From nobody Sat Feb 7 21:08:25 2026 Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DF812FC881 for ; Sat, 20 Dec 2025 21:56:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766267787; cv=none; b=fTnNnhIDFofXW95Z3D727wcn54R1Crq3JJdOI9cyNQuoN7BmVfDhFMgrku2qfwJKB+xtOhM23jcM6E/doGx5WFqdvxZQXaoZTQCqzoqAT5dMiwRZitLm9GMT2i/Uaf5XbZHAE/sYbXdha5pqXUROqnm8CwrSYCgGlKoY28qr9mU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766267787; c=relaxed/simple; bh=NK+TyB8fh0yFVhHCW1r2ai8ar6Mx4HmgkCCQoiXHLNw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=MvQs+iz3xOmN7LF8GxIGTdjdOWHhBWi4Ep3GaytbPvPC5ST41kyeSEiJKIhcY1hNaSxUCIVpxB+iWPhSqRxS5gdPxkrs+Ai7WyKMSzKNwMg3QlQCL2MgR+/iQWeBtTroYHiZ3CCbJ34K4DDBGJAI3jJlrZR4wUrhHb8a1+wm1KM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=I2UR5tVN; arc=none smtp.client-ip=209.85.221.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="I2UR5tVN" Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-4308d81fdf6so1335122f8f.2 for ; Sat, 20 Dec 2025 13:56:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766267784; x=1766872584; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dcTMb0ctL2F4sGzCDrh7YS5WyYCOXEQhbc7VgNfllQo=; b=I2UR5tVNoZvNXnPSv36BujXM6aR9a158/VeimVn4PtRwZv23ivhYkJCvhuOhYNduBU MRP2MScdQEpOttE3xpwK24pTaughKLaUEUsMgYvl3xxOl0w+WlHsejsLHrHq59iqZDli kGr6uasjgwwtnphKIwV+SWA32BuYiaF7ryxr/wa8HqyHy/TvceP9nB52ePUYLWQHPBP3 ZujhACad4dEQDRvvWx/b4uZZw5zz4zno9TYz6E6MQifWyfQkA7UUzGPRO5uK6sBa8l2F Ad9r+N/Pn1Srb4JF66BSbY9d9SjbClFd0aCpIRLMHANpwpxkwNwEkwTFwa5UvhqjWmRH v8CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766267784; x=1766872584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dcTMb0ctL2F4sGzCDrh7YS5WyYCOXEQhbc7VgNfllQo=; b=tvRtcsRcoOSZE2WBQZu5JXEBzxTLUN6p4OLrbp3pIOdm0IstDDnVOZFtFWwF/yTByn x9i1M6qyKyP6LgZp0bNPisihqRcw4Y1kZvfHBD4i5+vgMnDVwRu4R/iInf/CNKN6zr7+ OMF0n8EyY8cbO2IvQS/TdDHOf3OSCfwc+fuKxcEhwtwnmEpCmyK4yTPhB90FSbhIW5J0 FlqsZkYouIn4xrTefXrkjDTqn4cDi4Pr5xWZVdZjX2m6yhLODNYBcW/MCY9Qs/dNJoMm pqW7htmmkr64SxbrbWBszUt6l3qsdqcxLM1hCSctfI4XViVeM/hsxGZ5HaasKAr4n2jx AR1A== X-Forwarded-Encrypted: i=1; AJvYcCUP6cqrL1YFCTp1/b7JpNSdPLrlT4m4+q9dTruE5E9GeIRjl/Ws0vdeJDWYPSfAuTTPkMAi4szIpBWUTj0=@vger.kernel.org X-Gm-Message-State: AOJu0Ywyybmoh+XxXOJsy7VMOtXIjxCGdRIGJII2zrjJLVAzD5fslBRf KiikoiN5DcLb7K+FqfcFXwg3L2N0pvb7yAZkXqVSKhifj4vNPloIPl5K X-Gm-Gg: AY/fxX7O2kSyc847B7DTeM9xTW0ASVEjW73WYPomu99upgUGpdFYVe0Ye1M70NwTg4a Li6UG464H3FsF1kos4jkKisVjkvEujxP2L+kE5pQEmYsS462QQjmrKaMja9pva5ggkAtOOl2kCp HhwdrfcAwYKKGPeCRj8vaRUK02Nc9+mSYTy/E47cR/Ih1HmKaszhlfP1vr9ZzhNyFWnCE8gv9vO 0CLFr4twJ5hClKXc7XZCoorsplqKr8WwYsAxX5BcbO7/XgdHzeqj9OKH+zyZVZpfqPpNeZuLvka z908tJBDLUttS3+R6Lkt+gFY77qn8OJuV9+IN9hVNLmD1L2MIj2rNoxpSvtGSN0/sAfF6mdoLHX /WXL0Y1zjH9kfa1jQxSyexrqaHiHumqO4phIPO4kEe5dqOg7ojWyqABT9wugTwoJL4Do0//P1dF ydwRpUMq9iXYYYCuzp1mn389pvmwkbvmOShaj3AnCwXKfMFjSXekZQjtgpAQf8nMsiyy4AlsS1 X-Google-Smtp-Source: AGHT+IHEFxekC452uLpXGKjIh0M59cfflTIdiv7cyeJcvpQA8SulNZdCNNzhpTsZ2uQ3uY/w4D4zGw== X-Received: by 2002:a05:6000:26c3:b0:430:ff41:5c87 with SMTP id ffacd0b85a97d-4324e701157mr6944726f8f.60.1766267783381; Sat, 20 Dec 2025 13:56:23 -0800 (PST) Received: from snowdrop.snailnet.com (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4325c052d34sm3601755f8f.25.2025.12.20.13.56.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Dec 2025 13:56:23 -0800 (PST) From: david.laight.linux@gmail.com To: Thomas Gleixner , Linus Torvalds , Peter Zijlstra , Mathieu Desnoyers , Kees Cook , linux-kernel@vger.kernel.org, akpm@linux-foundation.org, Al Viro Cc: David Laight Subject: [PATCH 5/5] signal: Use scoped_user_access() instead of __put/get_user() Date: Sat, 20 Dec 2025 21:56:08 +0000 Message-Id: <20251220215608.434614-6-david.laight.linux@gmail.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251220215608.434614-1-david.laight.linux@gmail.com> References: <20251220215608.434614-1-david.laight.linux@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: David Laight Mechanically change the access_ok() and __get/put_user() to use scoped_user_read/write_access() and unsafe_get/put_user(). This generates better code with fewer STAC/CLAC pairs. It also ensures that access_ok() is called near the user accesses. I failed to find the one for __save_altstack(). Looking at the change, perhaps there should be aliases: #define scoped_put_user unsafe_put_user #define scoped_get_user unsafe_get_user Signed-off-by: David Laight --- kernel/signal.c | 72 ++++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 30 deletions(-) diff --git a/kernel/signal.c b/kernel/signal.c index e42b8bd6922f..806b19041f72 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -4469,10 +4469,16 @@ int restore_altstack(const stack_t __user *uss) int __save_altstack(stack_t __user *uss, unsigned long sp) { struct task_struct *t =3D current; - int err =3D __put_user((void __user *)t->sas_ss_sp, &uss->ss_sp) | - __put_user(t->sas_ss_flags, &uss->ss_flags) | - __put_user(t->sas_ss_size, &uss->ss_size); - return err; + + scoped_user_write_access(uss, Efault) { + unsafe_put_user((void __user *)t->sas_ss_sp, &uss->ss_sp, Efault); + unsafe_put_user(t->sas_ss_flags, &uss->ss_flags, Efault); + unsafe_put_user(t->sas_ss_size, &uss->ss_size, Efault); + } + return 0; + +Efault: + return -EFAULT; } =20 #ifdef CONFIG_COMPAT @@ -4705,12 +4711,12 @@ SYSCALL_DEFINE3(sigaction, int, sig, =20 if (act) { old_sigset_t mask; - if (!access_ok(act, sizeof(*act)) || - __get_user(new_ka.sa.sa_handler, &act->sa_handler) || - __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) || - __get_user(new_ka.sa.sa_flags, &act->sa_flags) || - __get_user(mask, &act->sa_mask)) - return -EFAULT; + scoped_user_read_access(act, Efault) { + unsafe_get_user(new_ka.sa.sa_handler, &act->sa_handler, Efault); + unsafe_get_user(new_ka.sa.sa_restorer, &act->sa_restorer, Efault); + unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault); + unsafe_get_user(mask, &act->sa_mask, Efault); + } #ifdef __ARCH_HAS_KA_RESTORER new_ka.ka_restorer =3D NULL; #endif @@ -4720,15 +4726,18 @@ SYSCALL_DEFINE3(sigaction, int, sig, ret =3D do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); =20 if (!ret && oact) { - if (!access_ok(oact, sizeof(*oact)) || - __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || - __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) || - __put_user(old_ka.sa.sa_flags, &oact->sa_flags) || - __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask)) - return -EFAULT; + scoped_user_write_access(oact, Efault) { + unsafe_put_user(old_ka.sa.sa_handler, &oact->sa_handler, Efault); + unsafe_put_user(old_ka.sa.sa_restorer, &oact->sa_restorer, Efault); + unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault); + unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault); + } } =20 return ret; + +Efault: + return -EFAULT; } #endif #ifdef CONFIG_COMPAT_OLD_SIGACTION @@ -4742,12 +4751,12 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig, compat_uptr_t handler, restorer; =20 if (act) { - if (!access_ok(act, sizeof(*act)) || - __get_user(handler, &act->sa_handler) || - __get_user(restorer, &act->sa_restorer) || - __get_user(new_ka.sa.sa_flags, &act->sa_flags) || - __get_user(mask, &act->sa_mask)) - return -EFAULT; + scoped_user_read_access(act, Efault) { + unsafe_get_user(handler, &act->sa_handler, Efault); + unsafe_get_user(restorer, &act->sa_restorer, Efault); + unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault); + unsafe_get_user(mask, &act->sa_mask, Efault); + } =20 #ifdef __ARCH_HAS_KA_RESTORER new_ka.ka_restorer =3D NULL; @@ -4760,16 +4769,19 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig, ret =3D do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); =20 if (!ret && oact) { - if (!access_ok(oact, sizeof(*oact)) || - __put_user(ptr_to_compat(old_ka.sa.sa_handler), - &oact->sa_handler) || - __put_user(ptr_to_compat(old_ka.sa.sa_restorer), - &oact->sa_restorer) || - __put_user(old_ka.sa.sa_flags, &oact->sa_flags) || - __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask)) - return -EFAULT; + scoped_user_write_access(oact, Efault) { + unsafe_put_user(ptr_to_compat(old_ka.sa.sa_handler), + &oact->sa_handler, Efault); + unsafe_put_user(ptr_to_compat(old_ka.sa.sa_restorer), + &oact->sa_restorer, Efault); + unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault); + unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault); + } } return ret; + +Efault: + return -EFAULT; } #endif =20 --=20 2.39.5