| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <76bb85ceeb854e3ab68d87f846515306@AcuMS.aculab.com> Date: Fri, 8 Nov 2024 17:12:53 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Josh Poimboeuf' <jpoimboe@...nel.org>, "x86@...nel.org" <x86@...nel.org> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Thomas Gleixner" <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>, Peter Zijlstra <peterz@...radead.org>, Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>, Waiman Long <longman@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Michael Ellerman <mpe@...erman.id.au>, "linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>, "Andrew Cooper" <andrew.cooper3@...rix.com>, Mark Rutland <mark.rutland@....com>, "Kirill A . Shutemov" <kirill@...temov.name> Subject: RE: [PATCH v3 2/6] x86/uaccess: Avoid barrier_nospec() in 64-bit __get_user() From: Josh Poimboeuf > Sent: 29 October 2024 03:28 > > On Mon, Oct 28, 2024 at 06:56:15PM -0700, Josh Poimboeuf wrote: > > The barrier_nospec() in 64-bit __get_user() is slow. Instead use > > pointer masking to force the user pointer to all 1's if a previous > > access_ok() mispredicted true for an invalid address. > > Linus pointed out that __get_user() may be used by some code to access > both kernel and user space and in fact I found one such usage in > vc_read_mem().... > > So I self-NAK this patch for now. > > Still, it would be great if patch 1 could get merged as that gives a > significant performance boost. I'm a bit late to the party and still a week behind :-( But I've wondered if access_ok() ought to be implemented using an 'asm goto with output' - much like get_user(). Then the use would be: masked_address = access_ok(maybe_bad_address, size, jump_label); with later user accesses using the masked_address. Once you've done that __get_user() doesn't need to contain address masking. Given that clac/stac iare so slow should there are be something that combines stac with access_ok() bracketed with a 'user_access_end' or an actual fault. I've sure there is code (maybe reading iovec[] or in sys_poll()) that wants to do multiple get/put_user in a short loop rather that calling copy_to/from_user(). David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists