Re: [RFC][PATCH 01/22] x86 user stack frame reads: switch to explicit __get_user()

[Ingo Molnar]

* Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:

> From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> 
> rather than relying upon the magic in raw_copy_from_user()

> -		bytes = __copy_from_user_nmi(&frame.next_frame, fp, 4);
> -		if (bytes != 0)
> +		if (__get_user(frame.next_frame, &fp->next_frame))
>  			break;
> -		bytes = __copy_from_user_nmi(&frame.return_address, fp+4, 4);
> -		if (bytes != 0)
> +		if (__get_user(frame.return_address, &fp->return_address))
>  			break;

Just wondering about the long term plan here: we have unsafe_get_user() 
as a wrapper around __get_user(), but the __get_user() API doesn't carry 
the 'unsafe' tag yet.

Should we add an __unsafe_get_user() alias to it perhaps, and use it in 
all code that adds it, like the chunk above? Or rename it to 
__unsafe_get_user() outright? No change to the logic, but it would be 
more obvious what code has inherited old __get_user() uses and which code 
uses __unsafe_get_user() intentionally.

Even after your series there's 700 uses of __get_user(), so it would make 
sense to make a distinction in name at least and tag all unsafe APIs with 
an 'unsafe_' prefix.

Thanks,

	Ingo