From nobody Thu Apr 9 12:06:19 2026 Received: from mailtransmit04.runbox.com (mailtransmit04.runbox.com [185.226.149.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 17BF13859F8; Mon, 2 Mar 2026 13:28:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.37 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458126; cv=none; b=BMIMwSyzBd7wM3PkQ6QrESUh5Plmpm/2eIDa/8azbIKw6QyZr96W59XFJqiWR+7JdcZn9ZfZKmfg99nq5RCsdBMNs7PCyKQ+q0we2LjR5+lGl4lkScueIUIsTuVzHxKXFen+Q9ZQPaVTSHOVNRGNifVYxA4PIyBGg3ryiDU3ACU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458126; c=relaxed/simple; bh=+8jUA1pIhBmowlO1jxzQc7kmakXtjz0IlbAyic50DRM=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=j0vg0bTjdUS1+HNVax7W0QJ+FA0xNTU9ixpmA6NAcXCKgPmoSEvL31yoFh0JkvnEz0hoBdxlhJDHfpW3IRZlYpY4oP8WIUlaHxDhFmOli2DNBdps4+8++PVXITw1LYfftMMD8CZ48Ld1EC+EgdeWoCdk46nb43bJvXAXNMF1qjY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=runbox.com; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b=WNKhqMbv; arc=none smtp.client-ip=185.226.149.37 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=runbox.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b="WNKhqMbv" Received: from mailtransmit02.runbox ([10.9.9.162] helo=aibo.runbox.com) by mailtransmit04.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1vx3Jw-003ZDu-8P; Mon, 02 Mar 2026 14:28:24 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=runbox.com; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To :Message-Id:Date:Subject:To:From; bh=gjy8VzZho98qn7gDgAP8doLSL96/gQyRo0dz/GrFn7E=; b=WNKhqMbveWP+K3PmL7U2N/ZjgC CRkQIzZeOHgk5k2HnpMOotG24V0hTJvr6OyT7PqOl2Dm4nA4urOR3OWpHobtPgDSlAr7nWHDbEPwt tSQA2Q7DOv2iXbAH5WTGLe+U0ioyZh17n7ApFQAc/XkWeA54mqXch5dDYlog2nx7U8hngM1sDJ11s tNRhThx7ejIxz+T6UR24ZnQQNxcdrxg2eAm04+CH6ikcFduLKZhvpfDwjgDgloDXZCXGRn/V4LJTr wYXmGMM3HPxkLojYe9Z7XsbLpV20rgoagwKiSMoPtipXBJZirNaVllMP0+p8CbfIcQhj00YQaveaN J3vQaaWw==; Received: from [10.9.9.73] (helo=submission02.runbox) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1vx3Ju-0003tB-95; Mon, 02 Mar 2026 14:28:22 +0100 Received: by submission02.runbox with esmtpsa [Authenticated ID (1493616)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1vx3Jg-008UTR-FQ; Mon, 02 Mar 2026 14:28:08 +0100 From: david.laight.linux@gmail.com To: Alexander Viro , Andre Almeida , Andrew Cooper , Christian Borntraeger , Christian Brauner , Christophe Leroy , "Christophe Leroy (CS GROUP)" , Darren Hart , David Laight , Davidlohr Bueso , Heiko Carstens , Jan Kara , Julia Lawall , Linus Torvalds , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, LKML , Madhavan Srinivasan , Mathieu Desnoyers , Michael Ellerman , Nicholas Piggin , Nicolas Palix , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Russell King , Sven Schnelle , Thomas Gleixner , x86@kernel.org, Kees Cook , akpm@linux-foundation.org Subject: [PATCH v2 1/5] uaccess: Fix scoped_user_read_access() for 'pointer to const' Date: Mon, 2 Mar 2026 13:27:51 +0000 Message-Id: <20260302132755.1475451-2-david.laight.linux@gmail.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260302132755.1475451-1-david.laight.linux@gmail.com> References: <20260302132755.1475451-1-david.laight.linux@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: David Laight If a 'const struct foo __user *ptr' is used for the address passed to scoped_user_read_access() then you get a warning/error uaccess.h:691:1: error: initialization discards 'const' qualifier from pointer target type [-Werror=3Ddiscarded-qualifiers] for the void __user *_tmpptr =3D __scoped_user_access_begin(mode, uptr, size, e= lbl) assignment. Fix by using 'auto' for both _tmpptr and the redeclaration of uptr. Replace the CLASS() with explicit __cleanup() functions on uptr. Fixes: e497310b4ffb "(uaccess: Provide scoped user access regions)" Signed-off-by: David Laight Reviewed-by: Christophe Leroy (CS GROUP) Tested-by: Christophe Leroy (CS GROUP) --- include/linux/uaccess.h | 54 +++++++++++++++-------------------------- 1 file changed, 20 insertions(+), 34 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 1f3804245c06..809e4f7dfdbd 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -647,36 +647,22 @@ static inline void user_access_restore(unsigned long = flags) { } /* Define RW variant so the below _mode macro expansion works */ #define masked_user_rw_access_begin(u) masked_user_access_begin(u) #define user_rw_access_begin(u, s) user_access_begin(u, s) -#define user_rw_access_end() user_access_end() =20 /* Scoped user access */ -#define USER_ACCESS_GUARD(_mode) \ -static __always_inline void __user * \ -class_user_##_mode##_begin(void __user *ptr) \ -{ \ - return ptr; \ -} \ - \ -static __always_inline void \ -class_user_##_mode##_end(void __user *ptr) \ -{ \ - user_##_mode##_access_end(); \ -} \ - \ -DEFINE_CLASS(user_ ##_mode## _access, void __user *, \ - class_user_##_mode##_end(_T), \ - class_user_##_mode##_begin(ptr), void __user *ptr) \ - \ -static __always_inline class_user_##_mode##_access_t \ -class_user_##_mode##_access_ptr(void __user *scope) \ -{ \ - return scope; \ -} =20 -USER_ACCESS_GUARD(read) -USER_ACCESS_GUARD(write) -USER_ACCESS_GUARD(rw) -#undef USER_ACCESS_GUARD +/* Cleanup wrapper functions */ +static __always_inline void __scoped_user_read_access_end(const void *p) +{ + user_read_access_end(); +}; +static __always_inline void __scoped_user_write_access_end(const void *p) +{ + user_write_access_end(); +}; +static __always_inline void __scoped_user_rw_access_end(const void *p) +{ + user_access_end(); +}; =20 /** * __scoped_user_access_begin - Start a scoped user access @@ -750,13 +736,13 @@ USER_ACCESS_GUARD(rw) * * Don't use directly. Use scoped_masked_user_$MODE_access() instead. */ -#define __scoped_user_access(mode, uptr, size, elbl) \ -for (bool done =3D false; !done; done =3D true) \ - for (void __user *_tmpptr =3D __scoped_user_access_begin(mode, uptr, size= , elbl); \ - !done; done =3D true) \ - for (CLASS(user_##mode##_access, scope)(_tmpptr); !done; done =3D true) \ - /* Force modified pointer usage within the scope */ \ - for (const typeof(uptr) uptr =3D _tmpptr; !done; done =3D true) +#define __scoped_user_access(mode, uptr, size, elbl) \ +for (bool done =3D false; !done; done =3D true) \ + for (auto _tmpptr =3D __scoped_user_access_begin(mode, uptr, size, elbl);= \ + !done; done =3D true) \ + /* Force modified pointer usage within the scope */ \ + for (const auto uptr __cleanup(__scoped_user_##mode##_access_end) =3D \ + _tmpptr; !done; done =3D true) =20 /** * scoped_user_read_access_size - Start a scoped user read access with giv= en size --=20 2.39.5 From nobody Thu Apr 9 12:06:19 2026 Received: from mailtransmit04.runbox.com (mailtransmit04.runbox.com [185.226.149.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2ADCE37701A; Mon, 2 Mar 2026 13:28:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.37 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458132; cv=none; b=Ao49kKEBRSgDMXiwa8dOOP32xFlbD4YvfryNcoAhfr4GMawzi4ijhKsexHkMeC7LIeQSQf9BtWxdV8pJfSApkAoE/xMhezh69QGcHGRFacVkf2DlVorK8+lJRBO2CodClm7hPNvs6lZmZS3cM+8To4w+blHLOpaecf9bcKz1wZM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458132; c=relaxed/simple; bh=IATyzkK6xWW9YiXL0DIDlHPO2PCygJ/MYODtpq9Z3Ms=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=el9IiXC5VJ7X1bT7CqA7wPnBrmK45PUJJci7bCXJxMdv6k9jU7oyTBO2Z80GKByiYDzQHCFciT/kwIV2mJTHy+6aPVFs5UozkrTGj0Yys4i1ECiI4wXcXNvQ0mOAMNxNK2GXXNcHpcbbbFqJ0sGCaXCX7s1Y53NrBa3Aw4i9XRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=runbox.com; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b=dr2IYEGX; arc=none smtp.client-ip=185.226.149.37 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=runbox.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b="dr2IYEGX" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit04.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1vx3Jv-003ZDi-SM; Mon, 02 Mar 2026 14:28:23 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=runbox.com; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To :Message-Id:Date:Subject:To:From; bh=D3P/KaCqbTVRLW734Le3jm//dWEzoj6aOdRHjsDkHB0=; b=dr2IYEGXpLn70YtwZCSevHlElv /BDRdlUO4zDGofnTsHi42LvbEdi3VipTLE3qO2jms6/GGfUGILr2ElGxq76Qqa1IVjSRbEvOAc1Ro pNaEyMGT7NC4B24epdTZtJNVCwBM3fXGAKN7d+4ezQMOiK4oex69VUMtEUOAjx+EPd5g+ct38316h qxQXAxcAiiKRb6oyp9RzKKLymdA7Gx+8gSGQAGBZIzLD4BxE+G55Ccnmk/qMfgl9N6JGa4es8sujn nzOnVNpMKlbluysxX5nsv82z0JQ/qI/Tt/bJCX331CVLx9DxsrepkWNzyJUPNhYsRNbEfHp1c25Sv 5z427ECQ==; Received: from [10.9.9.73] (helo=submission02.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1vx3Jv-0001hG-7S; Mon, 02 Mar 2026 14:28:23 +0100 Received: by submission02.runbox with esmtpsa [Authenticated ID (1493616)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1vx3Jh-008UTR-Jt; Mon, 02 Mar 2026 14:28:09 +0100 From: david.laight.linux@gmail.com To: Alexander Viro , Andre Almeida , Andrew Cooper , Christian Borntraeger , Christian Brauner , Christophe Leroy , "Christophe Leroy (CS GROUP)" , Darren Hart , David Laight , Davidlohr Bueso , Heiko Carstens , Jan Kara , Julia Lawall , Linus Torvalds , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, LKML , Madhavan Srinivasan , Mathieu Desnoyers , Michael Ellerman , Nicholas Piggin , Nicolas Palix , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Russell King , Sven Schnelle , Thomas Gleixner , x86@kernel.org, Kees Cook , akpm@linux-foundation.org Subject: [PATCH v2 2/5] compiler.h: Add generic support for 'autoterminating nested for() loops' Date: Mon, 2 Mar 2026 13:27:52 +0000 Message-Id: <20260302132755.1475451-3-david.laight.linux@gmail.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260302132755.1475451-1-david.laight.linux@gmail.com> References: <20260302132755.1475451-1-david.laight.linux@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: David Laight Autoterminating nested for() loops can be used inside #defines to declare variables that are scoped to the statement that follows. These are used by __scoped_user_access() but may have other uses and the gory details are best separated from the use. Using 'with (declaration)' and 'and_with (declaration)' seems to read reasonably well and doesn't seem to collide with any existing code. As an example the scoped user access definition becomes: with (auto _tmpptr =3D __scoped_user_access_begin(mode, uptr, size, elbl))= \ /* Force modified pointer usage within the scope */ \ and_with (const auto uptr __cleanup(...) =3D _tmpptr) Signed-off-by: David Laight --- include/linux/compiler.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/include/linux/compiler.h b/include/linux/compiler.h index af16624b29fd..1098a91b5591 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -369,6 +369,32 @@ static inline void *offset_to_ptr(const int *off) */ #define prevent_tail_call_optimization() mb() =20 +/* + * Sometimes a #define needs to declare a variable that is scoped + * to the statement that follows without having mismatched {}. + * with (int x =3D expression) { + * statements + * } + * is the same as: + * { + * int x =3D expression; + * statements + * } + * but lets it all be hidden from the call site, eg: + * frobnicate(x, args) { + * statements + * }=20 + * Only a single variable can be defined, and_with() allows extra ones + * without adding an additional outer loop. + * + * The controlled scope can be terminated using return, break, continue or= goto. + */ +#define with(declaration) \ + for (bool _with_done =3D false; !_with_done; _with_done =3D true) \ + and_with (declaration) +#define and_with(declaration) \ + for (declaration; !_with_done; _with_done =3D true) + #include =20 #endif /* __LINUX_COMPILER_H */ --=20 2.39.5 From nobody Thu Apr 9 12:06:19 2026 Received: from mailtransmit04.runbox.com (mailtransmit04.runbox.com [185.226.149.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5034E3346AD; Mon, 2 Mar 2026 13:28:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.37 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458131; cv=none; b=bTJEPPzZVHH3qBrzApwsRbYQwi8c2cteM5XeE2GQ7CYWqjld25UdhUXyWZSvKlvN6TDImnFJFzOBnY/RNUyI7cLPACWtppnPtcgyngRqKfCKvK9JEWoMpjFaSEFfsNl5UESmEdbUo/iLBOy+1shtlSm/y32TwgIJB3sksUwFrOs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458131; c=relaxed/simple; bh=/vw1o/tgaqgXlymwWBfNq0gtWd8qwqkw++waY5+/oWo=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=shbsRoCRMfdXnziC/NzqGtgzuCVaMbvSrTSeFN6X1X3yAwEV/K9CzSJBBx6zTmWcsDfQgkmoeESoEl3T9nwTt1N5sDbyS8vw8yEWqJJEFQlX7b+24kzRUwBGZOu4txG3fv3uNNDwcKInK1diIdZubSCMklZMNNOwGpHXTt5irh4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=runbox.com; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b=pfYMBjDr; arc=none smtp.client-ip=185.226.149.37 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=runbox.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b="pfYMBjDr" Received: from mailtransmit02.runbox ([10.9.9.162] helo=aibo.runbox.com) by mailtransmit04.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1vx3Jw-003ZE4-Au; Mon, 02 Mar 2026 14:28:24 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=runbox.com; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To :Message-Id:Date:Subject:To:From; bh=7cjIEqDAe6MTPa2yql8v8L5e7mjA+roV54bcD0Te3Y4=; b=pfYMBjDrxtDGIuseYyHfRKhdlY wxGF1P6KMNx6ObRuGN6ZC4wsAsw2hRQ/moIf5DlPtJ4OdcFDVbbZfYlXOaHjFV7UCzwT+RFpEzmxH qWXXDA4ONYMAsNi6ePJIKCLTLb8MT74QJNuqJ6sdh6Tq/4chxS0eBiQlHuCMuynNI3HaM4H+mIWD+ MfMF3aDGj96f3wG2XdkXTZREX71lpkYTiXzClo5Rgz07oqNqD1x1j5Sva9T4TMi13zMpJPrbafMuY y2tpwibHn24xe00sD61gejFnTEEHP9CDzwhRxR2Z0zEadqZouQs+4eZ2DS+v9eN8M5kbcQczC3zdl N7bMTDQg==; Received: from [10.9.9.73] (helo=submission02.runbox) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1vx3Jv-0003tI-NG; Mon, 02 Mar 2026 14:28:23 +0100 Received: by submission02.runbox with esmtpsa [Authenticated ID (1493616)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1vx3Ji-008UTR-OY; Mon, 02 Mar 2026 14:28:10 +0100 From: david.laight.linux@gmail.com To: Alexander Viro , Andre Almeida , Andrew Cooper , Christian Borntraeger , Christian Brauner , Christophe Leroy , "Christophe Leroy (CS GROUP)" , Darren Hart , David Laight , Davidlohr Bueso , Heiko Carstens , Jan Kara , Julia Lawall , Linus Torvalds , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, LKML , Madhavan Srinivasan , Mathieu Desnoyers , Michael Ellerman , Nicholas Piggin , Nicolas Palix , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Russell King , Sven Schnelle , Thomas Gleixner , x86@kernel.org, Kees Cook , akpm@linux-foundation.org Subject: [PATCH v2 3/5] uaccess.h: Use with() and and_with() in __scoped_user_access() Date: Mon, 2 Mar 2026 13:27:53 +0000 Message-Id: <20260302132755.1475451-4-david.laight.linux@gmail.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260302132755.1475451-1-david.laight.linux@gmail.com> References: <20260302132755.1475451-1-david.laight.linux@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: David Laight Wrappers for autoterminating nested for() loops have been added to compiler.h, use them to hide the gory details. Signed-off-by: David Laight --- include/linux/uaccess.h | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 809e4f7dfdbd..64bc2492eb99 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -736,13 +736,10 @@ static __always_inline void __scoped_user_rw_access_e= nd(const void *p) * * Don't use directly. Use scoped_masked_user_$MODE_access() instead. */ -#define __scoped_user_access(mode, uptr, size, elbl) \ -for (bool done =3D false; !done; done =3D true) \ - for (auto _tmpptr =3D __scoped_user_access_begin(mode, uptr, size, elbl);= \ - !done; done =3D true) \ - /* Force modified pointer usage within the scope */ \ - for (const auto uptr __cleanup(__scoped_user_##mode##_access_end) =3D \ - _tmpptr; !done; done =3D true) +#define __scoped_user_access(mode, uptr, size, elbl) \ + with (auto _tmpptr =3D __scoped_user_access_begin(mode, uptr, size, elbl)= ) \ + /* Force modified pointer usage within the scope */ \ + and_with (const auto uptr __cleanup(__scoped_user_##mode##_access_end) = =3D _tmpptr) =20 /** * scoped_user_read_access_size - Start a scoped user read access with giv= en size --=20 2.39.5 From nobody Thu Apr 9 12:06:19 2026 Received: from mailtransmit05.runbox.com (mailtransmit05.runbox.com [185.226.149.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A098C3242AB; Mon, 2 Mar 2026 13:28:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458125; cv=none; b=JCCCOYAHb6WZXBiGjkTmqihzWHg9jdyk3Q585AVW2F2Dicv8ZkvbbPSTrWr0Qvr9rfE0sFBFE8yBQNPNoibspiwYlOX7tdB0ycVAwXlvyF56gmOqeVG4Bbb06be3oK1N+Fh33C4gI1xYRXKdP5bJrqqGKvpan+Qzta7D4zZ1+zQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458125; c=relaxed/simple; bh=FKFw9WDEltFsWTOOSmYNAvvnsX/tHlWIyPea6wX7cZU=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=iIih01IsR0kAR3nLwp9UrRRf5dodOzXhX5FsAfD3G6WUO4qmb3r8WiiTFw0/dKzg9ajELeBc/EQPi4yOm2QO1Xn7ztmF6c9b03nesUkfYKcFCNNnv1aLD2aAmFQUmAPyOlOQKd7u12Pc4OIf3HP2X+ZsEcy6nuU7O1z+kwPu96M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=runbox.com; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b=RaIJo34Y; arc=none smtp.client-ip=185.226.149.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=runbox.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b="RaIJo34Y" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit05.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1vx3Jx-003blN-9N; Mon, 02 Mar 2026 14:28:25 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=runbox.com; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To :Message-Id:Date:Subject:To:From; bh=o2ClYLRupqDrO68wbhPYoX/KO8vhOPlwFWoOd/NbY3w=; b=RaIJo34Y0Q7j2egm9oaHOlOtOd qIf5fI6+l/d2wpNaqq8G9dXTQ9MMLD3B96RqcrmcIuZWAbHSJrVvAOsCyxNnHmB0ApiOwjvIA/WUq 2QHmlroveisu5RbpBCARdjIwFelcSMWSgnuhcGGnezIcVvrdSc/czwp60dIuZ0dJ0UBhYTt3Dir6A kPjMxT6Sx+w5jzEelLAoWpF5WZwr5068t7N9pLbu3BuEHsUXyhRpZNDULOe1NTcLEJsTarSsqPA3q jO3BiP4+6U4spuDiRYWorjNHk7ZXXdxC/8mJTlzMjB17nS6wB8o7mn+sdiXsOXXocQv+tO32ThUWi FRs2OCew==; Received: from [10.9.9.73] (helo=submission02.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1vx3Jw-0001hU-9m; Mon, 02 Mar 2026 14:28:24 +0100 Received: by submission02.runbox with esmtpsa [Authenticated ID (1493616)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1vx3Jj-008UTR-SY; Mon, 02 Mar 2026 14:28:11 +0100 From: david.laight.linux@gmail.com To: Alexander Viro , Andre Almeida , Andrew Cooper , Christian Borntraeger , Christian Brauner , Christophe Leroy , "Christophe Leroy (CS GROUP)" , Darren Hart , David Laight , Davidlohr Bueso , Heiko Carstens , Jan Kara , Julia Lawall , Linus Torvalds , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, LKML , Madhavan Srinivasan , Mathieu Desnoyers , Michael Ellerman , Nicholas Piggin , Nicolas Palix , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Russell King , Sven Schnelle , Thomas Gleixner , x86@kernel.org, Kees Cook , akpm@linux-foundation.org Subject: [PATCH v2 4/5] uaccess: Disable -Wshadow in __scoped_user_access() Date: Mon, 2 Mar 2026 13:27:54 +0000 Message-Id: <20260302132755.1475451-5-david.laight.linux@gmail.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260302132755.1475451-1-david.laight.linux@gmail.com> References: <20260302132755.1475451-1-david.laight.linux@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: David Laight -Wshadow is enabled by W=3D2 builds and __scoped_user_access() quite deliberately creates a 'const' shadow of the 'user' address that references a 'guard page' when the application passes a kernel pointer. Signed-off-by: David Laight --- include/linux/uaccess.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 64bc2492eb99..445391ec5a6d 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -739,7 +739,9 @@ static __always_inline void __scoped_user_rw_access_end= (const void *p) #define __scoped_user_access(mode, uptr, size, elbl) \ with (auto _tmpptr =3D __scoped_user_access_begin(mode, uptr, size, elbl)= ) \ /* Force modified pointer usage within the scope */ \ - and_with (const auto uptr __cleanup(__scoped_user_##mode##_access_end) = =3D _tmpptr) + __diag_push() __diag_ignore_all("-Wshadow", "uptr is readonly copy") \ + and_with (const auto uptr __cleanup(__scoped_user_##mode##_access_end) = =3D _tmpptr) \ + __diag_pop() =20 /** * scoped_user_read_access_size - Start a scoped user read access with giv= en size --=20 2.39.5 From nobody Thu Apr 9 12:06:19 2026 Received: from mailtransmit05.runbox.com (mailtransmit05.runbox.com [185.226.149.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD21536C9D0; Mon, 2 Mar 2026 13:28:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.226.149.38 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458128; cv=none; b=eVfaPez3X0nsWx26xXwsEIXqVTEBM/g8u0hn4wGLxcdHCOUqUVdGRFJZ4PpdH0oJi2kGyK1Hm9q4emsBai2RcCK65PYOoaBBllF4lQHlorfrSYLSSKez958dIjrhvXMSHk8U6PfZi3w6aYoiOX88dLlty7Rezev+nH6fiA1wlZ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772458128; c=relaxed/simple; bh=W6qmQbOUEvCz4cAy/edHoPzKepofa/JIaVO2fGniCcs=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OAz0TjbfB99Idj5VISoU37PvALOUIcONJvGPLVk4PsTuLSRcvLRjiU9r9imrNOkSxTdasYf5m8rcdZ4hva2k9lFirlRSVAjWwKe5TOUDwxGmi/QoMgwjFVhYGU72w/J2SS5+cY1iRo3s/fCjSPsXa8ZEwnfK8KY6fJNS8KNtwGU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=runbox.com; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b=C3w8X+KC; arc=none smtp.client-ip=185.226.149.38 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=runbox.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=runbox.com header.i=@runbox.com header.b="C3w8X+KC" Received: from mailtransmit03.runbox ([10.9.9.163] helo=aibo.runbox.com) by mailtransmit05.runbox.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1vx3Jw-003bl4-7x; Mon, 02 Mar 2026 14:28:24 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=runbox.com; s=selector2; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To :Message-Id:Date:Subject:To:From; bh=DqGOd6ipwPciYOEGbBHYVc1F4qmoJna8wv2iZM4469g=; b=C3w8X+KCNPwwUnlCUtq46S90t1 DaIzVd1U67pGzKoSNwRgDY0CkJR1WNOs2reVFFLbpCZJ5PTfZVq5TZTYpBtxMw2AfBFKsnU8eNfzL UyKZj1Ao3zw24M6GhXmw4q7AcjpvZz9fajrVInZguhOGa8NYPBkUrjhNlngU3Mr5PEAWm9Jc6JFne y3SR7NYQbKrUQi7nwwLTjarrREdk17HVYnhrX+G5V/PSUpfdGc3Axbaqn/zyoRSLpoMrqqb5dL7RX smVDc6yiyZoQchORsC5WgAugpAW3KLRRAwN3ak0bumYpByVPz6HVuheyobbQNDuH27z7AyGB9th3/ IYE9RgWA==; Received: from [10.9.9.73] (helo=submission02.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1vx3Ju-0001hC-Np; Mon, 02 Mar 2026 14:28:22 +0100 Received: by submission02.runbox with esmtpsa [Authenticated ID (1493616)] (TLS1.2:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.93) id 1vx3Jl-008UTR-0w; Mon, 02 Mar 2026 14:28:13 +0100 From: david.laight.linux@gmail.com To: Alexander Viro , Andre Almeida , Andrew Cooper , Christian Borntraeger , Christian Brauner , Christophe Leroy , "Christophe Leroy (CS GROUP)" , Darren Hart , David Laight , Davidlohr Bueso , Heiko Carstens , Jan Kara , Julia Lawall , Linus Torvalds , linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, LKML , Madhavan Srinivasan , Mathieu Desnoyers , Michael Ellerman , Nicholas Piggin , Nicolas Palix , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Russell King , Sven Schnelle , Thomas Gleixner , x86@kernel.org, Kees Cook , akpm@linux-foundation.org Subject: [PATCH v2 next 5/5] signal: Use scoped_user_access() instead of __put/get_user() Date: Mon, 2 Mar 2026 13:27:55 +0000 Message-Id: <20260302132755.1475451-6-david.laight.linux@gmail.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260302132755.1475451-1-david.laight.linux@gmail.com> References: <20260302132755.1475451-1-david.laight.linux@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: David Laight Mechanically change the access_ok() and __get/put_user() to use scoped_user_read/write_access() and unsafe_get/put_user(). This generates better code with fewer STAC/CLAC pairs. It also ensures that access_ok() is called near the user accesses. I failed to find the one for __save_altstack(). Looking at the change, perhaps there should be aliases: #define scoped_put_user unsafe_put_user #define scoped_get_user unsafe_get_user Signed-off-by: David Laight --- kernel/signal.c | 72 ++++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 30 deletions(-) diff --git a/kernel/signal.c b/kernel/signal.c index d65d0fe24bfb..fca257398cbc 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -4469,10 +4469,16 @@ int restore_altstack(const stack_t __user *uss) int __save_altstack(stack_t __user *uss, unsigned long sp) { struct task_struct *t =3D current; - int err =3D __put_user((void __user *)t->sas_ss_sp, &uss->ss_sp) | - __put_user(t->sas_ss_flags, &uss->ss_flags) | - __put_user(t->sas_ss_size, &uss->ss_size); - return err; + + scoped_user_write_access(uss, Efault) { + unsafe_put_user((void __user *)t->sas_ss_sp, &uss->ss_sp, Efault); + unsafe_put_user(t->sas_ss_flags, &uss->ss_flags, Efault); + unsafe_put_user(t->sas_ss_size, &uss->ss_size, Efault); + } + return 0; + +Efault: + return -EFAULT; } =20 #ifdef CONFIG_COMPAT @@ -4705,12 +4711,12 @@ SYSCALL_DEFINE3(sigaction, int, sig, =20 if (act) { old_sigset_t mask; - if (!access_ok(act, sizeof(*act)) || - __get_user(new_ka.sa.sa_handler, &act->sa_handler) || - __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) || - __get_user(new_ka.sa.sa_flags, &act->sa_flags) || - __get_user(mask, &act->sa_mask)) - return -EFAULT; + scoped_user_read_access(act, Efault) { + unsafe_get_user(new_ka.sa.sa_handler, &act->sa_handler, Efault); + unsafe_get_user(new_ka.sa.sa_restorer, &act->sa_restorer, Efault); + unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault); + unsafe_get_user(mask, &act->sa_mask, Efault); + } #ifdef __ARCH_HAS_KA_RESTORER new_ka.ka_restorer =3D NULL; #endif @@ -4720,15 +4726,18 @@ SYSCALL_DEFINE3(sigaction, int, sig, ret =3D do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); =20 if (!ret && oact) { - if (!access_ok(oact, sizeof(*oact)) || - __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || - __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) || - __put_user(old_ka.sa.sa_flags, &oact->sa_flags) || - __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask)) - return -EFAULT; + scoped_user_write_access(oact, Efault) { + unsafe_put_user(old_ka.sa.sa_handler, &oact->sa_handler, Efault); + unsafe_put_user(old_ka.sa.sa_restorer, &oact->sa_restorer, Efault); + unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault); + unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault); + } } =20 return ret; + +Efault: + return -EFAULT; } #endif #ifdef CONFIG_COMPAT_OLD_SIGACTION @@ -4742,12 +4751,12 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig, compat_uptr_t handler, restorer; =20 if (act) { - if (!access_ok(act, sizeof(*act)) || - __get_user(handler, &act->sa_handler) || - __get_user(restorer, &act->sa_restorer) || - __get_user(new_ka.sa.sa_flags, &act->sa_flags) || - __get_user(mask, &act->sa_mask)) - return -EFAULT; + scoped_user_read_access(act, Efault) { + unsafe_get_user(handler, &act->sa_handler, Efault); + unsafe_get_user(restorer, &act->sa_restorer, Efault); + unsafe_get_user(new_ka.sa.sa_flags, &act->sa_flags, Efault); + unsafe_get_user(mask, &act->sa_mask, Efault); + } =20 #ifdef __ARCH_HAS_KA_RESTORER new_ka.ka_restorer =3D NULL; @@ -4760,16 +4769,19 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig, ret =3D do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); =20 if (!ret && oact) { - if (!access_ok(oact, sizeof(*oact)) || - __put_user(ptr_to_compat(old_ka.sa.sa_handler), - &oact->sa_handler) || - __put_user(ptr_to_compat(old_ka.sa.sa_restorer), - &oact->sa_restorer) || - __put_user(old_ka.sa.sa_flags, &oact->sa_flags) || - __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask)) - return -EFAULT; + scoped_user_write_access(oact, Efault) { + unsafe_put_user(ptr_to_compat(old_ka.sa.sa_handler), + &oact->sa_handler, Efault); + unsafe_put_user(ptr_to_compat(old_ka.sa.sa_restorer), + &oact->sa_restorer, Efault); + unsafe_put_user(old_ka.sa.sa_flags, &oact->sa_flags, Efault); + unsafe_put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask, Efault); + } } return ret; + +Efault: + return -EFAULT; } #endif =20 --=20 2.39.5