From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C07F6C433E2 for ; Mon, 14 Sep 2020 17:56:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 78FD22076C for ; Mon, 14 Sep 2020 17:56:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=alien8.de header.i=@alien8.de header.b="ccZKfPi9" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726086AbgINR4T (ORCPT ); Mon, 14 Sep 2020 13:56:19 -0400 Received: from mail.skyhub.de ([5.9.137.197]:56572 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726065AbgINR4L (ORCPT ); Mon, 14 Sep 2020 13:56:11 -0400 Received: from zn.tnic (p200300ec2f092600691f19cafd1ebd8c.dip0.t-ipconnect.de [IPv6:2003:ec:2f09:2600:691f:19ca:fd1e:bd8c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id D142E1EC0572; Mon, 14 Sep 2020 19:56:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1600106170; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=1yv+srSKfxeaUyicwWKfbf3lmLFh6cK6P4lFNakTVGE=; b=ccZKfPi9JSAAYs7tnXs6Tm2f/iwZRdz1sJqNqmZ4AClNVHIgf7Ui9FFOLMZpix9NE2cu9p nLbod5mekSAQwiwNao6so4Lr3Wvux1nQAyYTeTp8r8Pr8G6TJC6rotMACS5IYEIXHFP/Fg HypbWQbYxkkLS315C+oRqJpvlB+mnbM= Date: Mon, 14 Sep 2020 19:56:04 +0200 From: Borislav Petkov To: Josh Poimboeuf Cc: x86@kernel.org, Al Viro , linux-kernel@vger.kernel.org, Linus Torvalds , Will Deacon , Dan Williams , Andrea Arcangeli , Waiman Long , Peter Zijlstra , Thomas Gleixner , Andrew Cooper , Andy Lutomirski , Christoph Hellwig , David Laight , Mark Rutland Subject: Re: [PATCH v3] x86/uaccess: Use pointer masking to limit uaccess speculation Message-ID: <20200914175604.GF680@zn.tnic> References: <1d06ed6485b66b9f674900368b63d7ef79f666ca.1599756789.git.jpoimboe@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1d06ed6485b66b9f674900368b63d7ef79f666ca.1599756789.git.jpoimboe@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 10, 2020 at 12:22:53PM -0500, Josh Poimboeuf wrote: > +/* > + * Sanitize a user pointer such that it becomes NULL if it's not a valid user > + * pointer. This prevents speculative dereferences of user-controlled pointers > + * to kernel space when access_ok() speculatively returns true. This should be > + * done *after* access_ok(), to avoid affecting error handling behavior. Err, stupid question: can this macro then be folded into access_ok() so that you don't have to touch so many places and the check can happen automatically? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette