lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220201144055.5670-1-lukas.bulwahn@gmail.com>
Date:   Tue,  1 Feb 2022 15:40:55 +0100
From:   Lukas Bulwahn <lukas.bulwahn@...il.com>
To:     Dave Hansen <dave.hansen@...ux.intel.com>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        x86@...nel.org, "H . Peter Anvin" <hpa@...or.com>,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     Lukas Bulwahn <lukas.bulwahn@...il.com>
Subject: [PATCH] x86/fault: cast instr to __user locally in prefetch()

Commit 35f1c89b0cce ("x86/fault: Fix AMD erratum #91 errata fixup for user
code") uses accessors based on the access mode, i.e., it distinguishes its
access if instr carries a user address or a kernel address.

Since that commit, sparse complains about passing an argument without
__user annotation to get_user(), which expects a pointer with __user:

  arch/x86/mm/fault.c:152:29: warning: incorrect type in argument 1 (different address spaces)
  arch/x86/mm/fault.c:152:29:    expected void const volatile [noderef] __user *ptr
  arch/x86/mm/fault.c:152:29:    got unsigned char *[assigned] instr

instr is a user-space pointer in this branch of prefetch(), though:

If user_mode, then instr is from user space. And if not user_mode, then
instr is from kernel space. So, in this user_mode branch, confidently
annotate instr with __user before passing it to get_user().

This annotation does no harm and just reminds everyone of the reasoning
above and convinces sparse that the address spaces are handled correctly
here.

There is no need for others to check the situation of different address
spaces on this specific branch due to this warning from sparse again.

No functional change. No change in the generated object code.

Signed-off-by: Lukas Bulwahn <lukas.bulwahn@...il.com>
---
 arch/x86/mm/fault.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index d0074c6ed31a..fad8faa29d04 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -149,7 +149,7 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr)
 		unsigned char opcode;
 
 		if (user_mode(regs)) {
-			if (get_user(opcode, instr))
+			if (get_user(opcode, (unsigned char __user *) instr))
 				break;
 		} else {
 			if (get_kernel_nofault(opcode, instr))
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ