Received: by 10.223.176.46 with SMTP id f43csp6752wra; Fri, 19 Jan 2018 12:56:06 -0800 (PST) X-Google-Smtp-Source: ACJfBotzU70U/k9D2H5Tz1PsSxmsyskTQfMe9P5uAFjMxPT/bxP+AhGgE+w5ytNNMkGcCD2MPqxx X-Received: by 10.101.65.131 with SMTP id a3mr18761847pgq.99.1516395366674; Fri, 19 Jan 2018 12:56:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516395366; cv=none; d=google.com; s=arc-20160816; b=ouacjLw+Ipmpqef97SKbVISB5GjsboDfoJU/7j2/J+LQFqGKISoGA83TT1Cua/jhyH /Tt842BRMztf/KBQdW4tDAErGXtWSUHHlsoifFJOKGlrCENnqTdngvVrkaw2Q1tthCc9 NP98ajCah+glIllMHD+8BYjz3z0gw2KZ6VzBl68T2yXqpd2Sa2APjMKQEtczpXdXC2Rt elIJ9JIp6FEIlrX5Gm7gE4l9sgIRhfgxRFg1cITl5z+V2HzUS6UXvGl+QMRar+GsNqra Wi5xnX6l8KWuP367rj4qmLXWq/TgorwnCy0QjBtabcVAKLUyVDcp0pmWZfIIRTIeyXbd kfew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=27GMlpxOc/cKgWIlpAto0cuQgN9eeZnQFLBOajpznSI=; b=dbPlXiCW8cfOoTnYCnP6RijFDSNbXBNHb1zAE4/EQ7lFd1O2XIw6wjMUKiJ5lgoXRY 57C2jQP1XUSnauWX03QdKcdUTIU1R3P2a359c+CPff3pWSUzwHCrwJ51rw/7xa+3a9Jq qcJi8Eq0Aa1PPQt8vozqMP+ZO33IRsCr72SpK4WtT+KgQErYGx2IV6bOvFCdg7RNJ1DG sF8BbhvhTmLacwGIP9e/uTByGp59oZi50RMQbEnXRyM0qx1tOjGDyAvwF/RK4955tndY LMi4lQlsCkbEAtBy2imH0CBN0YsMOYWRTuJSn/tHLz3B+/6abd0LSa+/iSCn/VqR9e1O Kemw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=GL+aXYwS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z13si8550594pgp.347.2018.01.19.12.55.52; Fri, 19 Jan 2018 12:56:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=GL+aXYwS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756315AbeASUzR (ORCPT + 99 others); Fri, 19 Jan 2018 15:55:17 -0500 Received: from mail-ot0-f196.google.com ([74.125.82.196]:41590 "EHLO mail-ot0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752122AbeASUzJ (ORCPT ); Fri, 19 Jan 2018 15:55:09 -0500 Received: by mail-ot0-f196.google.com with SMTP id 44so2515371otk.8 for ; Fri, 19 Jan 2018 12:55:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=27GMlpxOc/cKgWIlpAto0cuQgN9eeZnQFLBOajpznSI=; b=GL+aXYwSHAf8sbPoOrNRpr0kwG2De5QrWYOHU7nz0RehwRstkuni8FSqu0iMp3HxUi MH9pQNsBwo5p8XvYSoWFJbRYfHO5m18Y9Keu0/5oxDCZY1N/uCUN6OOnvcr+Lds+qwIY hoHtcqO9wzEEFUuP4HGqGh+goVztrR6Vrq7nToK/Ot1BWvscEwwBlnY00QxIJpXqUhan +24u+R6fLDx1yLrt+tOnnIg9EFTXHhM/3bNp4Z/1drIwez/We9dRKjjAF9Fun0DsjJ96 kNwprcS8pHk1rbN6gat44wtWkHcVzgSxg4TpXuu1HQ4aWGb+/vi4P5ROi00M6BfODk9n aEbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=27GMlpxOc/cKgWIlpAto0cuQgN9eeZnQFLBOajpznSI=; b=mN2DU7dAmrkiOCAWHhAO5bCVjDqfaxDXLYWRY9u3psITr2XAqFLFdkQLewsXtSJdbT FNvxCG7s88I4tzBU0eKDpW/8VXfjvgV+U2tCy5eAZz8FWXhBBTjA+aSJq6msQRTwspcy 24CibqR/fXtVddPGeHtCSwPsbP9/rNbMECFFBy7WPc9Ro7QSZOrx2U1Q0tzePVZsa5zO ofH2XcutFu9M14gyP70WyNeRdeiLwMhm9enY7vo08e0TeEt9qmCJMQoExD9frwm7eUI9 /IqNKNpkcfcVYktb/ighu5orcM4NdEiEh4xpVdNKK8eNTsSSzzZhlVC5o6PD9jJqg07r 3Uug== X-Gm-Message-State: AKwxytel+k7zQoUpiPYhOt+j4SRB0WNACIwemRghQ1TXgEyuBiIkiSUy E9sQDAz7fakZNYtEFZE1RT4e32W3+UDe/5WNoIzQtA== X-Received: by 10.157.35.34 with SMTP id j31mr6641896otb.220.1516395308853; Fri, 19 Jan 2018 12:55:08 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.62.72 with HTTP; Fri, 19 Jan 2018 12:55:08 -0800 (PST) In-Reply-To: References: <151632009605.21271.11304291057104672116.stgit@dwillia2-desk3.amr.corp.intel.com> <151632010687.21271.12004432287640499992.stgit@dwillia2-desk3.amr.corp.intel.com> From: Dan Williams Date: Fri, 19 Jan 2018 12:55:08 -0800 Message-ID: Subject: Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references To: Linus Torvalds Cc: Jann Horn , kernel list , linux-arch , Kernel Hardening , Catalin Marinas , "the arch/x86 maintainers" , Will Deacon , Russell King , Ingo Molnar , Greg Kroah-Hartman , "H. Peter Anvin" , Thomas Gleixner , Andrew Morton , Alan Cox Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 19, 2018 at 10:18 AM, Linus Torvalds wrote: > On Fri, Jan 19, 2018 at 2:20 AM, Jann Horn wrote: >>> + \ >>> + __u._ptr = _arr + (_i & _mask); \ >>> + __u._bit &= _mask; \ >> >> AFAICS, if `idx` is out of bounds, you first zero out the index >> (`_i & _mask`) and then immediately afterwards zero out >> the whole pointer (`_u._bit &= _mask`). >> Is there a reason for the `_i & _mask`, and if so, can you >> add a comment explaining that? > > I think that's just leftovers from my original (untested) thing that > also did the access itself. So that __u._bit masking wasn't masking > the pointer, it was masking the value that was *read* from the > pointer, so that you could know that an invalid access returned > 0/NULL, not just the first value in the array. Yes, the index masking can be dropped since we're returning a sanitized array element pointer now.