Received: by 10.192.165.148 with SMTP id m20csp797443imm; Wed, 25 Apr 2018 07:50:51 -0700 (PDT) X-Google-Smtp-Source: AIpwx48GWtBm9UuEDdccv2Pc08WP3SsO7c9CPQivQGyxSG01Ode6vcbcnvhw5MPqz46e42ibAgVe X-Received: by 10.99.97.151 with SMTP id v145mr24424612pgb.35.1524667851657; Wed, 25 Apr 2018 07:50:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524667851; cv=none; d=google.com; s=arc-20160816; b=Rs1IFKfa5JW4f+1nTZ/uYfKiIVLxnx/J+gYZ+wZ7N9BnKyrozvipU1cutbUSByzAXt W7cbmio1O/+fUmC+MjGI0QjD8oc0DxYf54AJA5LM6BhFcR9ckmKY1K4rK6OlLe75lorb 4L3gGH0yG8VY2VoAzDhPLlpfVkHTMTw3ymvesTrWsDo6zkpPuEzds2VQ46df+hR41pRv StWhDDUnl3eDD3iQfztT+/vRXNAAaN5zNS6bKEIM2BgY5eG/vkMSJ07jQD2VkNSqFFl0 lTFpQ/BcyeKsoMwArsirGmyG1XBNK8+1UngIYSlsmpfLgcSWXaSnsSixwkj91s0OxKhd b6/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=u6S5fKeDFZLviDHT1a8XmrTJZ3exaes8LC2O27TJPZg=; b=qT4CAxmWf6LWKNQCoZl1gEYIUlf2M60AFhfhenEVp7cfz4f1xiLQOSyySIqy1gUrRt QwrfP8HSBrcgwZP9MEa14gir18c+YcS986mG6xrob8uUqVV3pcojtsCTY4+9h5nSSkYh 0HeR8VMnEkiy8ScchAkbtv1IaS+bTw6ZZFxzxh0dWlAvL2TVZ5PzGw7hZFgnk9cE4V9P ju0UjLtJmqID64FRXcnMjkrb6+Vy5C77kcNRfK9Iej+q+/6CxYQZ0XZG0AOnxSM29ErW AkoBPt8bcDA4EcrPuaS6OWi8QStlYwYG5oLXfWdskn6rHvx7miTM+WFrJZgSqXb76fth zNZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d92-v6si16796022pld.195.2018.04.25.07.50.36; Wed, 25 Apr 2018 07:50:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754641AbeDYOt1 (ORCPT + 99 others); Wed, 25 Apr 2018 10:49:27 -0400 Received: from www.llwyncelyn.cymru ([82.70.14.225]:60450 "EHLO fuzix.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753327AbeDYOt0 (ORCPT ); Wed, 25 Apr 2018 10:49:26 -0400 Received: from alans-desktop (82-70-14-226.dsl.in-addr.zen.co.uk [82.70.14.226]) by fuzix.org (8.15.2/8.15.2) with ESMTP id w3PEmrxg027725; Wed, 25 Apr 2018 15:48:53 +0100 Date: Wed, 25 Apr 2018 15:48:52 +0100 From: Alan Cox To: Mark Rutland Cc: Dan Carpenter , linux-kernel@vger.kernel.org, Peter Zijlstra , "Gustavo A. R. Silva" Subject: Re: Smatch check for Spectre stuff Message-ID: <20180425154852.2486f267@alans-desktop> In-Reply-To: <20180425131958.hhapvc3b2i3b4pgy@lakrids.cambridge.arm.com> References: <20180419051510.GA21898@mwanda> <20180425131958.hhapvc3b2i3b4pgy@lakrids.cambridge.arm.com> Organization: Intel Corporation X-Mailer: Claws Mail 3.15.1-dirty (GTK+ 2.24.32; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > 2) Compiler transformations can elide binary operations, so we cannot > rely on source level AND (&) or MOD (%) operations to narrow the > range of an expression, regardless of the types of either operand. > > This means that source-level AND and MOD operations cannot be relied > upon under speculation. You need to use volatiles and memory barriers if trying to do it explicitly in C. The compilers will do some really quite insanely brilliant things otherwise. That's one reason that not using fences is really tricky and belongs wrapped in helpers. > I suspect this means *many* more potential spectre gadgets. :( I expect so as well as probably a lot of false positives - the tools in the space are all pretty new. Array access isn't always needed either. Remember that something as simple as x = size_table[user]; memset(buf, 0, x); can speculatively reveal things, as can 'classical' side channels such as variable length instruction timings. Alan