From: Alan Cox <alan@linux.intel.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Dan Williams <dan.j.williams@intel.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-arch@vger.kernel.org, Andi Kleen <ak@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
kernel-hardening@lists.openwall.com,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
the arch/x86 maintainers <x86@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [kernel-hardening] Re: [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in get_user paths
Date: Wed, 17 Jan 2018 14:17:26 +0000 [thread overview]
Message-ID: <1516198646.4184.13.camel@linux.intel.com> (raw)
In-Reply-To: <CA+55aFxB01XEEpdPynwYmzQMfTJdJnUrN+ZLqSV_UdnKLBgAZw@mail.gmail.com>
On Tue, 2018-01-16 at 14:41 -0800, Linus Torvalds wrote:
>
>
> On Jan 16, 2018 14:23, "Dan Williams" <dan.j.williams@intel.com>
> wrote:
> > That said, for get_user specifically, can we do something even
> > cheaper. Dave H. reminds me that any valid user pointer that gets
> > past
> > the address limit check will have the high bit clear. So instead of
> > calculating a mask, just unconditionally clear the high bit. It
> > seems
> > worse case userspace can speculatively leak something that's
> > already
> > in its address space.
>
> That's not at all true.
>
> The address may be a kernel address. That's the whole point of
> 'set_fs()'.
Can we kill off the remaining users of set_fs() ?
Alan
WARNING: multiple messages have this Message-ID (diff)
From: Alan Cox <alan@linux.intel.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Dan Williams <dan.j.williams@intel.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-arch@vger.kernel.org, Andi Kleen <ak@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
kernel-hardening@lists.openwall.com,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
the arch/x86 maintainers <x86@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in get_user paths
Date: Wed, 17 Jan 2018 14:17:26 +0000 [thread overview]
Message-ID: <1516198646.4184.13.camel@linux.intel.com> (raw)
In-Reply-To: <CA+55aFxB01XEEpdPynwYmzQMfTJdJnUrN+ZLqSV_UdnKLBgAZw@mail.gmail.com>
On Tue, 2018-01-16 at 14:41 -0800, Linus Torvalds wrote:
>
>
> On Jan 16, 2018 14:23, "Dan Williams" <dan.j.williams@intel.com>
> wrote:
> > That said, for get_user specifically, can we do something even
> > cheaper. Dave H. reminds me that any valid user pointer that gets
> > past
> > the address limit check will have the high bit clear. So instead of
> > calculating a mask, just unconditionally clear the high bit. It
> > seems
> > worse case userspace can speculatively leak something that's
> > already
> > in its address space.
>
> That's not at all true.
>
> The address may be a kernel address. That's the whole point of
> 'set_fs()'.
Can we kill off the remaining users of set_fs() ?
Alan
next prev parent reply other threads:[~2018-01-17 14:17 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-13 18:17 [kernel-hardening] [PATCH v3 0/9] core, x86: prevent bounds-check bypass via speculative execution Dan Williams
2018-01-13 18:17 ` Dan Williams
2018-01-13 18:17 ` [kernel-hardening] [PATCH v3 1/9] Documentation: document array_ptr Dan Williams
2018-01-13 18:17 ` Dan Williams
2018-01-13 18:17 ` [kernel-hardening] [PATCH v3 2/9] arm64: implement ifence_array_ptr() Dan Williams
2018-01-13 18:17 ` Dan Williams
2018-01-13 18:17 ` [kernel-hardening] [PATCH v3 3/9] arm: " Dan Williams
2018-01-13 18:17 ` Dan Williams
2018-01-13 18:17 ` [kernel-hardening] [PATCH v3 4/9] x86: implement ifence() Dan Williams
2018-01-13 18:17 ` Dan Williams
2018-01-13 18:17 ` [kernel-hardening] [PATCH v3 5/9] x86: implement ifence_array_ptr() and array_ptr_mask() Dan Williams
2018-01-13 18:17 ` Dan Williams
2018-01-13 18:17 ` [kernel-hardening] [PATCH v3 6/9] asm/nospec: mask speculative execution flows Dan Williams
2018-01-13 18:17 ` Dan Williams
2018-01-13 18:18 ` [kernel-hardening] [PATCH v3 7/9] x86: introduce __uaccess_begin_nospec and ASM_IFENCE Dan Williams
2018-01-13 18:18 ` Dan Williams
2018-01-13 18:18 ` [kernel-hardening] [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in get_user paths Dan Williams
2018-01-13 18:18 ` Dan Williams
2018-01-13 19:05 ` [kernel-hardening] " Linus Torvalds
2018-01-13 19:05 ` Linus Torvalds
2018-01-13 19:33 ` [kernel-hardening] " Linus Torvalds
2018-01-13 19:33 ` Linus Torvalds
2018-01-13 20:22 ` [kernel-hardening] " Eric W. Biederman
2018-01-13 20:22 ` Eric W. Biederman
2018-01-13 20:22 ` Eric W. Biederman
2018-01-13 20:22 ` Eric W. Biederman
2018-01-16 22:23 ` [kernel-hardening] " Dan Williams
2018-01-16 22:23 ` Dan Williams
2018-01-16 22:23 ` Dan Williams
2018-01-16 22:23 ` Dan Williams
[not found] ` <CA+55aFxAFG5czVmCyhYMyHmXLNJ7pcXxWzusjZvLRh_qTGHj6Q@mail.gmail.com>
2018-01-16 22:41 ` [kernel-hardening] " Linus Torvalds
2018-01-16 22:41 ` Linus Torvalds
2018-01-17 14:17 ` Alan Cox [this message]
2018-01-17 14:17 ` Alan Cox
2018-01-17 18:52 ` [kernel-hardening] " Al Viro
2018-01-17 18:52 ` Al Viro
2018-01-17 19:54 ` [kernel-hardening] " Dan Williams
2018-01-17 19:54 ` Dan Williams
2018-01-17 20:05 ` [kernel-hardening] " Al Viro
2018-01-17 20:05 ` Al Viro
2018-01-17 20:14 ` [kernel-hardening] " Dan Williams
2018-01-17 20:14 ` Dan Williams
2018-01-18 3:06 ` [kernel-hardening] [RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc Al Viro
2018-01-18 3:06 ` Al Viro
2018-01-18 3:16 ` [kernel-hardening] " Linus Torvalds
2018-01-18 3:16 ` Linus Torvalds
2018-01-18 4:43 ` [kernel-hardening] " Al Viro
2018-01-18 4:43 ` Al Viro
2018-01-18 16:29 ` [kernel-hardening] " Christoph Hellwig
2018-01-18 16:29 ` Christoph Hellwig
2018-01-18 17:10 ` [kernel-hardening] " Al Viro
2018-01-18 17:10 ` Al Viro
2018-01-18 19:31 ` [kernel-hardening] " Al Viro
2018-01-18 19:31 ` Al Viro
2018-01-18 19:37 ` [PATCH 01/10] net: separate SIOCGIFCONF handling from dev_ioctl() Al Viro
2018-01-18 19:37 ` [PATCH 02/10] devinet_ioctl(): take copyin/copyout to caller Al Viro
2018-01-22 16:40 ` Christoph Hellwig
2018-01-18 19:37 ` [PATCH 03/10] ip_rt_ioctl(): take copyin " Al Viro
2018-01-22 16:43 ` Christoph Hellwig
2018-01-18 19:37 ` [PATCH 04/10] kill dev_ifsioc() Al Viro
2018-01-22 16:47 ` Christoph Hellwig
2018-01-18 19:37 ` [PATCH 05/10] kill bond_ioctl() Al Viro
2018-01-22 16:48 ` Christoph Hellwig
2018-01-18 19:37 ` [PATCH 06/10] kill dev_ifname32() Al Viro
2018-01-18 19:37 ` [PATCH 07/10] lift handling of SIOCIW... out of dev_ioctl() Al Viro
2018-01-18 19:37 ` [PATCH 08/10] ipconfig: use dev_set_mtu() Al Viro
2018-01-18 19:37 ` [PATCH 09/10] dev_ioctl(): move copyin/copyout to callers Al Viro
2018-01-18 19:37 ` [PATCH 10/10] kill kernel_sock_ioctl() Al Viro
2018-01-22 16:49 ` Christoph Hellwig
2018-01-24 20:52 ` David Miller
2018-01-25 0:01 ` Al Viro
2018-01-25 0:21 ` Al Viro
2018-01-25 4:11 ` David Miller
2018-01-22 16:40 ` [PATCH 01/10] net: separate SIOCGIFCONF handling from dev_ioctl() Christoph Hellwig
2018-01-18 20:33 ` [kernel-hardening] Re: [RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc Al Viro
2018-01-18 20:33 ` Al Viro
2018-01-19 3:27 ` [kernel-hardening] " Al Viro
2018-01-19 3:27 ` Al Viro
2018-01-17 19:26 ` [kernel-hardening] Re: [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in get_user paths Linus Torvalds
2018-01-17 19:26 ` Linus Torvalds
2018-01-17 20:01 ` [kernel-hardening] " Eric Dumazet
2018-01-17 20:01 ` Eric Dumazet
2018-01-18 16:38 ` [kernel-hardening] " Christoph Hellwig
2018-01-18 16:38 ` Christoph Hellwig
2018-01-18 16:49 ` [kernel-hardening] " Linus Torvalds
2018-01-18 16:49 ` Linus Torvalds
2018-01-18 18:12 ` [kernel-hardening] " Al Viro
2018-01-18 18:12 ` Al Viro
2018-01-17 4:30 ` [kernel-hardening] " Dan Williams
2018-01-17 4:30 ` Dan Williams
2018-01-17 6:28 ` [kernel-hardening] " Al Viro
2018-01-17 6:28 ` Al Viro
2018-01-17 6:50 ` [kernel-hardening] " Dan Williams
2018-01-17 6:50 ` Dan Williams
2018-01-17 10:07 ` [kernel-hardening] " David Laight
2018-01-17 10:07 ` David Laight
2018-01-17 18:12 ` [kernel-hardening] " Dan Williams
2018-01-17 18:12 ` Dan Williams
2018-01-17 19:16 ` [kernel-hardening] " Linus Torvalds
2018-01-17 19:16 ` Linus Torvalds
2018-01-13 18:18 ` [kernel-hardening] [PATCH v3 9/9] vfs, fdtable: prevent bounds-check bypass via speculative execution Dan Williams
2018-01-13 18:18 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516198646.4184.13.camel@linux.intel.com \
--to=alan@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.