Re: [PATCH] LoongArch: add spectre boundry for syscall dispatch table

Next message: Breno Leitao: "Re: [PATCH] arm64: panic if IRQ shadow call stack allocation fails"
Previous message: Guixin Liu: "Re: [PATCH 1/2] genirq/msi: Introduce update hwsize helper"
In reply to: Xi Ruoyao: "Re: [PATCH] LoongArch: add spectre boundry for syscall dispatch table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg Kroah-Hartman

Date: Wed Mar 25 2026 - 04:53:41 EST

On Wed, Mar 25, 2026 at 11:26:29AM +0800, Xi Ruoyao wrote:
> On Tue, 2026-03-24 at 17:30 +0100, Greg Kroah-Hartman wrote:
> > The LoongArch syscall number is directly controlled by userspace, but
> > does not have a array_index_nospec() boundry to prevent access past
> > the
> > syscall function pointer tables.
> >
> > Cc: Huacai Chen <chenhuacai@xxxxxxxxxx>
> > Cc: WANG Xuerui <kernel@xxxxxxxxxx>
> > Assisted-by: gkh_clanker_2000
> > Cc: stable <stable@xxxxxxxxxx>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> > ---
> > My scripts caught this as I think LoongArch is vulnerable to the
>
> There's no evidence. The kernel currently report all LoongArch
> processors invulnerable to spectre V1 via cpuinfo.

Where is that? In the sysfs files, or in the actual silicon testing?

> So NAK unless there's a reproducer of spectre V1 on LoongArch. If so
> we'd also need to adjust the cpuinfo output.

I really thought this cpu was vulnerable to this, but if the companies
say it isn't, then great, but reports like this:
https://cc-sw.com/chinese-loongarch-architecture-evaluation-part-3-of-3/
say that the silicon is vulnerable. So, which is it?

confused,

greg k-h