From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48908C7115D for ; Sun, 22 Jun 2025 16:52:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CCD606B009E; Sun, 22 Jun 2025 12:52:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CA5396B009F; Sun, 22 Jun 2025 12:52:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE1BE6B00A0; Sun, 22 Jun 2025 12:52:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id AEAE96B009E for ; Sun, 22 Jun 2025 12:52:44 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 1EFA2140A5B for ; Sun, 22 Jun 2025 16:52:44 +0000 (UTC) X-FDA: 83583630648.03.74870AA Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by imf15.hostedemail.com (Postfix) with ESMTP id 2C8C7A0005 for ; Sun, 22 Jun 2025 16:52:41 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=H8wzPdpc; spf=pass (imf15.hostedemail.com: domain of david.laight.linux@gmail.com designates 209.85.221.52 as permitted sender) smtp.mailfrom=david.laight.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750611162; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FngSn3FLzaGg6vnTK1EcbPv7loXCwwNpO2CdpOQR/gM=; b=dMFZf23O4x6WZ3evCkCAF6CSTG2h1wMt5ETZvU12g8uDgGIkFIb7JBEQKDy+ZgyUq+gJ++ FUstwKuy07GeKhRF7Z/R1z/+b8jacwHNCOcAsUsNnOU0r+vPckPA01Rq+Q5qp32FQpTZBR mAsaywSvZYugLWkAcVIUrB+xD5A0MZg= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=H8wzPdpc; spf=pass (imf15.hostedemail.com: domain of david.laight.linux@gmail.com designates 209.85.221.52 as permitted sender) smtp.mailfrom=david.laight.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750611162; a=rsa-sha256; cv=none; b=u2rOnkv5DsisY5BXu7My8IefEiaQ7bF7aeqpxb5ZWwq2aXf/iQbMpqywEDvANd0J115waT Lyr67/lVtP/xnc/2pZ83mZZXDgW7Ub1MP6vFXyoznJ7CVRWRcEJI4lZuV3ul9Ye/CPrX9m cw057POg+5xCSvPmqAJLQehF3lAwS8A= Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-3a50956e5d3so2705775f8f.1 for ; Sun, 22 Jun 2025 09:52:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750611161; x=1751215961; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=FngSn3FLzaGg6vnTK1EcbPv7loXCwwNpO2CdpOQR/gM=; b=H8wzPdpcPcXxQBq7O1zmsSxwoBEdahwEA9W+K0T1mTuRq0Wln1vXp2Jfi1k4fV1RNf E797JJa5CNVsDuJhre+WgabEF/TCSKf6P43v3I7wErqogMotCvNciB9ZA3mRXAdaofKA UOcEY1/1oNVV5HGAIgYhjAixbedSJUAznG7VaBhvvGRqQYfEMQkz8Sdgwu+HVAshs0LF VX0hUPTKAs7fG0GeK/fYax1ZVG49W9MHmO9KIvX4pn8C0TjY9Q05hW7yCW11beNnkvZK kt2D1U4XG/0+Ah2G52oKAnvdhXNWRgmSsTi9iPd6heW4NuYoFqozr69Ld86za9FXWKv0 seWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750611161; x=1751215961; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FngSn3FLzaGg6vnTK1EcbPv7loXCwwNpO2CdpOQR/gM=; b=o3at10azOw0j5errqLbNpsQCKw+4SCoMrbbdzITE8CiEvENEYdhAcTuY7QEsYaKngF vAzhLbpAvgecvNvD5V/qaGKSnE5YNm77abrwDdvmWNW4QwIo6Zy1/314Fa7lKQ16SPwd rx1jhEDjRdGv5m+X++lgJNkAy+nR/8uuzg1BoKR+aA2YaVpxfvyNKrggmbwqqVYIQuv5 Ve+CNOS07g8k7IkyITyW9PIa4VzmE8d7z7A5lFGIkmXcLY77THJfeu+u0kpHtUj7ZQWZ NdpjXi5Yypd6avI0yDT/la3AT1PIbBBCTtx69cxYZhgCy7hdbL6o0deIMeJlTj3mJoVe xzOQ== X-Forwarded-Encrypted: i=1; AJvYcCVkuYC0pLlbtR3t3959shIYsxrOqs8mCk83OAMPWWicVGpz+tAHA8Uw1uI3F8JxMWnbBx+O58n4nA==@kvack.org X-Gm-Message-State: AOJu0YxpmOjlgk+0KCFtCZqj1x+6AtzIf6U12OY0/4S3myzGibd8DsqF yOVFUaoA4GZHuM1E2cowYfFJyb2jmzDMkVBlWhHAUmxh5J6jNVcrbXJ1 X-Gm-Gg: ASbGncs6/BhZ6H1YALf83r7F5HmGgQu3cpIB97T8Z/Slb/bWgSoOgEFx08WvWAI7Jod RxrRZ6/zNaIpWj5d1/JmTPZ6BXAiUBr6goZkHa6S/XBvh9ecTOwkQuOU4jgHxDPc2tgd0wfaCPQ IdnG/OVy13DyknxVboSkCJUEFdr0SLZoTArjirrH2o3y2G9CEa+WSwsAtVqsoWUnce1mfz33rgN g+pK03CFag1WUCcXiz9Kx6cgoUCAC7INzf5ooiFRPvRzwhqhcT9TgrGLq3eENyaz/buQckGxUEx r6iDYwl6BB1oLhRLATNrFWEH1WHOlIxmudcYoCpKIVusMkTjkILO745+0UFNRFXR9JKDpYZbmAF DrIAPdEhiv1hE4D8dIYc0sd0n X-Google-Smtp-Source: AGHT+IGYZ2I7yF8X3Gjleg6T1l+ayP9shmcGOvVNUsuDSBZtK92zgW1wfdx37nTuwhWT/HBaaKSFPg== X-Received: by 2002:a5d:64ce:0:b0:3a4:f513:7f03 with SMTP id ffacd0b85a97d-3a6d1303b0fmr7534708f8f.44.1750611160377; Sun, 22 Jun 2025 09:52:40 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-453646d7d8fsm83430075e9.15.2025.06.22.09.52.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Jun 2025 09:52:40 -0700 (PDT) Date: Sun, 22 Jun 2025 17:52:38 +0100 From: David Laight To: Christophe Leroy Cc: Michael Ellerman , Nicholas Piggin , Naveen N Rao , Madhavan Srinivasan , Alexander Viro , Christian Brauner , Jan Kara , Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Darren Hart , Davidlohr Bueso , "Andre Almeida" , Andrew Morton , Dave Hansen , Linus Torvalds , linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH 2/5] uaccess: Add speculation barrier to copy_from_user_iter() Message-ID: <20250622175238.642d02bf@pumpkin> In-Reply-To: References: X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 2C8C7A0005 X-Stat-Signature: hnf1zd74uc8nx5hhcnynx5yzkxxc78bi X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1750611161-260892 X-HE-Meta: U2FsdGVkX19rzYMaKdBcMLD8FRdlEffyfkpjD8xeZEJl/lFfNWsQ74NjoEIga3P6Djh7GP+8OD6aiPJ3ZWWTQpHXUKXv7DJJ40X3YzZfBDNGWp/Q82ZvIbwe+iQ2Y+2oB6uCmBXorYBYL2QLWUX5uFw4VSnWtuM96H7zJHokHUJjl3ntr2IFdB62Azx30aXDLKHaD7NF+IPAE88RnQt1MOfZ0UPctHFbxGHs05QEccpCFR+/nremA0MToe8z8DssRFsBSt30m4eY2tDuid465EhAm6HUhhGF0fU50kB4mZQ9kOLBDblxfE6mZXQ453pvujuVIKHJ7+uMrc+3NJIn6q1TJCbnWsJiZ7RWQMuNM697PI5kcu0quI9SepZ7HV7ITx4Bv77TAbWBtpFjbvrgGRNgoYila/QRGh3TUHB7XzHusThMD/PLke+H/DVnMZMZ95bRADU8rhWQABvh3Xvz7j7quz+Z5AcwkeoICsQcQ7YTsSrzrjE9Zg07iwGkvFdYUYe6ss9W6o8krmdImWE6muN/rbUn1a//5cuRGeFLj88Vn88Jm6sm7HGzHs7YOxFnIMKg5yMKpmrUy7okE7dNVjsynZBQzLE97jRZairvs0xYcriI1ib0S2c4mjJ6Unp64xydVmBHQCTAoELQZUaeWtfBCZueU1BkkCstm47ZVxcxIXQd4HCZD/qPyBSb1gA26rgPMGyPC104cyMcoNzHArrXCo7YqdpUBKNzfajUBaBc2BlfLTpNJz6fCa15SJCeyZSIA+aEd2dRRhwAQeCeeJwyDIetJp5NvXnn7O29pdNlD9GrIXssyaRCNsZnRAGZGmZxzZtwAxkl/3RrO6KSLFMITiskkrAhY8tiqsIz7kFWTmY/HUqzIGIJvb/BHDRdlBL1YonB8dYdJJjIXOtpZdfh/LSmSVZvPu3LsgV+x+1dUXC6uArQ4npwfOEfyAwhF/jGRcNPnURA/wCnAT6 ov+yEk1V xtW6S3azLMqb9eNNRSPd2s9VP5Qec2xtHK5viN/ZiYBCORIMGGMI4xl3C3MPqxzLhSF9G8YBhTdhva74YsKcfRH4c4DsOHUR/RQaZxrHzjtouQD+iQaHrwZgdAFgRzp/waapjY4dpsKlksJN5ITAnZxy8FqD+VTHfDB/BWI7C2atqrKjZinaCT5jWMuYA6dOJp+Cr5OIfIGzys/Rfs+5g+RmGWIFoc89ztgBpJaMyq2T9nvCCdFoD6IlCGOfEU8H+NY3po+hw5iiv+bMoHVI6MAAeP9Wk3sJXWNebn6dEiRBOjqm+lQ7MFI9xLeJ913zXZqLE50BT/Yv4XdxgTVAla6u9gWJqR2vllT9PYgzZE44Uy0cPNZMm8w4h7sNUtIrpV4sXrWjghOwt99ig6ZZv83l4aFhohd+h9S3dt3dnWGgr4OI+ZCr0kGSuiUk6MgxqAr7VIZ1kIGR9vodNHHU69EGjcEaXt0qJM0VNh71RtqMX/BPujqQBK+lGqg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, 22 Jun 2025 11:52:40 +0200 Christophe Leroy wrote: > The results of "access_ok()" can be mis-speculated. The result is that > you can end speculatively: > > if (access_ok(from, size)) > // Right here > > For the same reason as done in copy_from_user() by > commit 74e19ef0ff80 ("uaccess: Add speculation barrier to > copy_from_user()"), add a speculation barrier to copy_from_user_iter(). I'm sure I sent a patch to change this code to used the 'masked' functions. Probably ought to be done at the same time. Would have been early feb, about the time I suggested: +#ifdef masked_user_access_begin +#define masked_user_read_access_begin(from, size) \ + ((*(from) = masked_user_access_begin(*(from))), 1) +#define masked_user_write_access_begin(from, size) \ + ((*(from) = masked_user_access_begin(*(from))), 1) +#else +#define masked_user_read_access_begin(from, size) \ + user_read_access_begin(*(from), size) +#define masked_user_write_access_begin(from, size) \ + user_write_access_begin(*(from), size) +#endif allowing: - if (!user_read_access_begin(from, sizeof(*from))) + if (!masked_user_read_access_begin(&from, sizeof(*from))) David > > See commit 74e19ef0ff80 ("uaccess: Add speculation barrier to > copy_from_user()") for more details. > > Signed-off-by: Christophe Leroy > --- > lib/iov_iter.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/lib/iov_iter.c b/lib/iov_iter.c > index f9193f952f49..ebf524a37907 100644 > --- a/lib/iov_iter.c > +++ b/lib/iov_iter.c > @@ -50,6 +50,13 @@ size_t copy_from_user_iter(void __user *iter_from, size_t progress, > if (should_fail_usercopy()) > return len; > if (access_ok(iter_from, len)) { > + /* > + * Ensure that bad access_ok() speculation will not > + * lead to nasty side effects *after* the copy is > + * finished: > + */ > + barrier_nospec(); > + > to += progress; > instrument_copy_from_user_before(to, iter_from, len); > res = raw_copy_from_user(to, iter_from, len);