Re: [PATCH] posix-timers: Protect posix clock array access against speculation
From: Thomas Gleixner
Date: Thu Feb 15 2018 - 09:55:09 EST
On Thu, 15 Feb 2018, Dan Williams wrote:
> On Thu, Feb 15, 2018 at 6:05 AM, Rasmus Villemoes
> <rasmus.villemoes@xxxxxxxxx> wrote:
> > (2) The line "if (id >= ARRAY_SIZE(posix_clocks) || !posix_clocks[id])"
> > still seems to allow speculatively accessing posix_clocks[id]. Is that
> > ok, and even if so, wouldn't it be cleaner to elide the
> > !posix_clocks[id] check and just return the NULL safely fetched from the
> > array in the following line?
>
> Right, this looks broken. I would expect:
Indeed. Missed that.
> if (id >= ARRAY_SIZE(posix_clocks))
> return NULL;
> idx = array_index_nospec(idx, ARRAY_SIZE(posix_clocks));
> if (!posix_clocks[idx])
> return NULL;
> return posix_clocks[idx];
The !posix_clocks[idx] check is pointless and always was.
if (id >= ARRAY_SIZE(posix_clocks))
return NULL;
idx = array_index_nospec(idx, ARRAY_SIZE(posix_clocks));
return posix_clocks[idx];
is sufficient. It returns NULL for !posix_clocks[idx] anyway.
Thanks,
tglx