lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1763396724.git.christophe.leroy@csgroup.eu>
Date: Mon, 17 Nov 2025 17:43:40 +0100
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Thomas Gleixner <tglx@...utronix.de>,
	Peter Zijlstra <peterz@...radead.org>
Cc: Christophe Leroy <christophe.leroy@...roup.eu>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Christian Brauner <brauner@...nel.org>,
	Jan Kara <jack@...e.cz>,
	Ingo Molnar <mingo@...hat.com>,
	Darren Hart <dvhart@...radead.org>,
	Davidlohr Bueso <dave@...olabs.net>,
	"Andre Almeida" <andrealmeid@...lia.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Eric Dumazet <edumazet@...gle.com>,
	Kuniyuki Iwashima <kuniyu@...gle.com>,
	Paolo Abeni <pabeni@...hat.com>,
	Willem de Bruijn <willemb@...gle.com>,
	"David S. Miller" <davem@...emloft.net>,
	Jakub Kicinski <kuba@...nel.org>,
	Simon Horman <horms@...nel.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Madhavan Srinivasan <maddy@...ux.ibm.com>,
	Michael Ellerman <mpe@...erman.id.au>,
	Nichlas Piggin <npiggin@...il.com>,
	linux-block@...r.kernel.org,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org,
	linuxppc-dev@...ts.ozlabs.org
Subject: [PATCH v5 0/4] uaccess: Prepare for masked user access on powerpc

This is v5 of the series "powerpc: Implement masked user access". This
version only includes the preparatory patches to enable merging of
powerpc architecture patches that depend on them on next cycle.

It applies on top of commit 6ec821f050e2 (tag: core-scoped-uaccess)
from tip tree.

Thomas, Peter, could you please take those preparatory patches
in tip tree for v6.19, then Maddy will take powerpc patches
into powerpc-next for v6.20.

Masked user access avoids the address/size verification by access_ok().
Allthough its main purpose is to skip the speculation in the
verification of user address and size hence avoid the need of spec
mitigation, it also has the advantage to reduce the amount of
instructions needed so it also benefits to platforms that don't
need speculation mitigation, especially when the size of the copy is
not know at build time.

Patches 1 and 2 are preparing to clean-up some redundant barrier_nospec()
introduced by commit 74e19ef0ff80 ("uaccess: Add speculation barrier
to copy_from_user()"). To do that, a speculation barrier is added to
copy_from_user_iter() so that the barrier in powerpc raw_copy_from_user()
which is redundant with the one in copy_from_user() can be removed. To
avoid impacting x86, copy_from_user_iter() is first converted to using
masked user access.

Patch 3 convert put_cmsg() to scoped user access.

Patch 4 replaces remaining wrong calls to masked_user_access_begin()
with calls to masked_user_read_access_begin() and
masked_user_write_access_begin() to match with user_read_access_end()
and user_write_access_end().

Entire series is availiable at https://git.kernel.org/pub/scm/linux/kernel/git/chleroy/linux branch masked-uaccess

Changes in v5:
- Taken comments from tglx
- Only include core preparatory patches, powerpc patches are kept for following kernel development cycle
- Reworded patch 1 to make it more explicit it needs to come before patch 2
- Added patch 3 to convert put_cmsg() to scoped user access instead of just fixing the direction of the uacess
- Renamed patch 4 as it now only handles fonctions from lib/strn*.c

Changes in v4:
- Rebased on top of commit 6ec821f050e2 (tag: core-scoped-uaccess) from tip tree
- Patch 3: Simplified as masked_user_read_access_begin() and masked_user_write_access_begin() are already there.
- Patch 10: Simplified mask_user_address_simple() as suggested by Gabriel.

Changes in v3:
- Rebased on top of v6.18-rc1
- Patch 3: Impact on recently modified net/core/scm.c
- Patch 10: Rewrite mask_user_address_simple() for a smaller result on powerpc64, suggested by Gabriel

Changes in v2:
- Converted copy_from_user_iter() to using masked user access.
- Cleaned up powerpc uaccess function to minimise code duplication
when adding masked user access
- Automated TASK_SIZE calculation to minimise use of BUILD_BUG_ON()
- Tried to make some commit messages more clean based on feedback from
version 1 of the series.

Christophe Leroy (4):
  iov_iter: Convert copy_from_user_iter() to masked user access
  iov_iter: Add missing speculation barrier to copy_from_user_iter()
  scm: Convert put_cmsg() to scoped user access
  lib/strn*,uaccess: Use masked_user_{read/write}_access_begin when
    required

 lib/iov_iter.c          | 22 +++++++++++++++++-----
 lib/strncpy_from_user.c |  2 +-
 lib/strnlen_user.c      |  2 +-
 net/core/scm.c          | 20 +++++++-------------
 4 files changed, 26 insertions(+), 20 deletions(-)

-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ