https://github.com/torvalds/linux
Revision 6e693b3ffecb0b478c7050b44a4842854154f715 authored by Will Deacon on 19 January 2019, 21:56:05 UTC, committed by Linus Torvalds on 20 January 2019, 03:33:22 UTC
Commit 594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'") makes the access_ok() check part of the user_access_begin() preceding a series of 'unsafe' accesses. This has the desirable effect of ensuring that all 'unsafe' accesses have been range-checked, without having to pick through all of the callsites to verify whether the appropriate checking has been made. However, the consolidated range check does not inhibit speculation, so it is still up to the caller to ensure that they are not susceptible to any speculative side-channel attacks for user addresses that ultimately fail the access_ok() check. This is an oversight, so use __uaccess_begin_nospec() to ensure that speculation is inhibited until the access_ok() check has passed. Reported-by: Julien Thierry <julien.thierry@arm.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent b0f3e76
Tip revision: 6e693b3ffecb0b478c7050b44a4842854154f715 authored by Will Deacon on 19 January 2019, 21:56:05 UTC
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
Tip revision: 6e693b3
File | Mode | Size |
---|---|---|
Documentation | ||
LICENSES | ||
arch | ||
block | ||
certs | ||
crypto | ||
drivers | ||
firmware | ||
fs | ||
include | ||
init | ||
ipc | ||
kernel | ||
lib | ||
mm | ||
net | ||
samples | ||
scripts | ||
security | ||
sound | ||
tools | ||
usr | ||
virt | ||
.clang-format | -rw-r--r-- | 12.7 KB |
.cocciconfig | -rw-r--r-- | 59 bytes |
.get_maintainer.ignore | -rw-r--r-- | 31 bytes |
.gitattributes | -rw-r--r-- | 30 bytes |
.gitignore | -rw-r--r-- | 1.5 KB |
.mailmap | -rw-r--r-- | 10.7 KB |
COPYING | -rw-r--r-- | 423 bytes |
CREDITS | -rw-r--r-- | 96.9 KB |
Kbuild | -rw-r--r-- | 1.7 KB |
Kconfig | -rw-r--r-- | 563 bytes |
MAINTAINERS | -rw-r--r-- | 481.0 KB |
Makefile | -rw-r--r-- | 59.1 KB |
README | -rw-r--r-- | 727 bytes |
Computing file changes ...