Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934729AbeAHQU0 (ORCPT + 1 other); Mon, 8 Jan 2018 11:20:26 -0500 Received: from esa1.hgst.iphmx.com ([68.232.141.245]:20342 "EHLO esa1.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932349AbeAHQUV (ORCPT ); Mon, 8 Jan 2018 11:20:21 -0500 X-IronPort-AV: E=Sophos;i="5.46,330,1511798400"; d="scan'208";a="170996371" Subject: Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution To: Dan Williams , "Eric W. Biederman" Cc: Linux Kernel Mailing List , Mark Rutland , Peter Zijlstra , Alan Cox , Srinivas Pandruvada , Will Deacon , Solomon Peachy , "H. Peter Anvin" , Christian Lamparter , Elena Reshetova , linux-arch@vger.kernel.org, Andi Kleen , "James E.J. Bottomley" , linux-scsi , Jonathan Corbet , X86 ML , Ingo Molnar , Alexey Kuznetsov , Zhang Rui , "Linux-media@vger.kernel.org" , Arnd Bergmann , Jan Kara , Eduardo Valentin , Al Viro , qla2xxx-upstream@qlogic.com, Thomas Gleixner , Mauro Carvalho Chehab , Arjan van de Ven , Kalle Valo , Alan Cox , "Martin K. Petersen" , Hideaki YOSHIFUJI , Greg KH , linux-wireless@vger.kernel.org, Netdev , Linus Torvalds , "David S. Miller" , Laurent Pinchart References: <151520099201.32271.4677179499894422956.stgit@dwillia2-desk3.amr.corp.intel.com> <87y3lbpvzp.fsf@xmission.com> From: Bart Van Assche Message-ID: Date: Mon, 8 Jan 2018 08:20:19 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 01/05/18 22:30, Dan Williams wrote: > On Fri, Jan 5, 2018 at 6:22 PM, Eric W. Biederman wrote: >> Please expand this. >> >> It is not clear what the static analysis is looking for. Have a clear >> description of what is being fixed is crucial for allowing any of these >> changes. >> >> For the details given in the change description what I read is magic >> changes because a magic process says this code is vulnerable. > > Yes, that was my first reaction to the patches as well, I try below to > add some more background and guidance, but in the end these are static > analysis reports across a wide swath of sub-systems. It's going to > take some iteration with domain experts to improve the patch > descriptions, and that's the point of this series, to get the better > trained eyes from the actual sub-system owners to take a look at these > reports. More information about what the static analysis is looking for would definitely be welcome. Additionally, since the analysis tool is not publicly available, how are authors of new kernel code assumed to verify whether or not their code needs to use nospec_array_ptr()? How are reviewers of kernel code assumed to verify whether or not nospec_array_ptr() is missing where it should be used? Since this patch series only modifies the upstream kernel, how will out-of-tree drivers be fixed, e.g. the nVidia driver and the Android drivers? Thanks, Bart.