Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp328797ybi; Wed, 29 May 2019 22:24:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqxuExUHeyWMffqNW6gSoPpfcmB02ptk0Nc9d4OAHeBkRnQHoZ2XHE96Ly0YyMmFDzirhMwU X-Received: by 2002:a17:90a:9a89:: with SMTP id e9mr1987921pjp.110.1559193862640; Wed, 29 May 2019 22:24:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559193862; cv=none; d=google.com; s=arc-20160816; b=W2GNQ3BAeyDlHc0ajFYYcyzHpQryRbw/rF+mvNdpGIEpbhQR5z1VlXJ2GNZ0Lq41Jq UaaDZAxtOeRMdk0Q/kRuEzZ0dZHzk+tQ072QrIK+NtPOYxkX+/1TUYZWF1ZbC3lwVXF5 XP4tbpj5bTjGVLgIG+KbbemIw3GbP9Uj0xqG2o6eMZ8J0Ovhp9d3KylsXGWQm2GSxaOb Yboqunpbee8dixckTRC0lYpDIIVL875YN2pDA6yWv5tXWetmPTeW4MvC7GpljRVSiYlL /jMUUVJKCQJ8n4lOXLLk46gsklvMgtGgiLcuVO0P8h86ED6vAxIDDSNfc9uFNUDiuC3G xHpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=N8Kqu9XhDk4eyHxJOCvnDVEeURLn9nIM7WXDv7rJ8RQ=; b=Heev8UAzeC4lToEws0pgPGjmgL229eovtujz+4jxEpFHeH5lmmhVE1d5kBB2as78IE 2ZcIbZqNvl5dJcG4/jcVMSCwM8CUX5YQ8d2vFNW6IWIshicKyd6PvjOoiv4VBoERxlwv nbLrFnRkbhIy6BNyHOJg6vbxxNC4LW9xp68MuCdWH6DMUNEofOa2d6UyWEZsT6D7Qm5L WtsN0JR5+hvsFs9mxhcBHyoGPvX/1iWJP4+hgfSmMXb3OChdUYsLum19VXr3SFbOLM5V 4w4OWkb+qlDc2YwARTO/tjH7XupNTB9AX+u3xX7CyacpcSoCkAAKHEaZHgt9BToTu3gK 3LLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nOfp6xAb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c2si2242303pgd.415.2019.05.29.22.24.06; Wed, 29 May 2019 22:24:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nOfp6xAb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727029AbfE3FVh (ORCPT + 99 others); Thu, 30 May 2019 01:21:37 -0400 Received: from mail-ua1-f68.google.com ([209.85.222.68]:45258 "EHLO mail-ua1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725961AbfE3FVh (ORCPT ); Thu, 30 May 2019 01:21:37 -0400 Received: by mail-ua1-f68.google.com with SMTP id n7so1995723uap.12 for ; Wed, 29 May 2019 22:21:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=N8Kqu9XhDk4eyHxJOCvnDVEeURLn9nIM7WXDv7rJ8RQ=; b=nOfp6xAb07c7fhTyEPViJQwkSTSfmWU/+klmqnkI9vWOtbvMhwszY6GFh6ufjBdu7g lpAq4QP0/Cufz4WaULPfWsua/GesqDG2HDvXk+NuUgfQhTvzxOdjgBniDIDnyRqY+4fc An+1RHMH7FDXq/dua0p+KM1Wew9m4jHnfDye9QEjShQPodvTTw4FEv0fxvn2El8x5kYE u7wJAhoUmz/cK93kAVTxiCQyxdHucxSw2pHYN8eV3W/n4u9DHZgjW8VbNnVhqIJV20Tq LXlRJ1w0Pc3GwDkob5jfDxszTaaQka77OPeVhsoOcZ8gO8m8HX1jb2INfcKGvedR7Q4R 6U9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=N8Kqu9XhDk4eyHxJOCvnDVEeURLn9nIM7WXDv7rJ8RQ=; b=aHTLdNLI23rNYSBbW7bAFj8YpnjvMyCYb34FXjmhcHuhKoEKXlI/yH5J/uSKhFcg+A bdjKaOZlUbqwUq0Nb/fGwfVctc3WZrfacFQmtTUg/NmDoxoOBgd8vXFcnA5TkE+MFf+G uUWI0RHHa0ZqOGjiQrybREIMZ9m0dZiI1IRmVGYGS+4AI6VsT29g1Ut3aabwsfGIp3wn qVsLt7vLg3F7XEpmbyt5g2FfutRkA7Sab3erF43aJYymeSy480Eoj8opPjbaZFv7QN6G whp6+UY1ORvDcxf1fvD/KfAwqDYww1y8MzL2fxRprw7qQ6PcxqAw/7u1l93+qUxHhI5Z 4N0g== X-Gm-Message-State: APjAAAUNF2s9ExcGqL6xVedUKR3xh95iB+tP5u34K+TghWZ9SS1qIvmE Kuj0scs5mQPTKZHtjhL3WNI7zMpbs1trhVRcMcw= X-Received: by 2002:a9f:3241:: with SMTP id y1mr886824uad.107.1559193696177; Wed, 29 May 2019 22:21:36 -0700 (PDT) MIME-Version: 1.0 References: <1559133448-31779-1-git-send-email-dianzhangchen0@gmail.com> <20190529194852.GA23461@bombadil.infradead.org> In-Reply-To: <20190529194852.GA23461@bombadil.infradead.org> From: Dianzhang Chen Date: Thu, 30 May 2019 13:21:23 +0800 Message-ID: Subject: Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab() To: Matthew Wilcox Cc: cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, linux-mm@kvack.org, LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org thanks, i think your suggestion is ok. in my previous method is easy to understand for spectre logic, but your suggestion is more sense to use of array_index_nospec. On Thu, May 30, 2019 at 3:48 AM Matthew Wilcox wrote: > > On Wed, May 29, 2019 at 08:37:28PM +0800, Dianzhang Chen wrote: > > The `size` in kmalloc_slab() is indirectly controlled by userspace via syscall: poll(defined in fs/select.c), hence leading to a potential exploitation of the Spectre variant 1 vulnerability. > > The `size` can be controlled from: poll -> do_sys_poll -> kmalloc -> __kmalloc -> kmalloc_slab. > > > > Fix this by sanitizing `size` before using it to index size_index. > > I think it makes more sense to sanitize size in size_index_elem(), > don't you? > > static inline unsigned int size_index_elem(unsigned int bytes) > { > - return (bytes - 1) / 8; > + return array_index_nospec((bytes - 1) / 8, ARRAY_SIZE(size_index)); > } > > (untested)