Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp5449451imm; Tue, 16 Oct 2018 10:23:15 -0700 (PDT) X-Google-Smtp-Source: ACcGV62PAgDmK0pRVW7/FAhAK3Wwk2NJ38gO09G6J0PrSu2vZ34Oa8Y52ILRYRYxbbQ0BWUScTPY X-Received: by 2002:a17:902:bd8d:: with SMTP id q13-v6mr22295869pls.167.1539710595566; Tue, 16 Oct 2018 10:23:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539710595; cv=none; d=google.com; s=arc-20160816; b=aV5C/COqLrP/vX4IFmfeISMBJ3eJLJd8vaQGkC71ECdyBIYRTvx1P/UGJAL4UkdlFm N5xNEbIvVj9IG1ijLguLqsiTNFNrbjGyBAD5ejlMuMCvcwz4to+7nNAQK37BUiac/2Ld vlJoDj7AkxtNDjtCv3jlr98e+4rhc50OA3YyAvOxhco5G8yg3E3d16Gi2Hpo+4y+G2HN kgQwzL0GjZnj0tPBXlcOkMa4iuft7+EsyFBR7ju1oIU+wCgqrjYnNW9ctYlakDp7/Ke3 7LummNvx8Phpv3z7wYHjaTFafZndqgEbqthQFIBhuXFXcAN2g2JsDOb7w2egchtVH3VU S5KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=oGF9/+6fp6wMjr116P6HaNzlFcqdQ6QK+6mrsK5VeLE=; b=v4NcMZFnPanS5gYjVndbYQgQk1cD4TLAw7tnr0HrAVwkFt6xP3ngajyFofVCUL4b// 7oy+YZ/e+dO6vNvQz3OrmjjWvxMwbpkvNSzkiWhB7aeQun36TqtpVISKFBbtC3HH0zjB C5Xp1lg4xhWcGxL3yo3/tPO/qv2u2fcr1onW7dalrQttODX+ZKKDgYaH6zSlrreGxm++ MUz/zR+Y+38pNniO3CPtokhRKq8LpXWY2COujmS6EtDxP6g0MFBAEUCPfI7uqhdIc260 FDQxofFfnN2USFl9HpSZFqaqixAdeCnZZ0Rv+vqlRZr2Vplj1J+egqPELayi30sooeBH jPYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kyoSYHvo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 31-v6si11294952plk.329.2018.10.16.10.22.59; Tue, 16 Oct 2018 10:23:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kyoSYHvo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731013AbeJQBNZ (ORCPT + 99 others); Tue, 16 Oct 2018 21:13:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:59230 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727433AbeJQBNY (ORCPT ); Tue, 16 Oct 2018 21:13:24 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9B05A20866; Tue, 16 Oct 2018 17:21:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539710519; bh=SLKn+hw8XKyWJQgXsmUf9pNEBEstH0rrrynS95xQs1c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kyoSYHvobWDCFnpA5dOW0Ohi0IztdIsuVctxhFAAFs+z2hrPx42Gd1WODy8+f9dtS jfYPDjeWfHDwi/prWIn7Agg+hWf8sloTRJCEmNfHuvSEU1HWn1Kcxe6HDGcnk8KwFR fez7OqyyDn14tC/wJAdQpH5KL0EFgo64xc6IsiWE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Russell King , "David A. Long" Subject: [PATCH 4.14 105/109] ARM: oabi-compat: copy semops using __copy_from_user() Date: Tue, 16 Oct 2018 19:06:13 +0200 Message-Id: <20181016170530.700505048@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181016170524.530541524@linuxfoundation.org> References: <20181016170524.530541524@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Russell King Commit 8c8484a1c18e3231648f5ba7cc5ffb7fd70b3ca4 upstream. __get_user_error() is used as a fast accessor to make copying structure members as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Rather than using __get_user_error() to copy each semops element member, copy each semops element in full using __copy_from_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long Signed-off-by: Greg Kroah-Hartman --- arch/arm/kernel/sys_oabi-compat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/arch/arm/kernel/sys_oabi-compat.c +++ b/arch/arm/kernel/sys_oabi-compat.c @@ -329,9 +329,11 @@ asmlinkage long sys_oabi_semtimedop(int return -ENOMEM; err = 0; for (i = 0; i < nsops; i++) { - __get_user_error(sops[i].sem_num, &tsops->sem_num, err); - __get_user_error(sops[i].sem_op, &tsops->sem_op, err); - __get_user_error(sops[i].sem_flg, &tsops->sem_flg, err); + struct oabi_sembuf osb; + err |= __copy_from_user(&osb, tsops, sizeof(osb)); + sops[i].sem_num = osb.sem_num; + sops[i].sem_op = osb.sem_op; + sops[i].sem_flg = osb.sem_flg; tsops++; } if (timeout) {