On Wed, 23 Oct 2024 at 16:32, Linus Torvalds <torva...@linux-foundation.org> wrote: > > And I guess I should make "__put_user()" do the same thing, just so > that we only have one sequence.
No, I decided it's not worth it. The put_user side already also doesn't do any other speculation barriers, simply because it has no speculative outputs that could then be used in some gadget to leak anything. I did extend the USER_ADDR_MAX logic to valid_user_address(), and I wrote a commit log. And sent out what I *think* is a good patch to lkml and the x86 maintainers: https://lore.kernel.org/all/20241024013214.129639-1-torva...@linux-foundation.org/ I'm not super-happy with the open-coded magic runtime section stuff in getuser.S, but with no other asm users I also didn't want to randomly pollute some header file with ugly asm-specific macros that only get used in one place. Also, I left the LAM case in, but disabled in a comment about how it should be gated by LASS. So that code isn't actually enabled right now. Does anybody see any issues with that patch? It's not that many actual lines of code, and I've been staring at it pretty much all day today (in case anybody wondered why no pull requests), but I've been staring at it so much that I'm patch-blind by now. I've also looked at the generated code. You can look at the asm output, of course, but that ends up being pretty messy due to the fixup hackery. I've been doing objdump --disassemble --no-addresses --no-show-raw-insn vmlinux and you can see where this gets used by searching for "0x123456789abcdef" in the objdumpo disassembly. That's the runtime constant that gets rewritten. Obviously some of them are for another runtime constant (ie dcache_hash), but it's pretty obvious. The code generation seems ok, but like the patch, I'm getting code-blind from having looked at the same thing too many times. Yes, it looked better when it only used the sign bit, but oh well.. And yes, I'm running that code now, and I did a few tests with system calls with invalid addresses and some debug output. Which is still not saying "it has no bugs", but at least any bugs aren't obvious to me. Linus