From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in get_user paths Date: Wed, 17 Jan 2018 20:05:32 +0000 Message-ID: <20180117200532.GX13338@ZenIV.linux.org.uk> References: <151586744180.5820.13215059696964205856.stgit@dwillia2-desk3.amr.corp.intel.com> <151586748981.5820.14559543798744763404.stgit@dwillia2-desk3.amr.corp.intel.com> <1516198646.4184.13.camel@linux.intel.com> <20180117185232.GW13338@ZenIV.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from zeniv.linux.org.uk ([195.92.253.2]:49364 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750872AbeAQUFp (ORCPT ); Wed, 17 Jan 2018 15:05:45 -0500 Content-Disposition: inline In-Reply-To: Sender: linux-arch-owner@vger.kernel.org List-ID: To: Dan Williams Cc: Alan Cox , Linus Torvalds , Linux Kernel Mailing List , linux-arch@vger.kernel.org, Andi Kleen , Kees Cook , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman , the arch/x86 maintainers , Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner , Andrew Morton On Wed, Jan 17, 2018 at 11:54:12AM -0800, Dan Williams wrote: > On Wed, Jan 17, 2018 at 10:52 AM, Al Viro wrote: > > On Wed, Jan 17, 2018 at 02:17:26PM +0000, Alan Cox wrote: > [..] > > Incidentally, what about copy_to_iter() and friends? They > > check iov_iter flavour and go either into the "copy to kernel buffer" > > or "copy to userland" paths. Do we need to deal with mispredictions > > there? We are calling a bunch of those on read()... > > > > Those should be protected by the conversion of __uaccess_begin to > __uaccess_begin_nospec that includes the lfence. Huh? What the hell does it do to speculative execution of "memcpy those suckers" branch?