Received: by 10.223.176.46 with SMTP id f43csp1360193wra; Fri, 19 Jan 2018 10:21:33 -0800 (PST) X-Google-Smtp-Source: ACJfBov8AhxbnNgORt4RlViaW4VZ7dfsYNgA21FTzY8CTdQF6unKI2TLKSl+O+ZDQ0KCfcjE+h7Z X-Received: by 10.98.246.8 with SMTP id x8mr9650388pfh.234.1516386093455; Fri, 19 Jan 2018 10:21:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516386093; cv=none; d=google.com; s=arc-20160816; b=BO3juVLxgRxIVUt7sR2SPHQEyHtfiaiUt7WDJlueamnHjKOaHmD4e5p5gofdNeG18m t4Gzi/b+0M6C1w4lxbvug/oLt613Wks80FH2Kyccr4z9sTauDT7VJ8/GO53GSLXSB476 bXy5ZikqL5GGPhl9C2Th3ffFzxJj8V+wT7sbTKDsRATor4PmflWiIISpift445HdWFcW 7BS+HrFeQksFMRm1MTtfKuHCLMv1HaatcXmZgakK32SOJdq3z39zD/X0NAlEzWYq/wsZ DR3z8hpurKJqwEYxoejxsoBuqB2dC9CJDZiAuMKfdyk73JACYlVWsc8VWUcf4Xuf4utT tH0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=1vR6y0d8hO8KKMwqH6k5h27jo0VPbbHrTF7fuBowPW0=; b=p6eV+QS4KhHhVq0A84BO0aAVWZiD3aAAu2/AqS1Oio7mSikL4j0oX6oHo0flMbqEFM Vj73RJCPRfWAgS+IezoQs2E+5FJCFI1CxFSM9DBqEVEeAbNP1mmPlgfs5C0hrL/+c395 srXPNUUE5g3+215+d5HkH3fpsLbFjAzCPFe9tCf6tS2OlcYPEl+GJ4Anr0EkImLJbAvk o6oeOqFB3EHDOGyugfksJsyUbZF+LJ+7ovqQrxqJlQD7PQ+fffPCVNT91PgBG+m3WY2+ OrLI9rLnbAiP5mMgn2O1tnpf/LWTtCQ8z+eW3muhgSXRq1hzs6jBft0oJJ/qUpDC8OMJ ILcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=uyLDAlXF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o76si9699092pfa.367.2018.01.19.10.21.19; Fri, 19 Jan 2018 10:21:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=uyLDAlXF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756141AbeASSTB (ORCPT + 99 others); Fri, 19 Jan 2018 13:19:01 -0500 Received: from mail-io0-f176.google.com ([209.85.223.176]:36290 "EHLO mail-io0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755949AbeASSSy (ORCPT ); Fri, 19 Jan 2018 13:18:54 -0500 Received: by mail-io0-f176.google.com with SMTP id l17so3085804ioc.3; Fri, 19 Jan 2018 10:18:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1vR6y0d8hO8KKMwqH6k5h27jo0VPbbHrTF7fuBowPW0=; b=uyLDAlXF/qfzIJu0nv2nvdf8n4orfgW+vW6maCBYNk6a5SciNyPBYPb9iyv/lNi2gp ZClrVxrBRaJ3qBobWiXC4peZ668ugapTNbHLAlQwSrqkByP6/IPZbF40f6mAtKKaMA/E XQr6TRRJicWY9ZOZyG6CbSl1g1kF9k8w6PPrDIbInpdNpgssw5y/NGhpy9uL8AMju4wG jY1MBwY7vqilH7HpZQtYdPIMrCKei+sUipx+J6v3QX1Gi4ZviSzU2ho4cUiKEgDPy4kI c1YCDJYNsh6+ptvVzcxbIGNTL8p3bC0NtgaBRqBRjN47gGivzM+REN9DHUBgNWNQ7iDj Rwng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=1vR6y0d8hO8KKMwqH6k5h27jo0VPbbHrTF7fuBowPW0=; b=KXa0G3AuqnBxlD3HDimMXTJJBDmczkvZJ50CBuF3RTOpYdQSLE79Xi8UI/Zi2GlfSa tW+ahInBi/pVBHekCd6dYwK0a4kCPFGkTgJcQFa8hmN1jcpxNMrDOvdI+TG9WbM7oZU0 o9WvYe6bB2nihadFlciFHT4OLW/L5yh8LxWdXZS7VrYHfvymKsBhlXP691to+9nfO60z 3dbDqn0thRQdvjmfnjfhQRwrFA3OrXNiAS/9hKmqKboA70GqenhJ+V50R+CF7wpcrbD+ ylGFxvcVZMZeXjstke9SpztoCf2D1CFZWmkEN0ghoI+91IiFKVZIYVRTXZwyLJW3bd+F JSFg== X-Gm-Message-State: AKwxytdFcu/bXp7s/OzuNXNyc6hntLc0iFI13doG8kyWTET4N9d92kY0 wmyHMRMKm+lBawK4dfJ8Prf/CaX4kKhmP5OjFUI= X-Received: by 10.107.81.20 with SMTP id f20mr4696706iob.174.1516385934066; Fri, 19 Jan 2018 10:18:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.59.196 with HTTP; Fri, 19 Jan 2018 10:18:53 -0800 (PST) In-Reply-To: References: <151632009605.21271.11304291057104672116.stgit@dwillia2-desk3.amr.corp.intel.com> <151632010687.21271.12004432287640499992.stgit@dwillia2-desk3.amr.corp.intel.com> From: Linus Torvalds Date: Fri, 19 Jan 2018 10:18:53 -0800 X-Google-Sender-Auth: bX8kYGhHZl0wrEYJtSV2X2BDBhk Message-ID: Subject: Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references To: Jann Horn Cc: Dan Williams , kernel list , linux-arch , Kernel Hardening , Catalin Marinas , "the arch/x86 maintainers" , Will Deacon , Russell King , Ingo Molnar , Greg Kroah-Hartman , "H. Peter Anvin" , Thomas Gleixner , Andrew Morton , Alan Cox Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 19, 2018 at 2:20 AM, Jann Horn wrote: >> + \ >> + __u._ptr = _arr + (_i & _mask); \ >> + __u._bit &= _mask; \ > > AFAICS, if `idx` is out of bounds, you first zero out the index > (`_i & _mask`) and then immediately afterwards zero out > the whole pointer (`_u._bit &= _mask`). > Is there a reason for the `_i & _mask`, and if so, can you > add a comment explaining that? I think that's just leftovers from my original (untested) thing that also did the access itself. So that __u._bit masking wasn't masking the pointer, it was masking the value that was *read* from the pointer, so that you could know that an invalid access returned 0/NULL, not just the first value in the array. Linus