Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()

From: Michal Hocko
Date: Wed May 29 2019 - 13:53:04 EST

Next message: James Morse: "Re: [PATCH 14/21] EDAC, ghes: Extract numa node information for each dimm"
Previous message: Jann Horn: "Re: [PATCH 1/7] General notification queue with user mmap()'able ring buffer"
In reply to: Dianzhang Chen: "Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()"
Next in thread: Dianzhang Chen: "Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu 30-05-19 00:39:53, Dianzhang Chen wrote:
> It's come from `192+1`.
>
>
> The more code fragment is:
>
>
> if (size <= 192) {
>
> if (!size)
>
> return ZERO_SIZE_PTR;
>
> size = array_index_nospec(size, 193);
>
> index = size_index[size_index_elem(size)];
>
> }

OK I see, I could have looked into the code, my bad. But I am still not
sure what is the potential exploit scenario and why this particular path
a needs special treatment while other size branches are ok. Could you be
more specific please?
--
Michal Hocko
SUSE Labs

Next message: James Morse: "Re: [PATCH 14/21] EDAC, ghes: Extract numa node information for each dimm"
Previous message: Jann Horn: "Re: [PATCH 1/7] General notification queue with user mmap()'able ring buffer"
In reply to: Dianzhang Chen: "Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()"
Next in thread: Dianzhang Chen: "Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]