From nobody Sun Apr 5 16:28:26 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0A703F7E72 for ; Tue, 24 Mar 2026 13:10:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774357859; cv=none; b=VzbDXLQF60BIo/09N5/3a7CUw3xzi6yEPYQ6FDVAN1UM13qz1arr/VgcWpxYKLrL1p7udYoStDFbLmLhA8vFOpFXHbHprDLQDdAbP4uQ6X34Yzw/CLHfR/w01VSpb7dFmiRXvbJkG1AnuKbvahgV2UY+UxDUKLnAw0VRjoGJiCA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774357859; c=relaxed/simple; bh=QO0kpvVAgh/Hgzc5tsHrgKKHwBcJIs6GYao8LJCWqfc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=JVtEwYvVWyc+OedwDnKWVchT8ER/a9V6+aeZDNkGVSBebUBhM8FJ+PlaGYb8iy+kKcTw8r5ZiAM/3Gk/kHe8KyfV7py52+jp6vJo8wlrx04ZxtZdCbJ8sIRVxffxKVIxPUp7gKaBR7wPQVb2nSPrMT7OyGvmv8fxUm7d5hlaoJI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Uc81pgK0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Uc81pgK0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 006FEC19424; Tue, 24 Mar 2026 13:10:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774357858; bh=QO0kpvVAgh/Hgzc5tsHrgKKHwBcJIs6GYao8LJCWqfc=; h=From:To:Cc:Subject:Date:From; b=Uc81pgK0e0HX6zMdOOYn0AkUePzJSAW6bE1lrPByz95zERpZU1tP25lnUcx8GUuQP ihuqJhCcu7+ipc2aHQ8p1uiAcwijlxs0VIi7+4m2N4mZNPzxvtQdmFIerLS1f33LPb U0t4dYXYiixLW+W8Mi4+e/9WNAsUlY8kC1XZ5VCZBUbqWpHt+zNlWuZXfPxqjaVj3R haH4k5UiLhtOF40aJTZ1a0Ra394c3tQOeSh6Qpj2TQy30DZ4E340LDd+fFiQpB5KNF e7dXUCk2KsAMiC8Al22ER4jmLte5UdtuQT7FgxVu0RKe2ULXiuiBf+jdguC2VZdwOB CtioSUkB5nV0Q== From: "Christophe Leroy (CS GROUP)" To: David Laight , Michael Ellerman , Nicholas Piggin , Madhavan Srinivasan Cc: "Christophe Leroy (CS GROUP)" , linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Subject: [PATCH v3] powerpc: Simplify access_ok() Date: Tue, 24 Mar 2026 14:10:17 +0100 Message-ID: X-Mailer: git-send-email 2.49.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2532; i=chleroy@kernel.org; h=from:subject:message-id; bh=QO0kpvVAgh/Hgzc5tsHrgKKHwBcJIs6GYao8LJCWqfc=; b=owGbwMvMwCV2d0KB2p7V54MZT6slMWQe6g2Ym7df+1WTXqZSSPJhk1A2zh+bDutsLVE+v+D7X CX3On75jlIWBjEuBlkxRZbj/7l3zej6kpo/dZc+zBxWJpAhDFycAjCR/VoM/3SbV8cWL8re9joj sP6vc3XFiQ+3r6xj1BZV0p2xvO6nIhPDX+ETC3am/1Rw8F3yP0vb5DC7S53cvaJTqzx2+tcUSAq eYgEA X-Developer-Key: i=chleroy@kernel.org; a=openpgp; fpr=10FFE6F8B390DE17ACC2632368A92FEB01B8DD78 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" With the implementation of masked user access, we always have a memory gap between user memory space and kernel memory space, so use it to simplify access_ok() by relying on access fault in case of an access in the gap. Most of the time the size is known at build time. On powerpc64, the kernel space starts at 0x8000000000000000 which is always more than two times TASK_USER_MAX so when the size is known at build time and lower than TASK_USER_MAX, only the address needs to be verified. If not, a binary or of address and size must be lower than TASK_USER_MAX. As TASK_USER_MAX is a power of 2, just check that there is no bit set outside of TASK_USER_MAX - 1 mask. On powerpc32, there is a garanteed gap of 128KB so when the size is known at build time and not greater than 128KB, just check that the address is below TASK_SIZE. Otherwise use the original formula. Signed-off-by: Christophe Leroy (CS GROUP) --- v2: Fix build failure following untested last minute change :( v3: Using statically_true() following comment from David. --- arch/powerpc/include/asm/uaccess.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/= uaccess.h index 570b3d91e2e4..5921d5a7ffcd 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -15,8 +15,34 @@ #define TASK_SIZE_MAX TASK_SIZE_USER64 #endif =20 +#define __access_ok __access_ok + #include =20 +/* + * On powerpc64, TASK_SIZE_MAX is 0x0010000000000000 then even if both ptr= and size + * are TASK_SIZE_MAX we are still inside the memory gap. So make it simple. + */ +static __always_inline int __access_ok(const void __user *ptr, unsigned lo= ng size) +{ + unsigned long addr =3D (unsigned long)ptr; + + if (IS_ENABLED(CONFIG_PPC64)) { + BUILD_BUG_ON(!is_power_of_2(TASK_SIZE_MAX)); + BUILD_BUG_ON(TASK_SIZE_MAX > 0x0010000000000000); + + if (statically_true(size > TASK_SIZE_MAX)) + return false; + if (statically_true(size <=3D TASK_SIZE_MAX)) + return !(addr & ~(TASK_SIZE_MAX - 1)); + return !((size | addr) & ~(TASK_SIZE_MAX - 1)); + } else { + if (statically_true(size <=3D SZ_128K)) + return addr < TASK_SIZE; + return size <=3D TASK_SIZE && addr <=3D TASK_SIZE - size; + } +} + /* * These are the main single-value transfer routines. They automatically * use the right size if we just have the right pointer type. --=20 2.49.0