Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp190280imu; Wed, 21 Nov 2018 17:56:13 -0800 (PST) X-Google-Smtp-Source: AJdET5eoYXFz0/oFYqIg/Tfl8UJa0XVKMOCQgtT7DKFx5402Q96wLs94euYmm7Utku13NDNh1rRt X-Received: by 2002:a62:6547:: with SMTP id z68-v6mr9103693pfb.169.1542851773587; Wed, 21 Nov 2018 17:56:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542851773; cv=none; d=google.com; s=arc-20160816; b=oMTEOmhzSlCT1xx6q9jgzE6sxRPuphAgFJEDkk5qA8iChw3oPNj826yVppFF5zLL13 3UMifWTl1rupRKIzSJSSY83C37SUVPhPJ5qFkCT8Iduvd9Oa8+D/SZ2tPULtrL9HrrOL jvYJ19bXKdKjaF2X9IOE11s1aT4MOX16vvOY28eLE0/aZtNrUQSbONhG+E9BSu6aXBlk VmlNUsdHll7zG3NJ7nyYN6Y1rq5NZMFMl+5x2YPd9RD6Y1kBvtKjPErRQPExD3RrIIFx ZLdaDFvT5V1StJ0asBciSuNbqDIN8LQCwfcjxxo7QIpGzfaK3LkXUYGzGq1lMWDloDOk ypfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=5lrCdRHe/pCwTlYznkOR5GqzHVg/7jvpyON7xz/g6AY=; b=jTnD8uMZWYmquMhT+t4vv7hyQpmeg6EDPbm7ArRd5HtjCU1tzLcN0q3I277VAchWNV wjdkoAyDE+jZxFd3CLZNpsN6oQp63hbO+mxM899S/i0hHY3Hr3ok6Mi53KoVeDmm5Ce3 HqQVlgMIDhJQxHLj/PYsKX986/Hw9xNWCsgss/B1HAdn1I1e10tOkuXvrB6d20Pb0pV3 NDwCVIHvw/ElSD+d/8Yi7kYbWCcu/uDG53A6tgH0Ce8lt6J+hoacavYEJqjICXeoSqt4 aUfW2h5laHHv4KmGw3UAA8n6qYdDBfUlAheZabZoHaKFDGV4NwkBQPhLZUS5RM5EUAve MXCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KH1vJ5bq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i64-v6si52700104pli.135.2018.11.21.17.55.58; Wed, 21 Nov 2018 17:56:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=KH1vJ5bq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389076AbeKVFrS (ORCPT + 99 others); Thu, 22 Nov 2018 00:47:18 -0500 Received: from mail.kernel.org ([198.145.29.99]:42694 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389030AbeKVFrO (ORCPT ); Thu, 22 Nov 2018 00:47:14 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B0A85214DB; Wed, 21 Nov 2018 19:11:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542827501; bh=3VqPPzgUqz63DRFcY/+2nW1o9q3iUci01ZGXNML2bA0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KH1vJ5bqt6Y/czmcgfHspazwNodfGeMaa29ZvHJuqtkzKY6+96sZ5rifX6aKDuI3i xwuw9CKaatNQdiZA2Oecf7jbsAKM1sEfX+ugAf9nN9GSyyxHLBzSmEiALURyesnCf0 rvmyAbi7LuY70I191lzu83KBiq8bIC38G4fu6AS4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Russell King , "David A. Long" Subject: [PATCH 4.9 56/59] ARM: oabi-compat: copy semops using __copy_from_user() Date: Wed, 21 Nov 2018 20:07:11 +0100 Message-Id: <20181121183510.510079710@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181121183508.262873520@linuxfoundation.org> References: <20181121183508.262873520@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Russell King Commit 8c8484a1c18e3231648f5ba7cc5ffb7fd70b3ca4 upstream. __get_user_error() is used as a fast accessor to make copying structure members as efficient as possible. However, with software PAN and the recent Spectre variant 1, the efficiency is reduced as these are no longer fast accessors. In the case of software PAN, it has to switch the domain register around each access, and with Spectre variant 1, it would have to repeat the access_ok() check for each access. Rather than using __get_user_error() to copy each semops element member, copy each semops element in full using __copy_from_user(). Acked-by: Mark Rutland Signed-off-by: Russell King Signed-off-by: David A. Long Signed-off-by: Greg Kroah-Hartman --- arch/arm/kernel/sys_oabi-compat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/arch/arm/kernel/sys_oabi-compat.c +++ b/arch/arm/kernel/sys_oabi-compat.c @@ -328,9 +328,11 @@ asmlinkage long sys_oabi_semtimedop(int return -ENOMEM; err = 0; for (i = 0; i < nsops; i++) { - __get_user_error(sops[i].sem_num, &tsops->sem_num, err); - __get_user_error(sops[i].sem_op, &tsops->sem_op, err); - __get_user_error(sops[i].sem_flg, &tsops->sem_flg, err); + struct oabi_sembuf osb; + err |= __copy_from_user(&osb, tsops, sizeof(osb)); + sops[i].sem_num = osb.sem_num; + sops[i].sem_op = osb.sem_op; + sops[i].sem_flg = osb.sem_flg; tsops++; } if (timeout) {