Ok, this should probably have been in linux-next, but it's fairly
simple, and it's entirely optional.
I just merged a branch that I've had around in my local test tree for
several months in one form or another: it allows architectures to
avoid the spectre conditional branch speculation barrier in the
"user_*_access_begin()" by using a data dependency on the address
instead of the conditional.
That speculation barrier doesn't really show up in any major way, but
this was the last piece of my "path lookup profile pain points",
because it does show up on x86-64 in "strncpy_from_user()", which is
obviously how the kernel copies the path from user space.
Not all architectures can do the data dependency model - for one
thing, it requires that there be a guard area between user space and
kernel space accesses, so that you can't overflow from one into the
other (because the address masking trick will also avoid even looking
at the size of the address).
For another, you need to have a convenient enough user/kernel split
and a known-trapping address that it's easy to have a simple
arithmetic "turn any kernel pointers into faulting pointers".
Anyway, this *only* makes sense if your architecture already handles
the (much more important) get_user() and put_user() calls with the
same trick. And I think x86-64 is the only architecture that does
that, but I thought I'd mention it to others just in case.
(arm64 already avoids the speculation barrier with a data dependency
on the address, but does so in _addition_ to the access_ok() check.
The new "masked_user_access" infrastructure allows for avoiding the
access_ok() check entirely when used).
Linus
