Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Jan 2018 20:30:17 -0800
From: Dan Williams <>
To: Linus Torvalds <>
Cc: Linux Kernel Mailing List <>,, 
	Andi Kleen <>, Kees Cook <>,, 
	Greg Kroah-Hartman <>, "the arch/x86 maintainers" <>, 
	Ingo Molnar <>, Al Viro <>, 
	"H. Peter Anvin" <>, Thomas Gleixner <>, 
	Andrew Morton <>, Alan Cox <>
Subject: Re: [PATCH v3 8/9] x86: use __uaccess_begin_nospec and ASM_IFENCE in
 get_user paths

On Tue, Jan 16, 2018 at 2:23 PM, Dan Williams <> wrote:
> On Sat, Jan 13, 2018 at 11:33 AM, Linus Torvalds
> I'll respin this set along those lines, and drop the ifence bits.

So now I'm not so sure. Yes, get_user_{1,2,4,8} can mask the pointer
with the address limit result, but this doesn't work for the
access_ok() + __get_user() case. We can either change the access_ok()
calling convention to return a properly masked pointer to be used in
subsequent calls to __get_user(), or go with lfence on every
__get_user call. There seem to be several drivers that open code
copy_from_user() with __get_user loops, so the 'fence every
__get_user' approach might have noticeable overhead. On the other hand
the access_ok conversion, while it could be scripted with coccinelle,
is ~300 sites (VERIFY_READ), if you're concerned about having
something small to merge for 4.15.

I think the access_ok() conversion to return a speculation sanitized
pointer or NULL is the way to go unless I'm missing something simpler.
Other ideas?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.