diff options
| author | Dan Williams <[email protected]> | 2018-01-29 17:02:49 -0800 |
|---|---|---|
| committer | Thomas Gleixner <[email protected]> | 2018-01-30 21:54:31 +0100 |
| commit | 304ec1b050310548db33063e567123fae8fd0301 (patch) | |
| tree | 453a5094b3bdcf3a9cb331850d93d112a04f7d5f /tools/perf/scripts/python/call-graph-from-sql.py | |
| parent | b5c4ae4f35325d520b230bab6eb3310613b72ac1 (diff) | |
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
Quoting Linus:
I do think that it would be a good idea to very expressly document
the fact that it's not that the user access itself is unsafe. I do
agree that things like "get_user()" want to be protected, but not
because of any direct bugs or problems with get_user() and friends,
but simply because get_user() is an excellent source of a pointer
that is obviously controlled from a potentially attacking user
space. So it's a prime candidate for then finding _subsequent_
accesses that can then be used to perturb the cache.
__uaccess_begin_nospec() covers __get_user() and copy_from_iter() where the
limit check is far away from the user pointer de-reference. In those cases
a barrier_nospec() prevents speculation with a potential pointer to
privileged memory. uaccess_try_nospec covers get_user_try.
Suggested-by: Linus Torvalds <[email protected]>
Suggested-by: Andi Kleen <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: Kees Cook <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: Al Viro <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/151727416953.33451.10508284228526170604.stgit@dwillia2-desk3.amr.corp.intel.com
Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-sql.py')
0 files changed, 0 insertions, 0 deletions