• Linus Torvalds's avatar
    Revert "x86/fault: BUG() when uaccess helpers fault on kernel addresses" · 53a41cb7
    Linus Torvalds authored
    This reverts commit 9da3f2b7.
    
    It was well-intentioned, but wrong.  Overriding the exception tables for
    instructions for random reasons is just wrong, and that is what the new
    code did.
    
    It caused problems for tracing, and it caused problems for strncpy_from_user(),
    because the new checks made perfectly valid use cases break, rather than
    catch things that did bad things.
    
    Unchecked user space accesses are a problem, but that's not a reason to
    add invalid checks that then people have to work around with silly flags
    (in this case, that 'kernel_uaccess_faults_ok' flag, which is just an
    odd way to say "this commit was wrong" and was sprinked into random
    places to hide the wrongness).
    
    The real fix to unchecked user space accesses is to get rid of the
    special "let's not check __get_user() and __put_user() at all" logic.
    Make __{get|put}_user() be just aliases to the regular {get|put}_user()
    functions, and make it impossible to access user space without having
    the proper checks in places.
    
    The raison d'être of the special double-underscore versions used to be
    that the range check was expensive, and if you did multiple user
    accesses, you'd do the range check up front (like the signal frame
    handling code, for example).  But SMAP (on x86) and PAN (on ARM) have
    made that optimization pointless, because the _real_ expense is the "set
    CPU flag to allow user space access".
    
    Do let's not break the valid cases to catch invalid cases that shouldn't
    even exist.
    
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Tobin C. Harding <tobin@kernel.org>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Jann Horn <jannh@google.com>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    53a41cb7
namespace.c 85.7 KB