lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  4 May 2021 22:54:28 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Al Viro <viro@...iv.linux.org.uk>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Will Deacon <will@...nel.org>,
        Dan Williams <dan.j.williams@...el.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Waiman Long <longman@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Cooper <andrew.cooper3@...rix.com>,
        Andy Lutomirski <luto@...nel.org>,
        Christoph Hellwig <hch@....de>,
        David Laight <David.Laight@...lab.com>,
        Mark Rutland <mark.rutland@....com>,
        Borislav Petkov <bp@...en8.de>
Subject: [PATCH v4 0/4] x86/uaccess: Use pointer masking to limit uaccess speculation

This one managed to fall through the cracks back in September.  Here's a
fresh new version.

Ideally, we'd switch all access_ok() users to access_ok_mask() or
something, but that's a much bigger change.

I dropped all the ack/review tags because the rebase was significant.

Please review carefully :-)


v4 changes:

- Rebased on the latest.

- Split up into multiple logical patches.

- Renamed "force_user_ptr()" -> "mask_user_ptr()" to prevent confusing
  it with '__force' casting.  [based on Dan's comment]

- Instead of reusing array_index_nospec(), made a new separate inline
  asm statement.  Otherwise it fails the build on recent toolchains
  and/or kernels because the "g" constraint in array_index_mask_nospec()
  isn't big enough for TASK_SIZE_MAX.  I could have changed "g" to "r",
  but that would negatively impact code generation for the other users.


v3 was here:

  https://lore.kernel.org/lkml/1d06ed6485b66b9f674900368b63d7ef79f666ca.1599756789.git.jpoimboe@redhat.com/


Josh Poimboeuf (4):
  uaccess: Always inline strn*_user() helper functions
  uaccess: Fix __user annotations for copy_mc_to_user()
  x86/uaccess: Use pointer masking to limit uaccess speculation
  x86/nospec: Remove barrier_nospec()

 Documentation/admin-guide/hw-vuln/spectre.rst |  6 +--
 arch/x86/include/asm/barrier.h                |  3 --
 arch/x86/include/asm/futex.h                  |  5 ++
 arch/x86/include/asm/uaccess.h                | 48 +++++++++++++------
 arch/x86/include/asm/uaccess_64.h             | 12 ++---
 arch/x86/kernel/cpu/sgx/virt.c                |  6 ++-
 arch/x86/lib/copy_mc.c                        | 10 ++--
 arch/x86/lib/csum-wrappers_64.c               |  5 +-
 arch/x86/lib/getuser.S                        | 16 ++-----
 arch/x86/lib/putuser.S                        |  8 ++++
 arch/x86/lib/usercopy_32.c                    |  6 +--
 arch/x86/lib/usercopy_64.c                    |  7 +--
 lib/iov_iter.c                                |  2 +-
 lib/strncpy_from_user.c                       |  6 ++-
 lib/strnlen_user.c                            |  4 +-
 15 files changed, 89 insertions(+), 55 deletions(-)

-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ