Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Jan 2018 16:15:12 -0800
From: Tony Luck <tony.luck@...il.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Dan Williams <dan.j.williams@...el.com>, 
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Mark Rutland <mark.rutland@....com>, 
	kernel-hardening@...ts.openwall.com, Peter Zijlstra <peterz@...radead.org>, 
	Alan Cox <alan.cox@...el.com>, Will Deacon <will.deacon@....com>, 
	Alexei Starovoitov <ast@...nel.org>, Solomon Peachy <pizza@...ftnet.org>, "H. Peter Anvin" <hpa@...or.com>, 
	Christian Lamparter <chunkeey@...glemail.com>, Elena Reshetova <elena.reshetova@...el.com>, 
	"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>, Andi Kleen <ak@...ux.intel.com>, 
	"James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>, Linux SCSI List <linux-scsi@...r.kernel.org>, 
	Jonathan Corbet <corbet@....net>, "the arch/x86 maintainers" <x86@...nel.org>, Russell King <linux@...linux.org.uk>, 
	Ingo Molnar <mingo@...hat.com>, Catalin Marinas <catalin.marinas@....com>, 
	Alexey Kuznetsov <kuznet@....inr.ac.ru>, 
	Linux Media Mailing List <linux-media@...r.kernel.org>, Tom Lendacky <thomas.lendacky@....com>, 
	Kees Cook <keescook@...omium.org>, Jan Kara <jack@...e.com>, Al Viro <viro@...iv.linux.org.uk>, 
	qla2xxx-upstream@...gic.com, Thomas Gleixner <tglx@...utronix.de>, 
	Mauro Carvalho Chehab <mchehab@...nel.org>, Kalle Valo <kvalo@...eaurora.org>, 
	Alan Cox <alan@...ux.intel.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, 
	Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Greg KH <gregkh@...uxfoundation.org>, 
	Linux Wireless List <linux-wireless@...r.kernel.org>, 
	"Eric W. Biederman" <ebiederm@...ssion.com>, Network Development <netdev@...r.kernel.org>, 
	Andrew Morton <akpm@...ux-foundation.org>, "David S. Miller" <davem@...emloft.net>, 
	Laurent Pinchart <laurent.pinchart@...asonboard.com>
Subject: Re: [PATCH v2 00/19] prevent bounds-check bypass via speculative execution

On Thu, Jan 11, 2018 at 5:19 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> Should the array access in entry_SYSCALL_64_fastpath be made to use
> the masking approach?

That one has a bounds check for an inline constant.

     cmpq    $__NR_syscall_max, %rax

so should be safe.

The classic Spectre variant #1 code sequence is:

int array_size;

       if (x < array_size) {
               something with array[x]
       }

which runs into problems because the array_size variable may not
be in cache, and while the CPU core is waiting for the value it
speculates inside the "if" body.

The syscall entry is more like:

#define ARRAY_SIZE 10

     if (x < ARRAY_SIZE) {
          something with array[x]
     }

Here there isn't any reason for speculation. The core has the
value of 'x' in a register and the upper bound encoded into the
"cmp" instruction.  Both are right there, no waiting, no speculation.

-Tony

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.