| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1750585239.git.christophe.leroy@csgroup.eu>
Date: Sun, 22 Jun 2025 11:52:38 +0200
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Michael Ellerman <mpe@...erman.id.au>,
Nicholas Piggin <npiggin@...il.com>,
Naveen N Rao <naveen@...nel.org>,
Madhavan Srinivasan <maddy@...ux.ibm.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>,
Jan Kara <jack@...e.cz>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Darren Hart <dvhart@...radead.org>,
Davidlohr Bueso <dave@...olabs.net>,
"Andre Almeida" <andrealmeid@...lia.com>,
Andrew Morton <akpm@...ux-foundation.org>,
David Laight <david.laight.linux@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christophe Leroy <christophe.leroy@...roup.eu>,
linux-kernel@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org,
linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org
Subject: [PATCH 0/5] powerpc: Implement masked user access
Masked user access avoids the address/size verification by access_ok().
Allthough its main purpose is to skip the speculation in the
verification of user address and size hence avoid the need of spec
mitigation, it also has the advantage to reduce the amount of
instructions needed so it also benefits to platforms that don't
need speculation mitigation, especially when the size of the copy is
not know at build time.
Unlike x86_64 which masks the address to 'all bits set' when the
user address is invalid, here the address is set to an address in
the gap. It avoids relying on the zero page to catch offseted
accesses. On book3s/32 it makes sure the opening remains on user
segment. The overcost is a single instruction in the masking.
First patch adds masked_user_read_access_begin() and
masked_user_write_access_begin() to match with user_read_access_end()
and user_write_access_end().
Second patch adds speculation barrier to copy_from_user_iter() so that
the barrier in powerpc raw_copy_from_user() which is redundant with
the one in copy_from_user() can be removed.
Third patch removes the redundant barrier_nospec() in
raw_copy_from_user().
Fourth patch removes the unused size parameter when enabling/disabling
user access.
Last patch implements masked user access.
Christophe Leroy (5):
uaccess: Add masked_user_{read/write}_access_begin
uaccess: Add speculation barrier to copy_from_user_iter()
powerpc: Remove unused size parametre to KUAP enabling/disabling
functions
powerpc: Move barrier_nospec() out of allow_read_{from/write}_user()
powerpc: Implement masked user access
arch/powerpc/Kconfig | 2 +-
arch/powerpc/include/asm/book3s/32/kup.h | 2 +-
arch/powerpc/include/asm/book3s/64/kup.h | 4 +-
arch/powerpc/include/asm/kup.h | 24 ++--
arch/powerpc/include/asm/nohash/32/kup-8xx.h | 2 +-
arch/powerpc/include/asm/nohash/kup-booke.h | 2 +-
arch/powerpc/include/asm/uaccess.h | 140 ++++++++++++++++---
fs/select.c | 2 +-
include/linux/uaccess.h | 8 ++
kernel/futex/futex.h | 4 +-
lib/iov_iter.c | 7 +
lib/strncpy_from_user.c | 2 +-
lib/strnlen_user.c | 2 +-
13 files changed, 158 insertions(+), 43 deletions(-)
--
2.49.0
Powered by blists - more mailing lists