Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755397AbeAJDHY (ORCPT + 1 other); Tue, 9 Jan 2018 22:07:24 -0500 Received: from mail-pg0-f66.google.com ([74.125.83.66]:38655 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752320AbeAJDHV (ORCPT ); Tue, 9 Jan 2018 22:07:21 -0500 X-Google-Smtp-Source: ACJfBos/f4RToLLkaQGLpCiiKywC/rkgKO9kg0emY69Yt2mEyknPI5aZnqHfBLMsKp9xfgOZjnhrVA== Date: Tue, 9 Jan 2018 19:07:17 -0800 From: Alexei Starovoitov To: Dan Williams Cc: Linus Torvalds , "Eric W. Biederman" , Linux Kernel Mailing List , linux-arch@vger.kernel.org, Peter Zijlstra , Netdev , Greg KH , Thomas Gleixner , "David S. Miller" , Elena Reshetova , Alan Cox Subject: Re: [PATCH 16/18] net: mpls: prevent bounds-check bypass via speculative execution Message-ID: <20180110030715.646ca2iss4ecr5mo@ast-mbp> References: <151520099201.32271.4677179499894422956.stgit@dwillia2-desk3.amr.corp.intel.com> <151520108080.32271.16420298348259030860.stgit@dwillia2-desk3.amr.corp.intel.com> <87lgh7n2tf.fsf@xmission.com> <20180110015713.im4atka6sahz7ucx@ast-mbp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170421 (1.8.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Tue, Jan 09, 2018 at 06:22:09PM -0800, Dan Williams wrote: > > When you came up with that tweak you noted: > > "The following: > [..] > is generic and no speculative flows." I meant 'no speculative control flow' load speculation still happens. > > > This macro doesn't prevent speculation. > > It masks dangerous speculation. At least, I read nospec as "No > Spectre" and it is a prefix used in the Spectre-v2 patches. ahh. I thought 'nospec' means 'no speculation'. I think it's too much of an honor to use bug name for the macro that will be used in many places in the kernel. > > I think array_access() was the best name so far. > > For other usages I need the pointer to the array element, also > array_access() by itself is unsuitable for __fcheck_files because we > still need rcu_dereference_raw() on the element de-reference. So, I > think it's better to get a sanitized array element pointer which can > be used with rcu, READ_ONCE(), etc... directly rather than try to do > the access in the same macro. makes sense, then array_ptr() should fit ? I'm hearing rumors that the first cpu with variant 2 and 3 fixed will be appearing in early 2019. Which is amazing considering cpu release cycles, but it also means that variant 1 will stay with us for long time and we better pick clean interface and name for it.