From: David Laight <David.Laight@ACULAB.COM>
To: 'Linus Torvalds' <torvalds@linux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"x86@kernel.org" <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Will Deacon <will@kernel.org>,
Dan Williams <dan.j.williams@intel.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"Waiman Long" <longman@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Andy Lutomirski <luto@kernel.org>, Christoph Hellwig <hch@lst.de>,
"Mark Rutland" <mark.rutland@arm.com>,
Borislav Petkov <bp@alien8.de>
Subject: RE: [PATCH v4 3/4] x86/uaccess: Use pointer masking to limit uaccess speculation
Date: Thu, 6 May 2021 07:57:44 +0000 [thread overview]
Message-ID: <ea9607e9c30e4ed0b2f0c0aa4bc98c6c@AcuMS.aculab.com> (raw)
In-Reply-To: <CAHk-=wh-a6B11tH3upLG+-P5_yFPs3PB8tiXO5JKaQjUvhOMYg@mail.gmail.com>
From: Linus Torvalds
> Sent: 05 May 2021 19:32
>
> On Wed, May 5, 2021 at 1:48 AM David Laight <David.Laight@aculab.com> wrote:
> >
> > This would error requests for address 0 earlier - but I don't
> > believe they are ever valid in Linux.
> > (Some historic x86 a.out formats did load to address 0.)
>
> Not only loading at address 0 - there are various real reason s why
> address 0 might actually be needed.
>
> Anybody who still runs a 32-bit kernel and wants to use vm86 mode, for
> example, requires address 0 because that's simply how the hardware
> works.
>
> So no. "mask to zero and make zero invalid" is not a proper model.
I had my doubts.
But letting userspace map address zero has been a security problem.
It can turn a kernel panic into executing 'user' code with
supervisor permissions.
So I did wonder if it had been banned completely.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2021-05-06 7:57 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-05 3:54 [PATCH v4 0/4] x86/uaccess: Use pointer masking to limit uaccess speculation Josh Poimboeuf
2021-05-05 3:54 ` [PATCH v4 1/4] uaccess: Always inline strn*_user() helper functions Josh Poimboeuf
2021-05-05 3:54 ` [PATCH v4 2/4] uaccess: Fix __user annotations for copy_mc_to_user() Josh Poimboeuf
2021-05-05 3:54 ` [PATCH v4 3/4] x86/uaccess: Use pointer masking to limit uaccess speculation Josh Poimboeuf
2021-05-05 8:48 ` David Laight
2021-05-05 13:19 ` Josh Poimboeuf
2021-05-05 13:51 ` David Laight
2021-05-05 18:32 ` Linus Torvalds
2021-05-06 7:57 ` David Laight [this message]
2021-05-05 14:25 ` Mark Rutland
2021-05-05 14:48 ` Josh Poimboeuf
2021-05-05 14:49 ` David Laight
2021-05-05 15:45 ` Mark Rutland
2021-05-05 16:55 ` Andy Lutomirski
2021-05-06 8:36 ` David Laight
2021-05-06 12:05 ` Christoph Hellwig
2021-06-02 17:11 ` Sean Christopherson
2021-06-02 20:11 ` Josh Poimboeuf
2021-05-05 3:54 ` [PATCH v4 4/4] x86/nospec: Remove barrier_nospec() Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ea9607e9c30e4ed0b2f0c0aa4bc98c6c@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=aarcange@redhat.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=hch@lst.de \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).