Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 01:22:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
c7f631cb07
linux/arch/x86
History
Dan Williams c7f631cb07 x86/get_user: Use pointer masking to limit speculation 
Quoting Linus:

    I do think that it would be a good idea to very expressly document
    the fact that it's not that the user access itself is unsafe. I do
    agree that things like "get_user()" want to be protected, but not
    because of any direct bugs or problems with get_user() and friends,
    but simply because get_user() is an excellent source of a pointer
    that is obviously controlled from a potentially attacking user
    space. So it's a prime candidate for then finding _subsequent_
    accesses that can then be used to perturb the cache.

Unlike the __get_user() case get_user() includes the address limit check
near the pointer de-reference. With that locality the speculation can be
mitigated with pointer narrowing rather than a barrier, i.e.
array_index_nospec(). Where the narrowing is performed by:

	cmp %limit, %ptr
	sbb %mask, %mask
	and %mask, %ptr

With respect to speculation the value of %ptr is either less than %limit
or NULL.

Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-arch@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: kernel-hardening@lists.openwall.com
Cc: gregkh@linuxfoundation.org
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: torvalds@linux-foundation.org
Cc: alan@linux.intel.com
Link: https://lkml.kernel.org/r/151727417469.33451.11804043010080838495.stgit@dwillia2-desk3.amr.corp.intel.com
2018-01-30 21:54:31 +01:00
..
boot Merge branch 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-12-31 13:13:56 -08:00
configs x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*' 2017-10-14 10:12:12 +02:00
crypto Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-01-14 09:51:25 -08:00
entry x86/asm: Move 'status' from thread_struct to thread_info 2018-01-30 15:30:36 +01:00
events Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-01-28 12:19:23 -08:00
hyperv Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
ia32 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
include x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec 2018-01-30 21:54:31 +01:00
kernel x86/asm: Move 'status' from thread_struct to thread_info 2018-01-30 15:30:36 +01:00
kvm Linux 4.15 2018-01-30 15:08:27 +01:00
lib x86/get_user: Use pointer masking to limit speculation 2018-01-30 21:54:31 +01:00
math-emu License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mm x86/mm/64: Tighten up vmalloc_fault() sanity checks on 5-level kernels 2018-01-26 15:56:23 +01:00
net bpf: fix bpf_tail_call() x64 JIT 2017-10-03 16:04:44 -07:00
oprofile Modules updates for v4.15 2017-11-15 13:46:33 -08:00
pci x86/PCI: Enable AMD 64-bit window on resume 2018-01-16 11:45:50 -06:00
platform Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-01-14 09:51:25 -08:00
power Merge branch 'WIP.x86-pti.entry-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-12-18 08:59:15 -08:00
purgatory License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ras License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
realmode x86/realmode: Don't decrypt trampoline area under SEV 2017-11-07 15:35:55 +01:00
tools License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
um Merge commit 'upstream-x86-entry' into WIP.x86/mm 2017-12-17 12:58:53 +01:00
video
xen xen: fixes for 4.15-rc8 2018-01-12 10:00:15 -08:00
.gitignore
Kbuild Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-07 09:25:15 -07:00
Kconfig Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-01-14 09:51:25 -08:00
Kconfig.cpu License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig.debug Merge commit 'upstream-x86-entry' into WIP.x86/mm 2017-12-17 12:58:53 +01:00
Makefile Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-01-14 15:30:02 -08:00
Makefile_32.cpu License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile.um License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00