Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

From: Dan Williams
Date: Tue Jan 09 2018 - 17:35:55 EST

Next message: Tom Lendacky: "[PATCH v1 0/2] x86/retpoline: Clear RETPOLINE_AMD if LFENCE is not serializing"
Previous message: Jae Hyun Yoo: "[PATCH linux dev-4.10 0/6] Add support PECI and PECI hwmon drivers"
In reply to: Josh Poimboeuf: "Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 9, 2018 at 2:23 PM, Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
> On Tue, Jan 09, 2018 at 01:59:04PM -0800, Dan Williams wrote:
>> > Right, but what's the purpose of preventing speculation past
>> > access_ok()?
>>
>> Caution. It's the same rationale for the nospec_array_ptr() patches.
>> If we, kernel community, can identify any possible speculation past a
>> bounds check we should inject a speculation mitigation. Unless there's
>> a way to be 100% certain that the first unwanted speculation can be
>> turned into a gadget later on in the instruction stream, err on the
>> side of shutting it down early.
>
> I'm all for being cautious. The nospec_array_ptr() patches are fine,
> and they make sense in light of the variant 1 CVE.
>
> But that still doesn't answer my question. I haven't seen *any*
> rationale for this patch. It would be helpful to at least describe
> what's being protected against, even if it's hypothetical. How can we
> review it if the commit log doesn't describe its purpose?

Certainly the changelog needs improvement, I'll roll these concerns
into v2 and we can go from there.

Next message: Tom Lendacky: "[PATCH v1 0/2] x86/retpoline: Clear RETPOLINE_AMD if LFENCE is not serializing"
Previous message: Jae Hyun Yoo: "[PATCH linux dev-4.10 0/6] Add support PECI and PECI hwmon drivers"
In reply to: Josh Poimboeuf: "Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]