| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200602163306.GM23230@ZenIV.linux.org.uk>
Date: Tue, 2 Jun 2020 17:33:06 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Jason Wang <jasowang@...hat.com>
Cc: "Michael S. Tsirkin" <mst@...hat.com>,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH RFC] uaccess: user_access_begin_after_access_ok()
On Tue, Jun 02, 2020 at 06:15:57PM +0800, Jason Wang wrote:
>
> On 2020/6/2 下午4:45, Michael S. Tsirkin wrote:
> > So vhost needs to poke at userspace *a lot* in a quick succession. It
> > is thus benefitial to enable userspace access, do our thing, then
> > disable. Except access_ok has already been pre-validated with all the
> > relevant nospec checks, so we don't need that. Add an API to allow
> > userspace access after access_ok and barrier_nospec are done.
> >
> > Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
> > ---
> >
> > Jason, so I've been thinking using something along these lines,
> > then switching vhost to use unsafe_copy_to_user and friends would
> > solve lots of problems you observed with SMAP.
> >
> > What do you think?
>
>
> I'm fine with this approach.
I am not.
> > Do we need any other APIs to make it practical?
>
>
> It's not clear whether we need a new API, I think __uaccess_being() has the
> assumption that the address has been validated by access_ok().
__uaccess_begin() is a stopgap, not a public API.
The problem is real, but "let's add a public API that would do user_access_begin()
with access_ok() already done" is no-go.
Powered by blists - more mailing lists