Received: by 10.223.185.116 with SMTP id b49csp810434wrg; Fri, 16 Feb 2018 07:33:20 -0800 (PST) X-Google-Smtp-Source: AH8x2261JedhxXCy/9jcZ3vwbR1mqxBD0PaZqJnduHNR0Kxt2EIgW96+3U0LVwU8UqfmQlLk+3W0 X-Received: by 10.99.99.132 with SMTP id x126mr5359879pgb.86.1518795200152; Fri, 16 Feb 2018 07:33:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518795200; cv=none; d=google.com; s=arc-20160816; b=Pat1er9Wa31w/EQa7CRNMXOyaBCwEYv9fbHuyebjT2ux88VI8iaE6EZRVv5GDaPZis mq7ymiItxfomd+NgMecIL3JEwUvjUOlC4VJH4pehTQh4vYx7JOkyLNMu7mNKE1cEHuXo vx0/EfzYfAVFUzN7PJZCHYfgc7fTz1IlvK0LpchZW+OA36C7p3VpFA2VIPMKFD04j9bb sQWMq8TyIS8BHhqagsbMashOHnNoTcsMgqBJFinRtihvQlO6pxXdba0jF7eFL9JbowTO Gf4q0gPTAVqiYT3msRaJ25D/JAVKpS9zKMqktbvvuBeG2UiyPK7daA0/dUsBOU+KAmuu l6Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=WSvqLp6LfKkho5iW8GL6hr7b3kaDQoiQ2UmvHsm0f7U=; b=zV5E4PlfeNMXCcJXZmIvUS8kt7YCt0QUqqBl3XfFuk5iAHRS3Gx+kLjwEX1ay8CPFS FyibAO0MQmzCzTPpebjBjPH770qmIYcVBOe3F9z40izYL5KJ6T52ZsSm/qRYpvRyey73 Bl4estBb4eiTe8DiWCajQHU0L1K5zLJiwVWU9jQk/zpksdayGXNGHV6ZxYOBQscGXbBl OcbhM5Pzbis2Nh0l5crzrRjsWczAccv6g+vgF4npOVbTYd3CYCiI9hZiC2v16k5zWI+v Q73cn9wUUsCbr11bYULMQxu47n2w2HsWbWxb5XYv4xakRIRw5BOGsgaVPodIMdos6yJ0 R1jQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=OaIomgt/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z24si1533701pfg.344.2018.02.16.07.33.05; Fri, 16 Feb 2018 07:33:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=OaIomgt/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1163769AbeBOWDy (ORCPT + 99 others); Thu, 15 Feb 2018 17:03:54 -0500 Received: from mail-it0-f65.google.com ([209.85.214.65]:39051 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1162966AbeBOWDw (ORCPT ); Thu, 15 Feb 2018 17:03:52 -0500 Received: by mail-it0-f65.google.com with SMTP id l187so2447250ith.4; Thu, 15 Feb 2018 14:03:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=WSvqLp6LfKkho5iW8GL6hr7b3kaDQoiQ2UmvHsm0f7U=; b=OaIomgt/fxKKT8vVLHnjqt1Aakx2kCJmy3Enp3J9oUdnYw09grFd/Ml93Sj582hx6u ZFd0AvqJ4nS9i07iik+RlDikByJ/hJFqxkJIZvl6fBiXYoNJ/+eg3As+npNxuVDhbXHa /d256h4+R7CUZmt9BMruTLAiDlhjsZtkbBgUguu23Eiaa5MW1Pql6XQ6vwnNEVYNqCea wR+QCoZCgt2vDHp2x9QrhcyrYAPSkFRvcHAsi37AdseuYB/R5cb71uWNKwGqKMrXQMve 8wl6VCEoHraxxkliCqfaFUhmNSJBIEGje8RqpeEBkqZWaVlVTSAJUJFbt1WLTOst+fIG gUOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=WSvqLp6LfKkho5iW8GL6hr7b3kaDQoiQ2UmvHsm0f7U=; b=F9HlQ1KNn3sd0fv8mUdeSavWEmJuyODqT6QjxHoRMKDZnLumbsR3+xVp+lUiwdoP3r nmQINfzWLL0q1DhqY/d00iKp91qiCaXbXnVO8wOL6Gdov2WcKWtGeRZecPIoWHAGmNFz 3N9hW25A9P/hOikEEQH6rysFegOg/1Lw1bEp7uZ8mgbVj19IX3gH62yLu/lOdtbFzelp jsE7CG4kvjkEJX736Olcllog706ZKWMEGeM01pr1gS/N3ZuwuLMszvjjOcbD1NEpH2kZ AkuH1+lF8HAn+iiW4FUm2pjaSbi4XQpCGUcLC3A9Byv6UUuTTmE9Xm0annNT6IQlUUwW M4Mw== X-Gm-Message-State: APf1xPC9fXWOaUPrqewS+Lic6KU4ApeSzP4sSJodz/SEpr23M/FXwgWQ IfQs1+HSsjqSST8sTZgy9mt08C42//rcb72XYh2+8rpM X-Received: by 10.36.179.14 with SMTP id e14mr5550215itf.139.1518732231774; Thu, 15 Feb 2018 14:03:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.135.221 with HTTP; Thu, 15 Feb 2018 14:03:51 -0800 (PST) In-Reply-To: References: <20180215195209.15299-1-linux@rasmusvillemoes.dk> From: Linus Torvalds Date: Thu, 15 Feb 2018 14:03:51 -0800 X-Google-Sender-Auth: 0utQtXn6uejwmQgE0Pb0CcMOR6g Message-ID: Subject: Re: [PATCH] linux/nospec.h: allow index argument to have const-qualified type To: Dan Williams Cc: Rasmus Villemoes , Thomas Gleixner , Will Deacon , Ingo Molnar , stable , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 15, 2018 at 1:56 PM, Dan Williams wrote: > > So I don't mind removing it, but I don't think it is garbage. It's > there purely as a notification to the odd kernel developer that wants > to pass "insane" index values, But the thing is, the "index" value isn't even kernel-supplied. Here's a test: run a 32-bit kernel, and then do an ioctl() or something with a negative fd. What I think will happen is: - the negative fd will be seen as a big 'unsigned int' here: fcheck_files(struct files_struct *files, unsigned int fd) which then does fd = array_index_nospec(fd, fdt->max_fds); and that existing *STUPID* and *WRONG* WARN_ON() will trigger. Sure, you can't trigger it on 64-bit kernels because there the "unsigned int" will be small compared to LONG_MAX, but.. It is simply is *wrong* to check the "index". It really fundamentally is complete garbage. Because the whole - and ONLY - *point* of this is that you have an untrusted index. So checking it and giving a warning when it's out of range is pure garbage. Really. That warning must go away. Stop arguing for it, it's stupid and wrong. Checking _size_ is one thing, but honestly, that's questionable too. Linus