Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Dan Williams <dan.j.williams@xxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Subject: Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Wed, 3 Jan 2018 21:49:33 -0800
Cc: "torvalds@xxxxxxxxxxxxxxxxxxxx" <torvalds@xxxxxxxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "alan@xxxxxxxxxxxxxxx" <alan@xxxxxxxxxxxxxxx>, "Reshetova, Elena" <elena.reshetova@xxxxxxxxx>, "mark.rutland@xxxxxxx" <mark.rutland@xxxxxxx>, "gnomes@xxxxxxxxxxxxxxxxxxx" <gnomes@xxxxxxxxxxxxxxxxxxx>, "gregkh@xxxxxxxxxxxxxxxxxxx" <gregkh@xxxxxxxxxxxxxxxxxxx>, "jikos@xxxxxxxxxx" <jikos@xxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>
In-reply-to: <CAPcyv4gKQD68dCCD-Nz78ZQ9ttung5yMzG3f+JRmGUxuKhK4Pw@mail.gmail.com>
References: <20180103223827.39601-1-mark.rutland@arm.com> <151502463248.33513.5960736946233335087.stgit@dwillia2-desk3.amr.corp.intel.com> <CA+55aFzSYExr33w849=3o+2XGr9pUKpFucc5p-kKbEy20VVLPA@mail.gmail.com> <20180104010754.22ca6a74@alans-desktop> <alpine.LRH.2.00.1801040221070.27010@gjva.wvxbf.pm> <CAPcyv4ic=X3nMz7deg9NMyvj994+SM9XYoP0u7WvgKaAFSGAYw@mail.gmail.com> <CA+55aFx7eJqRA8EWwSCrC+Lr1ZjUvRXSuhrxo+af_Dx3YWKbOQ@mail.gmail.com> <1515035438.20588.4.camel@intel.com> <20180104044424.GC21978@ZenIV.linux.org.uk> <CAPcyv4gKQD68dCCD-Nz78ZQ9ttung5yMzG3f+JRmGUxuKhK4Pw@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0

On 01/03/2018 09:44 PM, Dan Williams wrote:
> No, the concern is that an fd value >= fdt->max_fds may cause the cpu
> to read arbitrary memory addresses relative to files->fdt and
> userspace can observe that it got loaded.

Yep, it potentially tells you someting about memory after fdt->fd[].
For instance, you might be able to observe if some random bit of memory
after the actual fd[] array had 'mask' set because the CPU is running
this code with a 'file' that actually fails the "fd < fdt->max_fds" check:

                file = __fcheck_files(files, fd);
                if (!file || unlikely(file->f_mode & mask))
                        return 0;
                return (unsigned long)file;

References:
- [RFC PATCH 0/4] API for inhibiting speculative arbitrary read primitives
  - From: Mark Rutland
- [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Dan Williams
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Linus Torvalds
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Alan Cox
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Jiri Kosina
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Dan Williams
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Linus Torvalds
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Williams, Dan J
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Al Viro
- Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
  - From: Dan Williams

Prev by Date: Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
Next by Date: Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
Previous by thread: Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
Next by thread: Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]