[PATCH] x86/uaccess: Avoid barrier_nospec() in copy_from_user()
Andrew Cooper
andrew.cooper3 at citrix.com
Sun Oct 13 01:26:32 AEDT 2024
On 12/10/2024 3:09 pm, Josh Poimboeuf wrote:
> On Sat, Oct 12, 2024 at 09:48:57AM +0100, Andrew Cooper wrote:
>> On 12/10/2024 5:09 am, Josh Poimboeuf wrote:
>>> For x86-64, the barrier_nospec() in copy_from_user() is overkill and
>>> painfully slow. Instead, use pointer masking to force the user pointer
>>> to a non-kernel value even in speculative paths.
>>>
>>> Signed-off-by: Josh Poimboeuf <jpoimboe at kernel.org>
>> You do realise mask_user_address() is unsafe under speculation on AMD
>> systems?
>>
>> Had the mask_user_address() patch been put for review, this feedback
>> would have been given then.
>>
>>
>> AMD needs to arrange for bit 47 (bit 58 with LA57) to be the one
>> saturated by shifting, not bit 63.
> Ok... why?
CVE-2020-12965
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1010.html
~Andrew
More information about the Linuxppc-dev
mailing list