RE: [PATCH v2] x86/uaccess: Use pointer masking to limit uaccess speculation
From: David Laight
Date: Wed Sep 09 2020 - 04:20:16 EST
From: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> Sent: 08 September 2020 18:43
> Hi x86 maintainers,
...
> > --- a/arch/x86/lib/putuser.S
> > +++ b/arch/x86/lib/putuser.S
> > @@ -38,6 +38,8 @@ SYM_FUNC_START(__put_user_1)
> > ENTER
> > cmp TASK_addr_limit(%_ASM_BX),%_ASM_CX
> > jae .Lbad_put_user
> > + sbb %_ASM_BX, %_ASM_BX /* uaccess_mask_ptr() */
> > + and %_ASM_BX, %_ASM_CX
> > ASM_STAC
> > 1: movb %al,(%_ASM_CX)
> > xor %eax,%eax
For 64bit the sbb+and pattern can be replaced by an instruction
that clears the high bit (eg btr $63, %rcx).
This isn't dependant on the earlier instructions so can execute
in parallel with them.
I still think that doing the same comparisons in access_ok()
and for the pointer masking is silly - and they should get merged.
While it may be possible to fake 'asm volatile goto with outputs'
by using a local asm register variable and alternative pattern
might be to have access_ok() return 0 (fail) or ~0 (ok).
Then the usage can be (with a load of casts):
p1 = p & access_ok(p);
if (!p1 && p)
return -EFAULT;
foo(*p1);
With any luck the compiler will use the result of the & for the
!p1 test.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)