Re: [PATCH v3] x86/uaccess: Use pointer masking to limit uaccess speculation

From: Borislav Petkov
Date: Mon Sep 14 2020 - 13:56:19 EST

Next message: Paul E. McKenney: "[GIT PULL memory-model] LKMM commits for v5.10"
Previous message: Ilias Apalodimas: "Re: [PATCH] arm64: bpf: Fix branch offset in JIT"
In reply to: Peter Zijlstra: "Re: [PATCH v3] x86/uaccess: Use pointer masking to limit uaccess speculation"
Next in thread: Dan Williams: "Re: [PATCH v3] x86/uaccess: Use pointer masking to limit uaccess speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 10, 2020 at 12:22:53PM -0500, Josh Poimboeuf wrote:
> +/*
> + * Sanitize a user pointer such that it becomes NULL if it's not a valid user
> + * pointer. This prevents speculative dereferences of user-controlled pointers
> + * to kernel space when access_ok() speculatively returns true. This should be
> + * done *after* access_ok(), to avoid affecting error handling behavior.

Err, stupid question: can this macro then be folded into access_ok() so
that you don't have to touch so many places and the check can happen
automatically?

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Paul E. McKenney: "[GIT PULL memory-model] LKMM commits for v5.10"
Previous message: Ilias Apalodimas: "Re: [PATCH] arm64: bpf: Fix branch offset in JIT"
In reply to: Peter Zijlstra: "Re: [PATCH v3] x86/uaccess: Use pointer masking to limit uaccess speculation"
Next in thread: Dan Williams: "Re: [PATCH v3] x86/uaccess: Use pointer masking to limit uaccess speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]