Received: by 10.223.148.5 with SMTP id 5csp7732789wrq; Thu, 18 Jan 2018 08:50:53 -0800 (PST) X-Google-Smtp-Source: ACJfBotAA/Rw8hgvEcvUeJgDTAgfSF6ELU4NwyDUX4vwRRtCgxoPrZvF4nVpaanNNMRBpst/8/Xt X-Received: by 2002:a17:902:b783:: with SMTP id e3-v6mr83969pls.160.1516294253728; Thu, 18 Jan 2018 08:50:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516294253; cv=none; d=google.com; s=arc-20160816; b=Hd0psOn26Q1jVoIu7l5+alJ7PX3GlpHbiQ4s7EVkEnY522OwIGcX3AJSq428vBvoiV KZJFr0QPVIm42W6r6l4WqvvlnQ7VLKSKM5H9vgcz8JNE+UBl71fEKl2QlT7VODTmrtA0 x2uub0dCCYCwg3T1Q/Vuk0sbpQxBA4vKSHflpWDT9+El3A1IFk+icksZgZx6wXDIKkeQ 0EvlX7keNBjC32WPasgFDAgdWA11lyB1OZfYbF8MIsp/DnY6Tk/exjIhk6GEMrZ2zIhK 6qKfJcuzAIXV6TSg29DuYD+lVrMxmVF8kEEIGYdSRTUKTrXDWeABoC/bGXI4SSnEEVid +mkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=9jDY+lIgu/Bxs48mUu0ggbQiWVZtaUUNrYs7GnfAdlc=; b=FNz7qv8B5muFM4l8XKpmjeHmlygIbX3yH+5Ahqiy58lpqE9M6jZtgi5odyRluNzFOC amHugqNLXNaquV6C1Xt/FJbsebHJOdXJ31qj5bomfgmludZTkIJlsWzXLZzGVOG+cLdW gCB1WhGcPl//YWvNhy0myqwktlZQjpK4dH1kMZRqcfE9PjtSDxRHpoJNvgj1rjeeedX+ gUf+Tct2hN8YvscA8BkwLFfFeNrczIc1S7jfHQjnQs3t1yh4/pkaKclhvdfweU/ZpSRK 6FN/EqO8MRctoJ0kAVAaDJ/H8IDID7AmCjo5ZhZ/s6ncrl2MKkRKUuT7ILv3fvzXholI jqGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=QXZCclgP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h24si6047885pgn.41.2018.01.18.08.50.39; Thu, 18 Jan 2018 08:50:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=QXZCclgP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932743AbeARQtx (ORCPT + 99 others); Thu, 18 Jan 2018 11:49:53 -0500 Received: from mail-io0-f195.google.com ([209.85.223.195]:46346 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753618AbeARQtd (ORCPT ); Thu, 18 Jan 2018 11:49:33 -0500 Received: by mail-io0-f195.google.com with SMTP id f34so20245935ioi.13; Thu, 18 Jan 2018 08:49:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=9jDY+lIgu/Bxs48mUu0ggbQiWVZtaUUNrYs7GnfAdlc=; b=QXZCclgPvo08IUMDWZQS1DeP+xa4cvDxtO7tCHb5dorfEZM5vxijcEGvOkF4xscOph MokEejplYNCoO90pD+jjcZiLbYa2BzKDwUg3cryl51QFDQk/nqvK+SMFKoE8rLhXEnvr DWgLxlJWpwos27M4RP29cs4zDNKL2xI4StcY6LaRXNDdBEueziyozBSFtNJNVPP1AUl6 9bNiIdd/xdzTxdgdoDnq540lluTz5USMZgeU9RvaM0/MupyjlfaX9/+bejQxLyQMWjY6 aQg/N8zMOHUiANrD63wGxcDM2lQginMRHxgqWmJiCzp9WE+Kp+E5avcbzgyBldCHJQOs XKJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=9jDY+lIgu/Bxs48mUu0ggbQiWVZtaUUNrYs7GnfAdlc=; b=ZMPTNDML19e3E9W3gsTii7XEr+DOd/+e0rV0E0D5ETqDJCzmthVo6dL8aOSXFggQj5 66uud9w7HtO10BTbW2H7cyU9NBw9fn60hPUkIMRopMsUasZigqd7CF2GZPmweSyUwqxV kNArRzrlmF7+JmH8nfvmADgfv12+QfNOZafINpj0UQUT419qYaUHgvYeYXISdu+VlFmv 1h59ioYs8SokovNuaSHMzHE3KZ3eIYNmil4jk813Mm6znKwECNIe23OcdNXcIv7PwM2i rJNV7Zr8bnAiWmZqJ+1mxhUUPM7ddOEunpiUmU11bKj9bV+4KbPnFzEL/tLBrYG7z4Zm d9pA== X-Gm-Message-State: AKwxytdAc1adfn6extegzhjfaEou8RkIZyFB2fVCL1KHsSHy5Aoeghnn 1UmDHe3T2srmkkvdZv21CaJu8zEXQ7fH8G7cqiM= X-Received: by 10.107.183.78 with SMTP id h75mr8831438iof.201.1516294172916; Thu, 18 Jan 2018 08:49:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.6.147 with HTTP; Thu, 18 Jan 2018 08:49:31 -0800 (PST) In-Reply-To: <20180118163818.GB16649@infradead.org> References: <151586744180.5820.13215059696964205856.stgit@dwillia2-desk3.amr.corp.intel.com> <151586748981.5820.14559543798744763404.stgit@dwillia2-desk3.amr.corp.intel.com> <1516198646.4184.13.camel@linux.intel.com> <20180118163818.GB16649@infradead.org> From: Linus Torvalds Date: Thu, 18 Jan 2018 08:49:31 -0800 X-Google-Sender-Auth: T5cwEe9vfpm-ixwYc7zgHjyvGd4 Message-ID: Subject: Re: [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in get_user paths To: Christoph Hellwig Cc: Alan Cox , Eric Dumazet , Dan Williams , Linux Kernel Mailing List , linux-arch@vger.kernel.org, Andi Kleen , Kees Cook , kernel-hardening@lists.openwall.com, Greg Kroah-Hartman , "the arch/x86 maintainers" , Ingo Molnar , Al Viro , "H. Peter Anvin" , Thomas Gleixner , Andrew Morton Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 18, 2018 at 8:38 AM, Christoph Hellwig wrote: > > > But there are about ~100 set_fs() calls in generic code, and some of > > those really are pretty fundamental. Doing things like "kernel_read()" > > without set_fs() is basically impossible. > > Not if we move to iov_iter or iov_iter-like behavior for all reads > and writes. Not going to happen. Really. We have how many tens of thousands of drivers again, all doing "copy_to_user()". And the fact is, set_fs() really isn't even a problem for this. Never really has been. From a security standpoint, it would actually be *much* worse if we made those ten thousand places do "if (kernel_flag) memcpy() else copy_to_user()". We've had some issues with set_fs() being abused in interesting ways. But "kernel_read()" and friends is not it. Linus