Received: by 10.223.176.5 with SMTP id f5csp1090676wra;
        Tue, 6 Feb 2018 12:27:30 -0800 (PST)
X-Google-Smtp-Source: AH8x226AmU/bW2hOqMeFqxZBCcCNp1c03YkRF71Js3xfcev6SpLRn+a6Kog5VF/BX77qXdDAJiKR
X-Received: by 2002:a17:902:6c44:: with SMTP id h4-v6mr3570003pln.373.1517948850119;
        Tue, 06 Feb 2018 12:27:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517948850; cv=none;
        d=google.com; s=arc-20160816;
        b=jhxE64UEESXmcmAlwwaQz0hfGbttLlASteVKYNVpaj3DG7hYlv/2LPjGdgl/lFE8pJ
         /vfuFlkw0JNe/7nPN8ELGaH5LrnMo/u2SdTX5YSkUFf5Nad+n+p6+oTcje0ZONL2LfHf
         YpAGUwmGwlkTtjIlEQlSSTRwGVarxx1932Cg7fxr1toYw35gPrh0GeGeBHJ9loCeMmZV
         pTX3xpnAiIpj978vLOXP7JrLklsIHYdzwUv5Ly6Xd0Bi7RLPecNXMlU4zd8n4wmu/+rB
         iPR65pv0LyaVCPu/8Dr3q3R6UlABE/crc/eo8z2h1iAyo+6VYTpVNngF5suubhaCb9LH
         jwkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=rlTM2WLKd/G1RWWP3nDYVV63LfOxjXtygEDLWm72h7g=;
        b=eah/0ZHyzcz5VO+zZVOTtTpg6gW01zEwE5TQUb/Hh697yJk8rzWtaPcckjaeUDlfCu
         Sc0KNbuAgBWUDoxXfq+mVHaVcfn+o8NBi6+gyd4nv5CJL1SM0SxGL1H2vCJdJaER6xzn
         +FF/GN8J37T8aPaAukEUJLVAAaSewiQfZ9SYbtdlfYV6DxTI7JioruF1k+hDFcqKQrp3
         Y81lhAsXEyL+yi+neiAjMYTwkoqhY7SBHBJOcSthm/+yyK6jhUDV9whCVDUzOKLB/ixq
         uBfneW16nHI/Q7twqGKecDKNmz0nN9OSDYvYLs1IGqzYe60MSN2jQ7nTZNm1hQ7XVYeX
         1tew==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=uhQxmYPQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t79si354278pfi.184.2018.02.06.12.27.16;
        Tue, 06 Feb 2018 12:27:30 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=uhQxmYPQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753075AbeBFU0g (ORCPT <rfc822;linux.htchiang@gmail.com>
        + 99 others); Tue, 6 Feb 2018 15:26:36 -0500
Received: from mail-it0-f44.google.com ([209.85.214.44]:39836 "EHLO
        mail-it0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751632AbeBFU0e (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Feb 2018 15:26:34 -0500
Received: by mail-it0-f44.google.com with SMTP id c80so3945152itb.4;
        Tue, 06 Feb 2018 12:26:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=rlTM2WLKd/G1RWWP3nDYVV63LfOxjXtygEDLWm72h7g=;
        b=uhQxmYPQ7DUELzdFFcZwJX18uLvvek7AN0NM9JbhUJ1E1EXmKNVNVyGXZb9Ly0COy4
         8oY9ekMm2yEJ5ZAf3dHEiwZRP4/mLcpAdSB4uMIYNk0njul1cIZeoBTIWdgRI0kqI3us
         uz+sbau7Fggi68FSUXMcUynmzP7ICreG5YlCs9EPwGPYBZ3/ykg7oKxb27ZUJ1eFk35w
         nufrRJwH/w9nOdLDkqJR9g7NTEbGwl4yJL2ZWS2H/uWoK94Cqmk6mELOqe/MPlwOfBB4
         uPcTY5+ymnmhpZQIBy97XAlVsa+anher6yTvOMVCFbOwdifm0lWKLUygCwiacVdqFWzg
         BTHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=rlTM2WLKd/G1RWWP3nDYVV63LfOxjXtygEDLWm72h7g=;
        b=k8L6AMfh4EA3az1qJIkRA1Y9Rri3Z9sDKtUAN74qYcIrOTmtrtsH3T+4gOTTiJK8v+
         CC3J/hlKu/B8JYwc00G2k/6qbhg61qrYSWs97oECeGuFuQelUaoZXF83Zj30eoz4ajSS
         Qrvso1Plxr0VC5P1UMTGSLLhtafJzck13mxGb1XS4ZT9iIIfLBiX4pSXyAQqllmNQA5Y
         COOb8ycbIfNNif8wiHQIA/quW9c5fOfsMn/J1QMqVOYCJKYl+A4fVMGiqmjMk3hxn5u1
         0gVLOJyVlCLJbbSa0uPxJGetY3vluE/E1e+XDOPhp34PXXbb52JTZaGT7uvEMivPniXM
         ftTg==
X-Gm-Message-State: APf1xPAwdigX67F/IrLiWnOkJ85FXHth4i0hAMf3YulGOYh7lWyBZWZT
        kLCJDpjON/zs78yr5E0JFUNuvOFyD4G4KvvW500/9qcA
X-Received: by 10.36.248.134 with SMTP id a128mr4777949ith.152.1517948793266;
 Tue, 06 Feb 2018 12:26:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.59.196 with HTTP; Tue, 6 Feb 2018 12:26:32 -0800 (PST)
In-Reply-To: <CAPcyv4ihN6fy5-vBtfA0PuwXvCAj8-rMhtQmevh5sdYxbH3Yfw@mail.gmail.com>
References: <151632009605.21271.11304291057104672116.stgit@dwillia2-desk3.amr.corp.intel.com>
 <151632014097.21271.16980532033566583357.stgit@dwillia2-desk3.amr.corp.intel.com>
 <20180206192925.qkmghwsbaysr4iv2@hermes.olymp> <CAPcyv4ihN6fy5-vBtfA0PuwXvCAj8-rMhtQmevh5sdYxbH3Yfw@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 6 Feb 2018 12:26:32 -0800
X-Google-Sender-Auth: MAeBTM3fNyuapp4YMuNXfE4Zdsk
Message-ID: <CA+55aFxYHX3=HN4P5M0ziSJ08WfjccyhE2T7epS-EC6ZJ6LyjQ@mail.gmail.com>
Subject: Re: [PATCH v4 07/10] x86: narrow out of bounds syscalls to sys_read
 under speculation
To:     Dan Williams <dan.j.williams@intel.com>
Cc:     Luis Henriques <lhenriques@suse.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Greg KH <gregkh@linuxfoundation.org>, X86 ML <x86@kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Alan Cox <alan@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 6, 2018 at 11:48 AM, Dan Williams <dan.j.williams@intel.com> wrote:
>
> Just to clarify, when you say "this patch" you mean:
>
>      2fbd7af5af86 x86/syscall: Sanitize syscall table de-references
> under speculation
>
> ...not this early MASK_NOSPEC version of the patch, right?

I suspect not. If that patch is broken, the system wouldn't even boot.

That said, looking at 2fbd7af5af86, I do note that the code generation
is horribly stupid.

It's due to two different issues:

 (a) the x86 asm constraints for that inline asm is nasty, and
requires a register for 'size', even though an immediate works just
fine.

 (b) the "cmp" is inside the asm, so gcc can't combine it with the
*other* cmp in the C code.

Fixing (a) is easy:

  +++ b/arch/x86/include/asm/barrier.h
  @@ -43 +43 @@ static inline unsigned long
array_index_mask_nospec(unsigned long index,
  -                       :"r"(size),"r" (index)
  +                       :"ir"(size),"r" (index)

but fixing (b) looks fundamentally hard. Gcc generates (for do_syscall()):

        cmpq    $332, %rbp      #, nr
        ja      .L295   #,
        cmp $333,%rbp
        sbb %rax,%rax;   #, nr, mask

note how it completely pointlessly does the comparison twice, even
though it could have just done

        cmp $333,%rbp
        jae      .L295   #,
        sbb %rax,%rax;   #, nr, mask

Ho humm. Sad.

              Linus