Message ID | e0538c71167bd90224a8727fea9ed5b75612e2d7.1614275314.git.christophe.leroy@csgroup.eu (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | powerpc: Cleanup of uaccess.h | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/merge (626a6c3d2e20da80aaa710104f34ea6037b28b33) |
snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/next (6895c5ba7bdcc55eacad03cf309ab23be63b9cac) |
snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch linus/master (92bf22614b21a2706f4993b278017e437f7785b3) |
snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/fixes (24321ac668e452a4942598533d267805f291fdc9) |
snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch linux-next (1e0d27fce010b0a4a9e595506b6ede75934c31be) |
snowpatch_ozlabs/apply_patch | fail | Failed to apply to any branch |
Christophe Leroy <christophe.leroy@csgroup.eu> writes: > Those two macros have only one user which is unsafe_get_user(). > > Put everything in one place and remove them. > > Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> > --- > arch/powerpc/include/asm/uaccess.h | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h > index 78e2a3990eab..8cbf3e3874f1 100644 > --- a/arch/powerpc/include/asm/uaccess.h > +++ b/arch/powerpc/include/asm/uaccess.h > @@ -53,9 +53,6 @@ static inline bool __access_ok(unsigned long addr, unsigned long size) > #define __put_user(x, ptr) \ > __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) > > -#define __get_user_allowed(x, ptr) \ > - __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false) > - > #define __get_user_inatomic(x, ptr) \ > __get_user_nosleep((x), (ptr), sizeof(*(ptr))) > #define __put_user_inatomic(x, ptr) \ > @@ -482,8 +479,11 @@ user_write_access_begin(const void __user *ptr, size_t len) > #define user_write_access_begin user_write_access_begin > #define user_write_access_end prevent_current_write_to_user > > -#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0) > -#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e) > +#define unsafe_get_user(x, p, e) do { \ > + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ > + goto e; \ > +} while (0) > + This seems correct to me. Checkpatch does have one check that is relevant: CHECK: Macro argument reuse 'p' - possible side-effects? #36: FILE: arch/powerpc/include/asm/uaccess.h:482: +#define unsafe_get_user(x, p, e) do { \ + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ + goto e; \ +} while (0) Given that we are already creating a new block, should we do something like this (completely untested): #define unsafe_get_user(x, p, e) do { \ __typeof__(p) __p = (p); if (unlikely(__get_user_nocheck((x), (__p), sizeof(*(__p)), false)))\ goto e; \ } while (0) Kind regards, Daniel > #define unsafe_put_user(x, p, e) \ > __unsafe_put_user_goto((__typeof__(*(p)))(x), (p), sizeof(*(p)), e) > > -- > 2.25.0
On Tue, Mar 02, 2021 at 09:02:54AM +1100, Daniel Axtens wrote: > Checkpatch does have one check that is relevant: > > CHECK: Macro argument reuse 'p' - possible side-effects? > #36: FILE: arch/powerpc/include/asm/uaccess.h:482: > +#define unsafe_get_user(x, p, e) do { \ > + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ > + goto e; \ > +} while (0) sizeof (of something other than a VLA) does not evaluate its operand. The checkpatch warning is incorrect (well, it does say "possible" -- it just didn't find a possible problem here). You can write bla = sizeof *p++; and p is *not* incremented. Segher
Le 01/03/2021 à 23:02, Daniel Axtens a écrit : > > > Christophe Leroy <christophe.leroy@csgroup.eu> writes: > >> Those two macros have only one user which is unsafe_get_user(). >> >> Put everything in one place and remove them. >> >> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> >> --- >> arch/powerpc/include/asm/uaccess.h | 10 +++++----- >> 1 file changed, 5 insertions(+), 5 deletions(-) >> >> diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h >> index 78e2a3990eab..8cbf3e3874f1 100644 >> --- a/arch/powerpc/include/asm/uaccess.h >> +++ b/arch/powerpc/include/asm/uaccess.h >> @@ -53,9 +53,6 @@ static inline bool __access_ok(unsigned long addr, unsigned long size) >> #define __put_user(x, ptr) \ >> __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) >> >> -#define __get_user_allowed(x, ptr) \ >> - __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false) >> - >> #define __get_user_inatomic(x, ptr) \ >> __get_user_nosleep((x), (ptr), sizeof(*(ptr))) >> #define __put_user_inatomic(x, ptr) \ >> @@ -482,8 +479,11 @@ user_write_access_begin(const void __user *ptr, size_t len) >> #define user_write_access_begin user_write_access_begin >> #define user_write_access_end prevent_current_write_to_user >> >> -#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0) >> -#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e) >> +#define unsafe_get_user(x, p, e) do { \ >> + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ >> + goto e; \ >> +} while (0) >> + > > This seems correct to me. > > Checkpatch does have one check that is relevant: > > CHECK: Macro argument reuse 'p' - possible side-effects? > #36: FILE: arch/powerpc/include/asm/uaccess.h:482: > +#define unsafe_get_user(x, p, e) do { \ > + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ > + goto e; \ > +} while (0) > > Given that we are already creating a new block, should we do something > like this (completely untested): > > #define unsafe_get_user(x, p, e) do { \ > __typeof__(p) __p = (p); > if (unlikely(__get_user_nocheck((x), (__p), sizeof(*(__p)), false)))\ > goto e; \ > } while (0) > As mentioned by Segher, this is not needed, sizeof(p) doesn't evaluate (p) so (p) is only evaluated once in the macro, so no risk of side-effects with that. Christophe
diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 78e2a3990eab..8cbf3e3874f1 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -53,9 +53,6 @@ static inline bool __access_ok(unsigned long addr, unsigned long size) #define __put_user(x, ptr) \ __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) -#define __get_user_allowed(x, ptr) \ - __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false) - #define __get_user_inatomic(x, ptr) \ __get_user_nosleep((x), (ptr), sizeof(*(ptr))) #define __put_user_inatomic(x, ptr) \ @@ -482,8 +479,11 @@ user_write_access_begin(const void __user *ptr, size_t len) #define user_write_access_begin user_write_access_begin #define user_write_access_end prevent_current_write_to_user -#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0) -#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e) +#define unsafe_get_user(x, p, e) do { \ + if (unlikely(__get_user_nocheck((x), (p), sizeof(*(p)), false)))\ + goto e; \ +} while (0) + #define unsafe_put_user(x, p, e) \ __unsafe_put_user_goto((__typeof__(*(p)))(x), (p), sizeof(*(p)), e)
Those two macros have only one user which is unsafe_get_user(). Put everything in one place and remove them. Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> --- arch/powerpc/include/asm/uaccess.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)