linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Mark Rutland <mark.rutland@arm.com>
To: Christoph Hellwig <hch@lst.de>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>,
	x86@kernel.org, linux-kernel@vger.kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Al Viro <viro@zeniv.linux.org.uk>, Will Deacon <will@kernel.org>,
	Dan Williams <dan.j.williams@intel.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Waiman Long <longman@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Andy Lutomirski <luto@kernel.org>
Subject: Re: [PATCH] x86/uaccess: Use pointer masking to limit uaccess speculation
Date: Wed, 2 Sep 2020 12:43:48 +0100	[thread overview]
Message-ID: <20200902114348.GA1002@C02TD0UTHF1T.local> (raw)
In-Reply-To: <20200901154629.GA882@lst.de>

On Tue, Sep 01, 2020 at 05:46:29PM +0200, Christoph Hellwig wrote:
> On Tue, Sep 01, 2020 at 05:05:53PM +0200, Christoph Hellwig wrote:
> > > Is there anything in particular that's tricky, or do you just want
> > > someone to look generally? From a quick grep arch/arm64/* looks clean, but
> > > I suspect that's misleading.
> > 
> > Yes, it should be mostly trivial.  I just bet the maintainers are
> > better at optimizing the low-level assembly code with the variable
> > address limit gone than I am.  (See Linus comments on the x86 version
> > for example).  And I don't have a physical arm64 to test with so I'd
> > have to rely on qemu for any testing.

Makes sense.

I'll take a look if Will doesn't beat me to it, and I'm happy to test
the result regardless.

> So I looked at the arm64 code and I don't think it is entirely trivial,
> due to the orig_addr_limit saving in the syscall entry path, and due
> to all the UAO stuff.  On the plus side it looks to me like
> CONFIG_ARM64_UAO and all the code relate to it can go away entirely
> if set_fs() is gone.

I *think* removing that should be largely mechanical for someone
for someone familiar with it, and it'd be nice to see it go.

> So if I can trick you guys into submiting a patch on top of:
> 
>    http://git.infradead.org/users/hch/misc.git/shortlog/refs/heads/set_fs-removal
> 
> that would make my life a lot simpler.

I'll see what I can do.

At first glance it looks like we might need to flesh out or refactor the
arm64 kernel maccess routines first (since we want the user maccess
routines to use LDTR/STTR instructions that can't access kernel memory),
but after that I think the rest is largely mechanical.

Mark.

  reply	other threads:[~2020-09-02 11:44 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-19 14:50 [PATCH] x86/uaccess: Use pointer masking to limit uaccess speculation Josh Poimboeuf
2020-08-19 16:39 ` Andy Lutomirski
2020-08-19 17:02   ` Josh Poimboeuf
2020-08-19 21:30     ` David Laight
2020-08-20  0:18     ` Andy Lutomirski
2020-08-28 19:29 ` Josh Poimboeuf
2020-08-29 13:21   ` David Laight
2020-08-29 19:31     ` David Laight
2020-08-31 17:31       ` Josh Poimboeuf
2020-09-01  8:32         ` David Laight
2020-09-01 14:26           ` Josh Poimboeuf
2020-09-01 15:00             ` David Laight
2020-09-01 15:24               ` Josh Poimboeuf
2020-09-01 14:02 ` Mark Rutland
2020-09-01 14:21   ` Josh Poimboeuf
2020-09-01 14:52     ` Mark Rutland
2020-09-01 14:46   ` Christoph Hellwig
2020-09-01 14:54     ` Mark Rutland
2020-09-01 15:05       ` Christoph Hellwig
2020-09-01 15:46         ` Christoph Hellwig
2020-09-02 11:43           ` Mark Rutland [this message]
2020-09-02 13:32             ` Christoph Hellwig
2020-09-02 17:23               ` Mark Rutland
2020-09-03  6:56                 ` Christoph Hellwig
2020-09-04 16:00                   ` Mark Rutland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200902114348.GA1002@C02TD0UTHF1T.local \
    --to=mark.rutland@arm.com \
    --cc=aarcange@redhat.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=dan.j.williams@intel.com \
    --cc=hch@lst.de \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=longman@redhat.com \
    --cc=luto@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=will@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).