| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Oct 2015 11:27:57 +0200 From: Ingo Molnar <mingo@...nel.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: "H. Peter Anvin" <hpa@...or.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Theodore Ts'o <tytso@....edu>, Andrew Morton <akpm@...ux-foundation.org>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [REGRESSION] 998ef75ddb and aio-dio-invalidate-failure w/ data=journal * Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Tue, Oct 6, 2015 at 8:56 AM, Ingo Molnar <mingo@...nel.org> wrote: > > > > Yes, but note that those interfaces are x86 only at the moment, so they'd have > > to be factored out and generalized before we can use it in generic code. > > ARM64 these days (as a part of ARM8.1) has "Privileged Access Never", which is > their name for SMAP. They do it somewhat similarly with an instruction to > clear/set the PAN bit in the pstate register. > > So we really should strive to make this support generic, because by now it's not > x86-specific, and x86 and ARM64 together aren't exactly some odd special case.. Absolutely. > I do in fact wonder if we should aim (eventually) for the rule that the "__" > versions of the user access functions should not do the SMAP/PAN thing, since > they have to be explicitly checked for pointer being valid anyway. And just make > the rule be that since you have to check for the pointer being valid, you might > as well also have to do the SMAP/PAN thing too. > > We really should try get rid of _all_ uses of the "__" versions unless they are > very locally and obviously checked with access_ok(). We've had way too many > cases where people thought they were clever, and weren't really. That's a good idea. The logistics worries me a bit: it looks like a major undertaking, considering the widespread use of these APIs in 1400+ call sites: triton:~/tip> git grep -E '__get_user|__put_user' | grep -vE '\.h:|arch/' | wc -l 1086 triton:~/tip> git grep -E '__get_user|__put_user' arch/x86/ arch/arm64/ | wc -l 354 ... affecting 93 files: triton:~/tip> git grep -lE '__get_user|__put_user' | grep -vE '\.h:|arch/' | wc -l 70 triton:~/tip> git grep -lE '__get_user|__put_user' arch/x86/ arch/arm64/ | wc -l 23 (Assuming my grep-fu is strong enough.) Which is probably more than a hundred commits until we get rid of all double-underscore uses? Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists