Received: by 10.223.176.5 with SMTP id f5csp1209375wra;
        Tue, 6 Feb 2018 14:53:38 -0800 (PST)
X-Google-Smtp-Source: AH8x224F/qkanWa8SfYPqKUOvcbOd/jKQ/YcA+i8SmUre2sza4/EeTwxH3aPxLH2pwaYCsz3OjFb
X-Received: by 2002:a17:902:ad05:: with SMTP id i5-v6mr3917819plr.139.1517957618407;
        Tue, 06 Feb 2018 14:53:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517957618; cv=none;
        d=google.com; s=arc-20160816;
        b=NB4pXgIVhHbwaKPEvTAIPingGFI7AIG+6hAxhFaCT7q78a18YWU/3+hNLdC0S4fLxa
         rNohuHFvQMztVyhsqP6/IVdI+7m04LDhSWCX20Zg3cRtQTDpW7URut31ie3mgI5pcEZZ
         vokrW53XYxlxpcvCoMpp1OSO8ZyxP3dnnwIsiVCea7U6wGBuVl7kzYtn+X/7ug4ywwN1
         cuuNaLcjm9QmT581AZ8Gr7pHdChvv5KYnjKXypbYAw1Y3mWYc7X8dYGPg/Q0aK9LE1P0
         aU5Kqo1EUdTU1hhABu2aIeFoHR/auj7d2TXws+5Pk+SAbSWsVoMdYpZST7c8eZYv8VqN
         k6ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=yTjvGezQbx7m3cbR5RZGFq/aUFS02rqErvqjZh+Aygw=;
        b=vtGhbyKI5C+Zq/vrekyC5ubVHw6Z4qlA/XzV7IaVv3+qWE/q5xvPAmo3wZ2v1BO4Le
         ev0mxZhxPWGHKRyVb7qKsiYP0/phtpbPxnzqICJnHyDML0SArI9u2DCmddT63aKZ+b8K
         +caVYXh7LXIIjJRIy2fQZj3vguKj73ntQV4ZdnlaLePI3lsEU6s6ShrbZ7U555KNe1BG
         DjXrDpwDjf9/kFjGH37lQMrgJ18rj6MsulKYGm6bbucCLTA/dTdYp8A02woNOS2Iq7yp
         EhHZTV8VkbLoJfgXPkC0kk4OwVzJpcA6mvNeUMXU+rZSNnRRUR6MxsUWCS5tZQLIIVs4
         yphQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f11si44574pgs.556.2018.02.06.14.53.22;
        Tue, 06 Feb 2018 14:53:38 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753749AbeBFWve (ORCPT <rfc822;linux.htchiang@gmail.com>
        + 99 others); Tue, 6 Feb 2018 17:51:34 -0500
Received: from mx2.suse.de ([195.135.220.15]:35934 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753681AbeBFWvc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Feb 2018 17:51:32 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 4ED1DAAC1;
        Tue,  6 Feb 2018 22:51:31 +0000 (UTC)
Date:   Tue, 6 Feb 2018 22:51:32 +0000
From:   Luis Henriques <lhenriques@suse.com>
To:     Dan Williams <dan.j.williams@intel.com>
Cc:     Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        Greg KH <gregkh@linuxfoundation.org>, X86 ML <x86@kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        Andy Lutomirski <luto@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Alan Cox <alan@linux.intel.com>
Subject: Re: [PATCH v4 07/10] x86: narrow out of bounds syscalls to sys_read
 under speculation
Message-ID: <20180206225132.yewppdrnut35gzrh@hermes.olymp>
References: <151632009605.21271.11304291057104672116.stgit@dwillia2-desk3.amr.corp.intel.com>
 <151632014097.21271.16980532033566583357.stgit@dwillia2-desk3.amr.corp.intel.com>
 <20180206192925.qkmghwsbaysr4iv2@hermes.olymp>
 <CAPcyv4ihN6fy5-vBtfA0PuwXvCAj8-rMhtQmevh5sdYxbH3Yfw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAPcyv4ihN6fy5-vBtfA0PuwXvCAj8-rMhtQmevh5sdYxbH3Yfw@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 06, 2018 at 11:48:45AM -0800, Dan Williams wrote:
> On Tue, Feb 6, 2018 at 11:29 AM, Luis Henriques <lhenriques@suse.com> wrote:
> > On Thu, Jan 18, 2018 at 04:02:21PM -0800, Dan Williams wrote:
> >> The syscall table base is a user controlled function pointer in kernel
> >> space. Like, 'get_user, use 'MASK_NOSPEC' to prevent any out of bounds
> >> speculation. While retpoline prevents speculating into the user
> >> controlled target it does not stop the pointer de-reference, the concern
> >> is leaking memory relative to the syscall table base.
> >
> > This patch seems to cause a regression.  An easy way to reproduce what
> > I'm seeing is to run the samples/statx/test-statx.  Here's what I see
> > when I have this patchset applied:
> >
> > # ./test-statx /tmp
> > statx(/tmp) = -1
> > /tmp: Bad file descriptor
> >
> > Reverting this single patch seems to fix it.
> 
> Just to clarify, when you say "this patch" you mean:
> 
>      2fbd7af5af86 x86/syscall: Sanitize syscall table de-references
> under speculation
> 
> ...not this early MASK_NOSPEC version of the patch, right?

*sigh*

Looks like I spent some good amount of time hunting a non-issue just
because I have enough old branches hanging around to confusing me :-(

Sorry for the noise.

Cheers,
--
Lu?s