Received: by 10.223.148.5 with SMTP id 5csp6256070wrq;
        Wed, 17 Jan 2018 11:18:16 -0800 (PST)
X-Google-Smtp-Source: ACJfBou/t+Ml0tyqLS0iXrbJGy6DD8cxBpCiKGcsdJoNxWd7j2q0QLsvQntd5nMQFLx90FGDdD7o
X-Received: by 10.159.255.75 with SMTP id u11mr5799256pls.8.1516216696139;
        Wed, 17 Jan 2018 11:18:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516216696; cv=none;
        d=google.com; s=arc-20160816;
        b=JxKXV4dqg6yfQhyqjgZbhu1ds1zt+lxz9iNKuw1QgRGFyObh+KV7IHwblE6lbhAkPj
         KHWUliGwXBGkEC8aQrJEJ+vt0s0necp+5KMuHdfR11CFcMkfqPpS6dmj5LurhgJVXTe6
         u/inhYWY8DKintYfBL59UROQKiAWXYXR+tCnMJ1tl7eRISyo36XakhnM3eez0r7mbWgI
         CyDcDSwmp7gpo8bfEIrBZ7o5CLscPewGozavswExfeIskr+HOgznZBJolzKbs7HzJw1H
         IPym8U18FNE35IyXRM356gB+xyIjCgzkFaS+wuHcHPKSNGgThBrmHPTyMMjJrLkShErV
         DLyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=GbsAPmz0njsSQf3BRO1fg43SkCAONmAjO2w6duv9S9I=;
        b=E7yqFeZQItZADcj4LZsyzVG1mPObnGEwETGvuQC4Nz8h1g8JJTL4SKN1h+ryAHAFbb
         nVkdw+6lXcJYtVrmlopXVgyM7/3TKtkE6ClBMuhDoCyVjS0uah+3mUCE9exxPKejZMic
         G3hB8t8R6y4NolR5ItCNPsNEL/5UlAkqRFvGbmT3VhrnV/ox4kD7P1Kqfwyt6dnq1r/w
         oSw+RtRnWpIHIhKz3n8JXRHC7xmTyRlBnDlkeYrp+GFeA2vvvJqnZ+pybAxKI8OEAIc4
         A/3MYcgG4hF/1BRpaoczE7cBhadJdA7Wh0/IdWAshlwwDmLsGD/EvSpNx/jfny0tWNwd
         qVyQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=Gk4xYqcA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p19si4937708plo.199.2018.01.17.11.18.00;
        Wed, 17 Jan 2018 11:18:16 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=Gk4xYqcA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752306AbeAQTQy (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Wed, 17 Jan 2018 14:16:54 -0500
Received: from mail-it0-f66.google.com ([209.85.214.66]:38391 "EHLO
        mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750830AbeAQTQw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Jan 2018 14:16:52 -0500
Received: by mail-it0-f66.google.com with SMTP id w14so9900630itc.3;
        Wed, 17 Jan 2018 11:16:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=GbsAPmz0njsSQf3BRO1fg43SkCAONmAjO2w6duv9S9I=;
        b=Gk4xYqcAkhADVbA8dYLIgABxYi6Bm1GWWIbG2ja71yc3im7a5S2j4aZTrQZqVcpIrI
         v38ZDHvBgilqA6e+YMEa6AdqjBf4c4vfbXZh78gaRgYNwGrXMNFeXMMtuIoT1fjusGpT
         5lCcLGjBJf1SjjXB4Z+ohw98/avvgIijDDdIeevkpDho6LxMSQuPcMkMiWRubWT6McSq
         KF+kHBkUh/8TETKHd9YxFRN4Y5HqwLod2NmRT5iWEaLQecrMqg7XI6Mc1zDSaHigUd8G
         RBTnfD3x8Ppemg7DUovoivigSw3ls4Q58kZjNMuXtYOlgFEnF8uNqLJVG6cdL+Hh4Vsf
         FijQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=GbsAPmz0njsSQf3BRO1fg43SkCAONmAjO2w6duv9S9I=;
        b=Fv88IY2V6MBSe7Uqr2dV3z9higPMOc7+bjAoHtrdcj3gy+x8HGMR9Ww1zh676+9hu3
         c/lwccPNtPzEql1ummYOshnXJV+S82XKleiZ5TnoRmGcwpgdj6cQQFaqccqsVnQZyyJN
         9KM/r8IVztTfXZTYL7ioRIEoo/l19xOQCp6TkVE4qBv8GkN46lJYozFoKtmedPRMccTP
         YYjhYdHgdcDR67jYCM233dSzx8yAMMP5EpVet9DOkmLnw2ZN5Oo2UZrzX26wjQow/WDG
         7SsH7wcLMC54akv2FB7gQDQToxtLR6w34EwmdWCjd+dB9fTjwBQ94greS3Tg8CTEe0YT
         DPLA==
X-Gm-Message-State: AKwxytfjucGh8flJYqb3s+aBbi7Koxa/7aPDcqgIp8cbA+r839mqPeig
        +QPrss8KsEgb1QdNhouj0DOySTQpCK8mm+3TSXo=
X-Received: by 10.36.204.85 with SMTP id x82mr22282102itf.21.1516216611380;
 Wed, 17 Jan 2018 11:16:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.6.147 with HTTP; Wed, 17 Jan 2018 11:16:50 -0800 (PST)
In-Reply-To: <CAPcyv4g94iysWqz64KNk=HDdx6+b2e0O-rRrnFZDqfNSR3Xrjg@mail.gmail.com>
References: <151586744180.5820.13215059696964205856.stgit@dwillia2-desk3.amr.corp.intel.com>
 <151586748981.5820.14559543798744763404.stgit@dwillia2-desk3.amr.corp.intel.com>
 <CA+55aFzoAR+MYX+ub0xZ32OsT7WtD5Kru2t6LhwB1buLWPResQ@mail.gmail.com>
 <CA+55aFxsg5+u7bCHj1N8xyyVf7-RMm-5ACNp=ENNrKL78omaow@mail.gmail.com>
 <CAPcyv4hfUx8gLScuNewY3+BWi4YBS_Z9dhvYf1D+WEWDDCShXA@mail.gmail.com> <CAPcyv4g94iysWqz64KNk=HDdx6+b2e0O-rRrnFZDqfNSR3Xrjg@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Wed, 17 Jan 2018 11:16:50 -0800
X-Google-Sender-Auth: gmPr7m-mZ9M1CHCJFG6UsdAfccs
Message-ID: <CA+55aFxdxtScVaSHU9_8v+r719r03ZHJ7KLB0CTHm8NahRgt=A@mail.gmail.com>
Subject: Re: [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in
 get_user paths
To:     Dan Williams <dan.j.williams@intel.com>
Cc:     Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-arch@vger.kernel.org, Andi Kleen <ak@linux.intel.com>,
        Kees Cook <keescook@chromium.org>,
        kernel-hardening@lists.openwall.com,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Alan Cox <alan@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 16, 2018 at 8:30 PM, Dan Williams <dan.j.williams@intel.com> wrote:
>
> I think the access_ok() conversion to return a speculation sanitized
> pointer or NULL is the way to go unless I'm missing something simpler.

No, that's way too big of a conversion.

Just make get_user() and friends (that currently use ASM_STAC) use the
address masking.

The people who use uaccess_begin() can use the lfence there.

Basically, the rule is trivial: find all 'stac' users, and use address
masking if those users already integrate the limit check, and lfence
they don't.

                Linus