Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2384596pxk; Mon, 14 Sep 2020 11:50:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzKC/D0/Q+fMlzOfSIXJ7BoAep8vwXsE1bJdBUo6dHCTEshAbSv3zVdNDw7NtiuVt/Cyxvx X-Received: by 2002:aa7:d606:: with SMTP id c6mr19044280edr.370.1600109426243; Mon, 14 Sep 2020 11:50:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600109426; cv=none; d=google.com; s=arc-20160816; b=yBHEbRBBO/Xf0VsidwWtnPgGLn4dxZoOARGUmRwfGEoERUQZYMLBD88yUiixNhrDNQ kLSGEJp27ND1g7QJDVX2UOWPIb3A1c/LQazqb/qPH/MmU1rNOhNafI71MTAGH60GupeL z/aQUJzog3k8bRXdaNN+nYeil22uCx15qjh8gYL6YptsxZ+9fL46QIuPoHYK9+v0SU2b gB8fZX5DBrNb7dw98OMr3GZ1nf2liHQ6b8nz2SbA/roOFPAogk5YZnCcZwr/xWUEeSdm dQAIEuTNoSwfCcPuu6KKrOcs2crKgLuOyuNaVRTqsljQGV1g3i95W8TGBr3xrBIqaRk2 SP9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=XNLJ+xjVvOMpCmSdVCa36PkRJx42dV1m6nWMcfy3Glo=; b=SRwxtOGfQb/F1knT57BipxdTrr1FfShwkyfFHkeV4DPvuW9hbH0vHrOpmG3UTV+jA1 uykFmg41KEMOgJ0QxqmA0ZyN1hplt2fInPvYFC9qpypfyNCdTMhJ7HR/gYNzUvvHL9Tu T1qH8rLeBJ9WSdIJCcCPBInpBYkxw/Q2lfPaN+Yj0qw/uYqSolOaojJ8Oe3a0iXW2PNO kQtlr7gjagJ2KLHHstZAB0ucGyLIIXkrqADoatkv7IeRyXya0fBO4/1NT/okVCehF+JR u9z359ayf0MD3GnE0w2MPdD0mqDmCct6BX+9qKnM5KZPETnrYpuKi0BcY2vliccH3XjW 5KDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=wFfqFtYM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t5si8280461edt.527.2020.09.14.11.50.02; Mon, 14 Sep 2020 11:50:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=wFfqFtYM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726023AbgINStN (ORCPT + 99 others); Mon, 14 Sep 2020 14:49:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725987AbgINStI (ORCPT ); Mon, 14 Sep 2020 14:49:08 -0400 Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF470C061788 for ; Mon, 14 Sep 2020 11:49:07 -0700 (PDT) Received: by mail-ej1-x644.google.com with SMTP id gr14so1480605ejb.1 for ; Mon, 14 Sep 2020 11:49:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XNLJ+xjVvOMpCmSdVCa36PkRJx42dV1m6nWMcfy3Glo=; b=wFfqFtYMOLI+0jTr1Ju46hgUfEjxynPRcCieujDSTYPQLO3Wz7Cb0Rs9Vah5e73rtv XQdQtmK3qvGtjdCiQgNDRhEGZJiwtxY/J6R/WOTGNCGSqzCFmjiRgxR1O4kB7OvkyrAC z/Rr65zwnnGTVClj/Rd/Z9od9eQfOhs/onK9rH0bn9BVvfYYrv5/KAb6715waA5HOXX+ //dfl/hE0zs+XivvUe+jX8QEzv0w3JgunUKQuhaAVeXg8ff5i1geWCXNByBWz58oJygN gvZriXMB6vq6+0pbrUsGxpTMwQOvHE3EV6tI4fiJv00lR+xO3ti/beabAFmq2hzcyrnL Di0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XNLJ+xjVvOMpCmSdVCa36PkRJx42dV1m6nWMcfy3Glo=; b=PGG2c9c/zETr++fj8d/Uzg4hW4xynDlGqo9/uSw3weXQ4CB7k9GqN0mQD7R3Quf+dW kWjsNjAAU2rQF/LGb20iYTOx4sK9U/RfKHGO2qnMG6JOCZe56w2lIYrQ06BV/OUxqnKN N7i+PmuOFEzLYDUKyG0jsKFwAPw4FF/SYT43NXVsMpBbhGsJBK8Cvi2vD+RDkNiHadkw dy1EIVNa95OS4J8RfwfcrOx/GLAo4L2Rud0eWhAUdRzP8TXRA7lTTQXq6fm7SM5t2nqO UFLqyske0iFlyjKf++B09ejavvi6yH8pioi3SNuq7yrRMIoxwegWidk6rSzC/MI2E6fG WSug== X-Gm-Message-State: AOAM530BeI+QZ2cZjZPypzlEQM7q3CeIirHbkijPw8iIACja5pZJXNzl /p5I7/k+DF0d3pLsGEqts3T3xmJEaDU3zGN/s2nf0PWJ9ro= X-Received: by 2002:a17:906:8143:: with SMTP id z3mr15831636ejw.323.1600109346470; Mon, 14 Sep 2020 11:49:06 -0700 (PDT) MIME-Version: 1.0 References: <1d06ed6485b66b9f674900368b63d7ef79f666ca.1599756789.git.jpoimboe@redhat.com> <20200914175604.GF680@zn.tnic> In-Reply-To: <20200914175604.GF680@zn.tnic> From: Dan Williams Date: Mon, 14 Sep 2020 11:48:55 -0700 Message-ID: Subject: Re: [PATCH v3] x86/uaccess: Use pointer masking to limit uaccess speculation To: Borislav Petkov Cc: Josh Poimboeuf , X86 ML , Al Viro , Linux Kernel Mailing List , Linus Torvalds , Will Deacon , Andrea Arcangeli , Waiman Long , Peter Zijlstra , Thomas Gleixner , Andrew Cooper , Andy Lutomirski , Christoph Hellwig , David Laight , Mark Rutland Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 14, 2020 at 10:56 AM Borislav Petkov wrote: > > On Thu, Sep 10, 2020 at 12:22:53PM -0500, Josh Poimboeuf wrote: > > +/* > > + * Sanitize a user pointer such that it becomes NULL if it's not a valid user > > + * pointer. This prevents speculative dereferences of user-controlled pointers > > + * to kernel space when access_ok() speculatively returns true. This should be > > + * done *after* access_ok(), to avoid affecting error handling behavior. > > Err, stupid question: can this macro then be folded into access_ok() so > that you don't have to touch so many places and the check can happen > automatically? I think that ends up with more changes because it changes the flow of access_ok() from returning a boolean to returning a modified user address that can be used in the speculative path.