Re: [PATCH] atm: zatm: Fix potential Spectre v1

From: David Miller
Date: Thu May 03 2018 - 15:25:14 EST

Next message: Pavel Machek: "Droid 4: very confusing config around OHCI_OMAP3_HCD"
Previous message: Ross Zwisler: "[PATCH 4/5] radix tree test suite: multi-order iteration race"
In reply to: Randy Dunlap: "Re: [PATCH] atm: zatm: Fix potential Spectre v1"
Next in thread: David Miller: "Re: [PATCH] atm: zatm: Fix potential Spectre v1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Date: Thu, 3 May 2018 12:09:40 -0700

> Just for (my) info: all of these types of patches are to prevent
> what is loaded in cache when the index is out of range, right?
> Not some random pool_info[random], but pool_info[valid, i.e., 0].
>
> Since the value of pool is already sanity checked and -EINVAL is
> returned when it's out of range.

Well, the whole point is that the cpu can speculate execution past the
range check and execute the indexed read anyways. So even if the
value is "sanity checked" the cpu can execute ahead and load things
into the cache, just cancelling the register state updates later when
the range check is fully resolved.

Next message: Pavel Machek: "Droid 4: very confusing config around OHCI_OMAP3_HCD"
Previous message: Ross Zwisler: "[PATCH 4/5] radix tree test suite: multi-order iteration race"
In reply to: Randy Dunlap: "Re: [PATCH] atm: zatm: Fix potential Spectre v1"
Next in thread: David Miller: "Re: [PATCH] atm: zatm: Fix potential Spectre v1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]