Re: [RFC PATCH for 4.18] rseq: use __u64 for rseq_cs fields, validate user inputs

[Andy Lutomirski]

On Mon, Jul 2, 2018 at 7:30 PM, Mathieu Desnoyers
<mathieu.desnoyers@xxxxxxxxxxxx> wrote:
> ----- On Jul 2, 2018, at 10:18 PM, Linus Torvalds torvalds@xxxxxxxxxxxxxxxxxxxx wrote:
>
>> On Mon, Jul 2, 2018 at 7:01 PM Mathieu Desnoyers
>> <mathieu.desnoyers@xxxxxxxxxxxx> wrote:
>>>
>>> One thing to consider is how we will implement the load of that pointer
>>> on the kernel side.
>>
>> Use "get_user()". It works for 64-bit objects too, and it will be
>> atomic in the 32-bit sub-parts on a 32-bit architecture.
>
> Is it really ? Last time we had this discussion, not all architectures
> guaranteed that reading a 64-bit integer would happen in two atomic
> 32-bit sub-parts. This was the main motivation for the LINUX_FIELD_u32_u64()
> macro as it stands today (rather than using a union).
>

If you're nervous, you could do this by open-coding:

#if BITS_PER_LONG == 64
get_user(...)
#else
get_user(...);
get_user(...);
#endif

No need to make the header more complicated just for this.