On Tue, Feb 06, 2018 at 11:48:45AM -0800, Dan Williams wrote: > On Tue, Feb 6, 2018 at 11:29 AM, Luis Henriques <lhenriques@xxxxxxxx> wrote: > > On Thu, Jan 18, 2018 at 04:02:21PM -0800, Dan Williams wrote: > >> The syscall table base is a user controlled function pointer in kernel > >> space. Like, 'get_user, use 'MASK_NOSPEC' to prevent any out of bounds > >> speculation. While retpoline prevents speculating into the user > >> controlled target it does not stop the pointer de-reference, the concern > >> is leaking memory relative to the syscall table base. > > > > This patch seems to cause a regression. An easy way to reproduce what > > I'm seeing is to run the samples/statx/test-statx. Here's what I see > > when I have this patchset applied: > > > > # ./test-statx /tmp > > statx(/tmp) = -1 > > /tmp: Bad file descriptor > > > > Reverting this single patch seems to fix it. > > Just to clarify, when you say "this patch" you mean: > > 2fbd7af5af86 x86/syscall: Sanitize syscall table de-references > under speculation > > ...not this early MASK_NOSPEC version of the patch, right? *sigh* Looks like I spent some good amount of time hunting a non-issue just because I have enough old branches hanging around to confusing me :-( Sorry for the noise. Cheers, -- Luís
