diff options
| author | Dan Williams <[email protected]> | 2018-01-30 01:02:49 +0000 |
|---|---|---|
| committer | Thomas Gleixner <[email protected]> | 2018-01-30 20:54:31 +0000 |
| commit | 304ec1b050310548db33063e567123fae8fd0301 (patch) | |
| tree | 453a5094b3bdcf3a9cb331850d93d112a04f7d5f /arch/x86/entry/common.c | |
| parent | x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} (diff) | |
| download | kernel-304ec1b050310548db33063e567123fae8fd0301.tar.gz kernel-304ec1b050310548db33063e567123fae8fd0301.zip | |
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
Quoting Linus:
I do think that it would be a good idea to very expressly document
the fact that it's not that the user access itself is unsafe. I do
agree that things like "get_user()" want to be protected, but not
because of any direct bugs or problems with get_user() and friends,
but simply because get_user() is an excellent source of a pointer
that is obviously controlled from a potentially attacking user
space. So it's a prime candidate for then finding _subsequent_
accesses that can then be used to perturb the cache.
__uaccess_begin_nospec() covers __get_user() and copy_from_iter() where the
limit check is far away from the user pointer de-reference. In those cases
a barrier_nospec() prevents speculation with a potential pointer to
privileged memory. uaccess_try_nospec covers get_user_try.
Suggested-by: Linus Torvalds <[email protected]>
Suggested-by: Andi Kleen <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: Kees Cook <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: Al Viro <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/151727416953.33451.10508284228526170604.stgit@dwillia2-desk3.amr.corp.intel.com
Diffstat (limited to 'arch/x86/entry/common.c')
0 files changed, 0 insertions, 0 deletions