user *uaddr) { - if (can_do_masked_user_access()) - uaddr =3D masked_user_access_begin(uaddr); - else if (!user_access_begin(uaddr, sizeof(u32))) - return -EFAULT; - - switch (op) { - case FUTEX_OP_SET: - unsafe_atomic_op1("xchgl %0, %2", oval, uaddr, oparg, Efault); - break; - case FUTEX_OP_ADD: - unsafe_atomic_op1(LOCK_PREFIX "xaddl %0, %2", oval, - uaddr, oparg, Efault); - break; - case FUTEX_OP_OR: - unsafe_atomic_op2("orl %4, %3", oval, uaddr, oparg, Efault); - break; - case FUTEX_OP_ANDN: - unsafe_atomic_op2("andl %4, %3", oval, uaddr, ~oparg, Efault); - break; - case FUTEX_OP_XOR: - unsafe_atomic_op2("xorl %4, %3", oval, uaddr, oparg, Efault); - break; - default: - user_access_end(); - return -ENOSYS; - } - user_access_end(); + scoped_masked_user_rw_access(uaddr, return -EFAULT, { + switch (op) { + case FUTEX_OP_SET: + unsafe_atomic_op1("xchgl %0, %2", oval, uaddr, oparg, scope_fault); + break; + case FUTEX_OP_ADD: + unsafe_atomic_op1(LOCK_PREFIX "xaddl %0, %2", oval, + uaddr, oparg, scope_fault); + break; + case FUTEX_OP_OR: + unsafe_atomic_op2("orl %4, %3", oval, uaddr, oparg, scope_fault); + break; + case FUTEX_OP_ANDN: + unsafe_atomic_op2("andl %4, %3", oval, uaddr, ~oparg, scope_fault); + break; + case FUTEX_OP_XOR: + unsafe_atomic_op2("xorl %4, %3", oval, uaddr, oparg, scope_fault); + break; + default: + return -ENOSYS; + } + }); return 0; -Efault: - user_access_end(); - return -EFAULT; } =20 static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uad= dr, @@ -86,20 +78,16 @@ static inline int futex_atomic_cmpxchg_i { int ret =3D 0; =20 - if (can_do_masked_user_access()) - uaddr =3D masked_user_access_begin(uaddr); - else if (!user_access_begin(uaddr, sizeof(u32))) - return -EFAULT; - asm volatile("\n" - "1:\t" LOCK_PREFIX "cmpxchgl %3, %2\n" - "2:\n" - _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG, %0) \ - : "+r" (ret), "=3Da" (oldval), "+m" (*uaddr) - : "r" (newval), "1" (oldval) - : "memory" - ); - user_access_end(); - *uval =3D oldval; + scoped_masked_user_rw_access(uaddr, return -EFAULT, { + asm volatile("\n" + "1:\t" LOCK_PREFIX "cmpxchgl %3, %2\n" + "2:\n" + _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG, %0) \ + : "+r" (ret), "=3Da" (oldval), "+m" (*uaddr) + : "r" (newval), "1" (oldval) + : "memory"); + *uval =3D oldval; + }); return ret; } From nobody Thu Oct 2 13:03:28 2025 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C1462F2612; Tue, 16 Sep 2025 16:33:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040405; cv=none; b=mM8d2QFtG6N6anE9dvCdyeDQv37/GACKuityKo6vxPQhSEesaAWBCOxkoF+Md4o1RgeEnwrAf/cGqpqTNvE2QXgLj7VSKgWl6efkt7u/MWrI7/09jYWAfXhGb8pUL8pcFY2iX+35pkV4qNmLOwwv45V8ExkfqblVlij2wOiEDHU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758040405; c=relaxed/simple; bh=/E1ackxbc77ZJbDwQp8PQvOGdLQElttCXc0w52nzIRA=; h=Message-ID:From:To:Cc:Subject:References:MIME-Version: Content-Type:Date; b=Ya5fjsvy/tBU5BLRG3MCOJKSiAI8TSuxHrqN9eujuxxTI4elZf5bPlA5bZgyhGKb9PjNxf3vOObcwXw1MZeg/nGCdmSLXLOb1kI6kogmeNwjiM47mhyq5Yab7WzXvsDolmjA5lwhByO8Qmy5/TI22TZIzEGZznuodABFWUn6Zks= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=DrvgrNFT; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=DyLDMbzc; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="DrvgrNFT"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="DyLDMbzc" Message-ID: <20250916163252.354989948@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1758040400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=W1zu4x4fa5rvVrKhE+/ECo02MeVuSwO/q/d1on1UR7Q=; b=DrvgrNFTGKmj1+43NZd+59JIHNOiW1+82xk29dQVGLRESoUBR427aucz0yd06GAO3ZXTsJ eU1LF2RodVVnrqxgxb+ojC6o0Spr5OQPrmUX81VtyKrcjbcu3MvDyY6CET6AU1FiRnOjGQ gggVYH+wPfA6u4HcUJwelw7Nho73XXrTRQfLwWrdu8ySB6rlCfhk/3xQzq6qfedP2AmJqk qm6MzFyTfWdB9+/4pGAeP9hN5siip8u1dFcMwnFE3hWsK60oZLHpsB3xZzMr48q/Q3/mRm Cgdk0L33jkVzqfhm2CqTT8ELZcXFn8JmWRYqwzIBMiQJJKPIgCwiNsdavmz7Rw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1758040400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=W1zu4x4fa5rvVrKhE+/ECo02MeVuSwO/q/d1on1UR7Q=; b=DyLDMbzcLtTlwrEoG8vlXwT6jPbP+53jHDPa6qdnCJa8xkn/9bwrAuXgUVftBZAoFY0j+B f4sxKunptF6qF8BA== From: Thomas Gleixner To: LKML Cc: Linus Torvalds , Peter Zijlstra , Alexander Viro , Christian Brauner , Jan Kara , linux-fsdevel@vger.kernel.org, kernel test robot , Russell King , linux-arm-kernel@lists.infradead.org, Nathan Chancellor , Christophe Leroy , Darren Hart , Davidlohr Bueso , =?UTF-8?q?Andr=C3=A9=20Almeida?= , x86@kernel.org Subject: [patch V2 6/6] select: Convert to scoped masked user access References: <20250916163004.674341701@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Date: Tue, 16 Sep 2025 18:33:19 +0200 (CEST) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner Replace the open coded implementation with the scoped masked user access mechanism. No functional change intended. Signed-off-by: Thomas Gleixner Cc: Alexander Viro Cc: Christian Brauner Cc: Jan Kara Cc: linux-fsdevel@vger.kernel.org --- fs/select.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) --- --- a/fs/select.c +++ b/fs/select.c @@ -776,18 +776,12 @@ static inline int get_sigset_argpack(str { // the path is hot enough for overhead of copy_from_user() to matter if (from) { - if (can_do_masked_user_access()) - from =3D masked_user_access_begin(from); - else if (!user_read_access_begin(from, sizeof(*from))) - return -EFAULT; - unsafe_get_user(to->p, &from->p, Efault); - unsafe_get_user(to->size, &from->size, Efault); - user_read_access_end(); + scoped_masked_user_rw_access(from, return -EFAULT, { + scoped_get_user(to->p, &from->p); + scoped_get_user(to->size, &from->size); + }); } return 0; -Efault: - user_read_access_end(); - return -EFAULT; } =20 SYSCALL_DEFINE6(pselect6, int, n, fd_set __user *, inp, fd_set __user *, o= utp,