Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965102AbeAJD2D (ORCPT + 1 other); Tue, 9 Jan 2018 22:28:03 -0500 Received: from mail-io0-f194.google.com ([209.85.223.194]:45162 "EHLO mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965079AbeAJD16 (ORCPT ); Tue, 9 Jan 2018 22:27:58 -0500 X-Google-Smtp-Source: ACJfBot7YCBRJbIAQ6scmuxR3LJ9/kFoKpMJ7vJKminPFnlY428Zj2GbjNMGKwfcVnGrKIms9HNnJ9FsGNOIW1mFSjA= MIME-Version: 1.0 In-Reply-To: References: <151520099201.32271.4677179499894422956.stgit@dwillia2-desk3.amr.corp.intel.com> <151520108080.32271.16420298348259030860.stgit@dwillia2-desk3.amr.corp.intel.com> <87lgh7n2tf.fsf@xmission.com> From: Linus Torvalds Date: Tue, 9 Jan 2018 19:27:56 -0800 X-Google-Sender-Auth: 3AmVkznUBbgflCTc1pAeYhER_kY Message-ID: Subject: Re: [PATCH 16/18] net: mpls: prevent bounds-check bypass via speculative execution To: Dan Williams Cc: "Eric W. Biederman" , Linux Kernel Mailing List , linux-arch@vger.kernel.org, Peter Zijlstra , Netdev , Greg KH , Thomas Gleixner , "David S. Miller" , Elena Reshetova , Alan Cox Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Tue, Jan 9, 2018 at 4:48 PM, Dan Williams wrote: > > I looks like there is another problem, or I'm misreading the > cleverness. I think you were misreading it. I was basically saying that this: unsigned long _mask = ~(long)(_m - 1 - _i) >> BITS_PER_LONG - 1;\ doesn't work, and that the "_m -1 - _i" needs to be replaced by "_i | _m -1 -_i". So you have unsigned long _mask = ~(long)(_i (_m - 1 - _i)) >> BITS_PER_LONG - 1;\ which should give the right result. No? But as mentioned, I think you can do it with two instructions if you do an architecture-specific inline asm: unsigned long mask; asm("cmpq %1,%2; sbbq %0,%0" :"=r" (mask) :"g" (max),"r" (idx)); which is likely much faster, and has much better register usage ("max" can be a constant or loaded directly from memory, and "mask" could be assigned the same register as idx). But once again, I didn't really test it. Note that the "cmpq/sbbq" version works regardless of max/idx values, since it literally does the math in BITS_ION_LONG+1 bits. In contrast, the "binary or with idx" version only works if the high bit set in idx cannot be valid (put another way: 'max' must not be bigger than MAXLONG+1). Linus