On Sat, 12 Oct 2024 at 01:49, Andrew Cooper <andrew.coop...@citrix.com> wrote:
>
> You do realise mask_user_address() is unsafe under speculation on AMD
> systems?
That had *better* not be true.
> Had the mask_user_address() patch been put for review, this feedback
> would have been given then.
That's BS.
Why? Look at commit b19b74bc99b1 ("x86/mm: Rework address range check
in get_user() and put_user()").
This mask_user_address() thing is how we've been doing a regular
get/put_user() for the last 18 months. It's *exactly* the same
pattern:
mov %rax, %rdx
sar $63, %rdx
or %rdx, %rax
ie we saturate the sign bit.
> AMD needs to arrange for bit 47 (bit 58 with LA57) to be the one
> saturated by shifting, not bit 63.
>
> As it stands, you're reintroducing the very problem barrier_nospec() was
> introduced to mitigate.
If that's true, we have much bigger issues. And it has nothing to do
with the new address masking macro, that just exposed existing logic.
Linus
