lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4055e18be7ff4f1f83fb9a4b6a8bc312@AcuMS.aculab.com>
Date: Sat, 16 Nov 2024 21:38:35 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Linus Torvalds' <torvalds@...ux-foundation.org>, Josh Poimboeuf
	<jpoimboe@...nel.org>
CC: "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, Thomas Gleixner <tglx@...utronix.de>,
	Borislav Petkov <bp@...en8.de>, Peter Zijlstra <peterz@...radead.org>, "Pawan
 Gupta" <pawan.kumar.gupta@...ux.intel.com>, Waiman Long <longman@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>,
	Michael Ellerman <mpe@...erman.id.au>, "linuxppc-dev@...ts.ozlabs.org"
	<linuxppc-dev@...ts.ozlabs.org>, Andrew Cooper <andrew.cooper3@...rix.com>,
	Mark Rutland <mark.rutland@....com>, "Kirill A . Shutemov"
	<kirill@...temov.name>
Subject: RE: [PATCH v3 2/6] x86/uaccess: Avoid barrier_nospec() in 64-bit
 __get_user()

From: Linus Torvalds
> Sent: 16 November 2024 01:27
> 
> On Fri, 15 Nov 2024 at 15:06, Josh Poimboeuf <jpoimboe@...nel.org> wrote:
> >
> > It's sad that __get_user() is now slower than get_user() on x86, it kind
> > of defeats the whole point!
> 
> Well, honestly, we've been trying to get away from __get_user() and
> __put_user() for a long long time.
> 
> With CLAC/STAC, it's been probably a decade or two since __get_user()
> and friends were actually a worthwhile optimization, so let's just
> strive to get rid of the ones that matter.

Thinks....

If __get_user() is the same as get_user() then all the access_ok()
outside of get/put_user() and copy_to/from_user() can be removed
because they are pointless (anyone that brave?).
There is no point optimising the code to fast-path bad user pointers.

> We already have this with user_access_begin() + unsafe_get_user().
> There's also a version which masks the address: masked_user_access_begin().

That sounds as though it is begging for a simple to use:
	masked_addr = user_access_begin(addr, size, error_label);
and
	val = unsafe_get_user(masked_addr, error_label);
form?
Probably with objtool checking they are all in a valid sequence
with no functions calls (etc).

If address masking isn't needed (by an architecture) the address can be left
unchanged.

A quick grep shows access_ok() in 66 .c and 8 .h files outside the arch code.
And 69 .c file in arch, most of the arch .h are uaccess.h and futex.h.
I suspect the audit wouldn't tale that long.
Getting any patches accepted is another matter.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ