On Sat, 12 Oct 2024 at 07:21, Borislav Petkov [off-list ref] wrote:

    Commit

      2865baf54077 ("x86: support user address masking instead of non-speculative conditional")

No.

Thos started long before. Again, see commit b19b74bc99b1 ("x86/mm:
Rework address range check in get_user() and put_user()") and the code
it generates.

get_user() results in a plain calls to __get_user_X, where X is the
size. No barriers. And __get_user_X() does that exact same thing.

And no, your suggested patch looks very suspicious:

  +#define mask_user_address(x) ((typeof(x)) \
  +                       ((long)(x) | ((long)(x) << (63 -
__VIRTUAL_MASK_SHIFT) >> 63)))

that does no masking at all on a kernel address, so you can feed it
random kernel addresses and it will just access them,

                  Linus