On Tue, 2018-01-16 at 14:41 -0800, Linus Torvalds wrote: > > > On Jan 16, 2018 14:23, "Dan Williams" <dan.j.williams@xxxxxxxxx> > wrote: > > That said, for get_user specifically, can we do something even > > cheaper. Dave H. reminds me that any valid user pointer that gets > > past > > the address limit check will have the high bit clear. So instead of > > calculating a mask, just unconditionally clear the high bit. It > > seems > > worse case userspace can speculatively leak something that's > > already > > in its address space. > > That's not at all true. > > The address may be a kernel address. That's the whole point of > 'set_fs()'. Can we kill off the remaining users of set_fs() ? Alan
