Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()

From: Matthew Wilcox
Date: Wed May 29 2019 - 20:08:42 EST

Next message: Michael Kelley: "RE: [PATCH 1/1] Drivers: hv: vmbus: Break out ISA independent parts of mshyperv.h"
Previous message: Casey Schaufler: "Re: [PATCH 3/7] vfs: Add a mount-notification facility"
In reply to: Alexey Dobriyan: "Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 29, 2019 at 11:31:06PM +0300, Alexey Dobriyan wrote:
> > I think it makes more sense to sanitize size in size_index_elem(),
> > don't you?
>
> > - return (bytes - 1) / 8;
> > + return array_index_nospec((bytes - 1) / 8, ARRAY_SIZE(size_index));
>
> I think it should be fixed in poll.
> Literally every small variable kmalloc call is going through this function.

We could do that too, but don't we then have to audit every ioctl and
similar to see if there's a k(v)malloc based on a size passed from
userspace?

Next message: Michael Kelley: "RE: [PATCH 1/1] Drivers: hv: vmbus: Break out ISA independent parts of mshyperv.h"
Previous message: Casey Schaufler: "Re: [PATCH 3/7] vfs: Add a mount-notification facility"
In reply to: Alexey Dobriyan: "Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]