[PATCH v2 5/6] x86/uaccess: Add user pointer masking to copy_to_user()
Josh Poimboeuf
jpoimboe at kernel.org
Fri Oct 18 08:55:24 AEDT 2024
Add user pointer masking to copy_to_user() to mitigate Spectre v1.
A write in a mispredicted access_ok() branch to a user-controlled kernel
address can populate the rest of the affected cache line with kernel
data.
Signed-off-by: Josh Poimboeuf <jpoimboe at kernel.org>
---
arch/x86/include/asm/uaccess_64.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index 61693028ea2b..0587830a47e1 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -140,6 +140,7 @@ raw_copy_from_user(void *dst, const void __user *src, unsigned long size)
static __always_inline __must_check unsigned long
raw_copy_to_user(void __user *dst, const void *src, unsigned long size)
{
+ dst = mask_user_address(dst);
return copy_user_generic((__force void *)dst, src, size);
}
--
2.47.0
More information about the Linuxppc-dev
mailing list