Re: [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-25 Thread Dan Williams
On Wed, Jan 24, 2018 at 11:09 PM, Cyril Novikov wrote: > On 1/18/2018 4:01 PM, Dan Williams wrote: >> >> 'array_ptr' is proposed as a generic mechanism to mitigate against >> Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks >> via speculative execution).

Re: [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-25 Thread Dan Williams
On Wed, Jan 24, 2018 at 11:09 PM, Cyril Novikov wrote: > On 1/18/2018 4:01 PM, Dan Williams wrote: >> >> 'array_ptr' is proposed as a generic mechanism to mitigate against >> Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks >> via speculative execution). The 'array_ptr'

Re: [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-24 Thread Cyril Novikov
On 1/18/2018 4:01 PM, Dan Williams wrote: 'array_ptr' is proposed as a generic mechanism to mitigate against Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks via speculative execution). The 'array_ptr' implementation is expected to be safe for current generation cpus

Re: [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-24 Thread Cyril Novikov
On 1/18/2018 4:01 PM, Dan Williams wrote: 'array_ptr' is proposed as a generic mechanism to mitigate against Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks via speculative execution). The 'array_ptr' implementation is expected to be safe for current generation cpus

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Dan Williams
On Fri, Jan 19, 2018 at 10:18 AM, Linus Torvalds wrote: > On Fri, Jan 19, 2018 at 2:20 AM, Jann Horn wrote: >>> + \ >>> + __u._ptr = _arr + (_i & _mask);

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Dan Williams
On Fri, Jan 19, 2018 at 10:18 AM, Linus Torvalds wrote: > On Fri, Jan 19, 2018 at 2:20 AM, Jann Horn wrote: >>> + \ >>> + __u._ptr = _arr + (_i & _mask); \ >>> + __u._bit &= _mask;

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Dan Williams
On Fri, Jan 19, 2018 at 10:18 AM, Will Deacon wrote: > > On Fri, Jan 19, 2018 at 10:12:47AM -0800, Dan Williams wrote: > > [ adding Alexei back to the cc ] > > > > On Fri, Jan 19, 2018 at 9:48 AM, Adam Sampson wrote: > > > Jann Horn writes:

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Dan Williams
On Fri, Jan 19, 2018 at 10:18 AM, Will Deacon wrote: > > On Fri, Jan 19, 2018 at 10:12:47AM -0800, Dan Williams wrote: > > [ adding Alexei back to the cc ] > > > > On Fri, Jan 19, 2018 at 9:48 AM, Adam Sampson wrote: > > > Jann Horn writes: > > > > > >>> +/* > > >>> + * If idx is negative or if

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Linus Torvalds
On Fri, Jan 19, 2018 at 2:20 AM, Jann Horn wrote: >> + \ >> + __u._ptr = _arr + (_i & _mask); \ >> + __u._bit &= _mask;

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Linus Torvalds
On Fri, Jan 19, 2018 at 2:20 AM, Jann Horn wrote: >> + \ >> + __u._ptr = _arr + (_i & _mask); \ >> + __u._bit &= _mask; \ > > AFAICS, if

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Will Deacon
On Fri, Jan 19, 2018 at 10:12:47AM -0800, Dan Williams wrote: > [ adding Alexei back to the cc ] > > On Fri, Jan 19, 2018 at 9:48 AM, Adam Sampson wrote: > > Jann Horn writes: > > > >>> +/* > >>> + * If idx is negative or if idx > size then bit 63 is set in the

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Will Deacon
On Fri, Jan 19, 2018 at 10:12:47AM -0800, Dan Williams wrote: > [ adding Alexei back to the cc ] > > On Fri, Jan 19, 2018 at 9:48 AM, Adam Sampson wrote: > > Jann Horn writes: > > > >>> +/* > >>> + * If idx is negative or if idx > size then bit 63 is set in the mask, > >>> + * and the value of

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Adam Sampson
Jann Horn writes: >> +/* >> + * If idx is negative or if idx > size then bit 63 is set in the mask, >> + * and the value of ~(-1L) is zero. When the mask is zero, bounds check >> + * failed, array_ptr will return NULL. >> + */ >> +#ifndef array_ptr_mask >> +static inline

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Adam Sampson
Jann Horn writes: >> +/* >> + * If idx is negative or if idx > size then bit 63 is set in the mask, >> + * and the value of ~(-1L) is zero. When the mask is zero, bounds check >> + * failed, array_ptr will return NULL. >> + */ >> +#ifndef array_ptr_mask >> +static inline unsigned long

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Dan Williams
[ adding Alexei back to the cc ] On Fri, Jan 19, 2018 at 9:48 AM, Adam Sampson wrote: > Jann Horn writes: > >>> +/* >>> + * If idx is negative or if idx > size then bit 63 is set in the mask, >>> + * and the value of ~(-1L) is zero. When the mask is zero,

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Dan Williams
[ adding Alexei back to the cc ] On Fri, Jan 19, 2018 at 9:48 AM, Adam Sampson wrote: > Jann Horn writes: > >>> +/* >>> + * If idx is negative or if idx > size then bit 63 is set in the mask, >>> + * and the value of ~(-1L) is zero. When the mask is zero, bounds check >>> + * failed, array_ptr

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Jann Horn
On Fri, Jan 19, 2018 at 1:01 AM, Dan Williams wrote: > 'array_ptr' is proposed as a generic mechanism to mitigate against > Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks > via speculative execution). The 'array_ptr' implementation is expected >

Re: [kernel-hardening] [PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-19 Thread Jann Horn
On Fri, Jan 19, 2018 at 1:01 AM, Dan Williams wrote: > 'array_ptr' is proposed as a generic mechanism to mitigate against > Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks > via speculative execution). The 'array_ptr' implementation is expected > to be safe for current

[PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-18 Thread Dan Williams
'array_ptr' is proposed as a generic mechanism to mitigate against Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks via speculative execution). The 'array_ptr' implementation is expected to be safe for current generation cpus across multiple architectures (ARM, x86). Based

[PATCH v4 02/10] asm/nospec, array_ptr: sanitize speculative array de-references

2018-01-18 Thread Dan Williams
'array_ptr' is proposed as a generic mechanism to mitigate against Spectre-variant-1 attacks, i.e. an attack that bypasses boundary checks via speculative execution). The 'array_ptr' implementation is expected to be safe for current generation cpus across multiple architectures (ARM, x86). Based