Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750903AbeAORt0 (ORCPT + 1 other); Mon, 15 Jan 2018 12:49:26 -0500 Received: from mail-ot0-f194.google.com ([74.125.82.194]:44477 "EHLO mail-ot0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750827AbeAORtW (ORCPT ); Mon, 15 Jan 2018 12:49:22 -0500 X-Google-Smtp-Source: ACJfBoup856LRWjzQvNDo7rQVf7WFWP9pZSynz80W2HYUYhoTQsuLhGdnk9WVyaxXg/CayoIzyaxm/v6y6KmdEnVxBE= MIME-Version: 1.0 In-Reply-To: <20180115103220.g3xtdsybkfxqkapx@quack2.suse.cz> References: <151571798296.27429.7166552848688034184.stgit@dwillia2-desk3.amr.corp.intel.com> <151571805555.27429.728109914195885407.stgit@dwillia2-desk3.amr.corp.intel.com> <20180115103220.g3xtdsybkfxqkapx@quack2.suse.cz> From: Dan Williams Date: Mon, 15 Jan 2018 09:49:21 -0800 Message-ID: Subject: Re: [PATCH v2 13/19] udf: prevent bounds-check bypass via speculative execution To: Jan Kara Cc: Linux Kernel Mailing List , linux-arch@vger.kernel.org, kernel-hardening@lists.openwall.com, Jan Kara , Thomas Gleixner , Linus Torvalds , Andrew Morton , Elena Reshetova , Alan Cox Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Mon, Jan 15, 2018 at 2:32 AM, Jan Kara wrote: > On Thu 11-01-18 16:47:35, Dan Williams wrote: >> Static analysis reports that 'eahd->appAttrLocation' and >> 'eahd->impAttrLocation' may be a user controlled values that are used as >> data dependencies for calculating source and destination buffers for >> memmove operations. In order to avoid potential leaks of kernel memory >> values, block speculative execution of the instruction stream that could >> issue further reads based on invalid 'aal' or 'ial' values. >> >> Based on an original patch by Elena Reshetova. >> >> Cc: Jan Kara >> Signed-off-by: Elena Reshetova >> Signed-off-by: Dan Williams > > Dan, I've already emailed to you [1] why I don't think this patch is needed > at all. Do you disagree or did my email just get lost? > > [1] https://marc.info/?l=linux-arch&m=151540683024125&w=2 Sorry, I missed that one before the v2 posting went out. I've dropped this from the v3 [1] posting. [1]: https://marc.info/?l=linux-kernel&m=151586794400997&w=2