From: "Arnd Bergmann" <arnd@arndb.de>
To: "Kees Cook" <keescook@chromium.org>, "Alice Ryhl" <aliceryhl@google.com>
Cc: "Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Martijn Coenen" <maco@android.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
"Carlos Llamas" <cmllamas@google.com>,
"Suren Baghdasaryan" <surenb@google.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
rust-for-linux@vger.kernel.org,
"Christian Brauner" <brauner@kernel.org>
Subject: Re: [PATCH v2 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST
Date: Sat, 10 Feb 2024 12:07:14 +0100 [thread overview]
Message-ID: <4f0eb08d-bb5d-4544-aeba-ac9d8a663005@app.fastmail.com> (raw)
In-Reply-To: <202402091606.A181673F0A@keescook>
On Sat, Feb 10, 2024, at 01:15, Kees Cook wrote:
> On Thu, Feb 08, 2024 at 03:47:52PM +0000, Alice Ryhl wrote:
>> unsigned long res = n;
>> might_fault();
>> if (!should_fail_usercopy() && likely(access_ok(from, n))) {
>> + /*
>> + * Ensure that bad access_ok() speculation will not
>> + * lead to nasty side effects *after* the copy is
>> + * finished:
>> + */
>> + barrier_nospec();
>
> This means all callers just gained this barrier. That's a behavioral
> change -- is it intentional here? I don't see it mentioned in the commit
> log.
My bad, I probably should have explained it when I did the
patch as this is very subtle:
The barrier_nospec() definition is a nop on everything other
than x86 and powerpc, but those two were using the out-of-line
version that did in fact use it.
After this patch, the out-of-line function calls the inline
function, so it needs to be added here to keep the behavior
unchanged on the architectures that need it. For the rest,
this change has no effect.
Arnd
next prev parent reply other threads:[~2024-02-10 11:07 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-08 15:47 [PATCH v2 0/4] Memory management patches needed by Rust Binder Alice Ryhl
2024-02-08 15:47 ` [PATCH v2 1/4] rust: uaccess: add userspace pointers Alice Ryhl
2024-02-08 22:54 ` Valentin Obst
2024-02-09 11:15 ` Alice Ryhl
2024-02-21 11:47 ` Alice Ryhl
2024-02-27 10:05 ` Carlos López
2024-02-27 13:12 ` Alice Ryhl
2024-02-08 15:47 ` [PATCH v2 2/4] uaccess: always export _copy_[from|to]_user with CONFIG_RUST Alice Ryhl
[not found] ` <20240208225608.11987-1-kernel@valentinobst.de>
2024-02-09 14:41 ` Arnd Bergmann
2024-02-10 0:15 ` Kees Cook
2024-02-10 11:07 ` Arnd Bergmann [this message]
2024-02-14 10:51 ` Alice Ryhl
2024-02-08 15:47 ` [PATCH v2 3/4] rust: uaccess: add typed accessors for userspace pointers Alice Ryhl
2024-02-08 22:57 ` Valentin Obst
2024-02-09 10:40 ` Alice Ryhl
2024-02-09 17:18 ` Valentin Obst
2024-02-08 15:47 ` [PATCH v2 4/4] rust: add abstraction for `struct page` Alice Ryhl
2024-02-10 4:23 ` Martin Rodriguez Reboredo
2024-02-12 9:36 ` Alice Ryhl
2024-02-12 18:11 ` Martin Rodriguez Reboredo
2024-02-27 8:32 ` Andreas Hindborg
2024-02-27 15:37 ` Matthew Wilcox
2024-02-27 15:56 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4f0eb08d-bb5d-4544-aeba-ac9d8a663005@app.fastmail.com \
--to=arnd@arndb.de \
--cc=a.hindborg@samsung.com \
--cc=akpm@linux-foundation.org \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=arve@android.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maco@android.com \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=tkjos@android.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox