Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp994832ybt; Fri, 19 Jun 2020 20:58:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxLWnGGlzkCTRmDYjFJA0lnAY9dhHxFw9rqqOyVJxzZrWPlM1SrfwKmBmdkwCId+7fbNC2t X-Received: by 2002:a17:906:8595:: with SMTP id v21mr6254390ejx.30.1592625480339; Fri, 19 Jun 2020 20:58:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592625480; cv=none; d=google.com; s=arc-20160816; b=c3IARDOrLQfxc8yio4f8AVkMrsVa4a0hzbTIH7hAAJQtd9WsUe8LjaEpdoY6BZejGV mIqoUnS6chPQ8T+4Tl473ViXUpdW0VOBHYKHgrDwYuVUlhQwBZCye9dTI97dEaHN+7Bc 82qGVV7TqxSSj8CtTmKCxQ7C9DAitTH9WSWIBE6ax6J+tKkxOCZU2FHZXEq0RSzOAWic HnhWZZxpd/MvNE5HspnFv5H2XCuPK+FqmN6nffbZz83ecV37nfpur8Kl3n/kmyyNWaMu KST4OqDxrAUXh1J63KG4sNChSyCu0RLNGIaVgFC3iqJqZM8Wm2UznYHv4Wz8+mRrYBtM 6Utg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=xRr1qqxMLApmF54lpVPL7kROHoUZQkiqbPhOesEs+UE=; b=XIYPd+iz8HoTy5bcC9XmFYXpk/r6HC69LpgeYduYlFC4FGtNnYXqDbRRp7XDQ1XETP dafLfJLLVRTAbBnwIKk/Wum+3lwE1u58oW045Jw1vt/npgTgEU25AcZ9r1JqD1vY1RdT +C3Fq5BqL2Ysnr/XaoSzYOXRJaOsle8NHyS8nWPez8zuSxWLKBV9MQtSRNtUn1UxmJ37 SMrPOzCTVXvT5X6phXR/uqFujrUNeV4OgXc6G5yIdDzoqH1EtPj2RcJyRlekbb+w1Yjt WI7qYlMeQh3cbvfAuYECU4ZT37/EVmD5p07Kdm7ZJ3gnNOdF8yYjeHt9tkLb+iKHMRfK HN6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZzL5sNXQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r4si694218edl.262.2020.06.19.20.57.38; Fri, 19 Jun 2020 20:58:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZzL5sNXQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388801AbgFSQan (ORCPT + 99 others); Fri, 19 Jun 2020 12:30:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:47742 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389318AbgFSOxZ (ORCPT ); Fri, 19 Jun 2020 10:53:25 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8B9C4217D8; Fri, 19 Jun 2020 14:53:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592578405; bh=97KhVImh3fMbPEhCdHz6ESrRxmRllU7uaOXxayOKOV8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZzL5sNXQTrqHhpnq/sesCWmn/f11rf8Zo21fxZ3su9z3QElVbvf8sk1oP0I7vWJq/ IrY96Io5fAg1g5pNHQO9cTErHkWlQXOLuR/u72+1sGDLTxId8/01pGOSCKnugSkRKl Rq3SOXziUwOk8QUWMRd6hcNRqaCujBH3udQ7R7fU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Julien Thierry , Will Deacon , Linus Torvalds , Miles Chen Subject: [PATCH 4.19 010/267] x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() Date: Fri, 19 Jun 2020 16:29:55 +0200 Message-Id: <20200619141649.355495009@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200619141648.840376470@linuxfoundation.org> References: <20200619141648.840376470@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Will Deacon commit 6e693b3ffecb0b478c7050b44a4842854154f715 upstream. Commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'") makes the access_ok() check part of the user_access_begin() preceding a series of 'unsafe' accesses. This has the desirable effect of ensuring that all 'unsafe' accesses have been range-checked, without having to pick through all of the callsites to verify whether the appropriate checking has been made. However, the consolidated range check does not inhibit speculation, so it is still up to the caller to ensure that they are not susceptible to any speculative side-channel attacks for user addresses that ultimately fail the access_ok() check. This is an oversight, so use __uaccess_begin_nospec() to ensure that speculation is inhibited until the access_ok() check has passed. Reported-by: Julien Thierry Signed-off-by: Will Deacon Signed-off-by: Linus Torvalds Cc: Miles Chen Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/uaccess.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -717,7 +717,7 @@ static __must_check inline bool user_acc { if (unlikely(!access_ok(type, ptr, len))) return 0; - __uaccess_begin(); + __uaccess_begin_nospec(); return 1; }