• Will Deacon's avatar
    x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() · 6e693b3f
    Will Deacon authored
    Commit 594cc251 ("make 'user_access_begin()' do 'access_ok()'")
    makes the access_ok() check part of the user_access_begin() preceding a
    series of 'unsafe' accesses.  This has the desirable effect of ensuring
    that all 'unsafe' accesses have been range-checked, without having to
    pick through all of the callsites to verify whether the appropriate
    checking has been made.
    
    However, the consolidated range check does not inhibit speculation, so
    it is still up to the caller to ensure that they are not susceptible to
    any speculative side-channel attacks for user addresses that ultimately
    fail the access_ok() check.
    
    This is an oversight, so use __uaccess_begin_nospec() to ensure that
    speculation is inhibited until the access_ok() check has passed.
    Reported-by: default avatarJulien Thierry <julien.thierry@arm.com>
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    6e693b3f
uaccess.h 21.2 KB