Received: by 10.192.165.148 with SMTP id m20csp626402imm; Fri, 4 May 2018 03:51:15 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrDInFcAu2cNG0HsL9f+9BRS68NvYdUZMt0TfUP19luvbqrVW/b3o4R1JwxOlPkm/Aix6au X-Received: by 2002:a17:902:b60a:: with SMTP id b10-v6mr26961245pls.221.1525431074967; Fri, 04 May 2018 03:51:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525431074; cv=none; d=google.com; s=arc-20160816; b=brMscRgHrG+amBzzcdL1GWnMR4256bKsV7XgC8fFr95A4XuTQbmS5F68sdMgGSDrrH C94ChCbZTMN4ZWJwcZG+EX22zKuzrsx6MAtOuBW4grpVpWJJM6ybHtbb/yv1GvciF+y7 hv6GjMweV9nrCzvJkheHwArwRCwFQZAMBy6xhCXM/djTCqiujmbKL/uFwXScyPeOwO6Z Ocq58apETvzHmIZrS8eZARbc6IB0xwKljCPq+QETV+HoFo978nraoqSCcybp2YEgor0f I3fEDz8gIYceKsYAhV5SaCYV/eAglO/6dcGLWB2qr7mOahJkTBs9D+zJ0m8yozxBTLhP +QMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=18PhaZ/ETAMi9BmOQed8EF7dVr7HuIJGhh3j3T0s3wM=; b=c1oYc2w5SA3H+v5LTOxhgjuKvMj3GYgeY5QEBUWST2LEMQRV9c3VOLJh+2hDshk9l6 Ecfj5oXHm0CYmMQdgKlFa9PNr3WsHBakbksIYn5oAymU5yn2uSZ7IInU7m9s+VHwSjJ1 YKvoPlyh2zgc/V2/e+PI2Je9bN3d309erPFVLraT4iDeH7eeiuOYyDWctRPxtyBNmMiK TmQJ449H2Ku+Vu1N5Bw0+JrTMCmfAGlP9xnn6ZQt9EIA7ZfY0k/YiuM2ASOsQaZJh07J zMI498Tm1AEDBotr/7Nkzfisu78up7Nfu8xSfHpjWrsvFCzh+opGhwqTPVwzDyjsjGc5 5DOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n8-v6si13361872pgf.667.2018.05.04.03.51.00; Fri, 04 May 2018 03:51:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751314AbeEDKtd (ORCPT + 99 others); Fri, 4 May 2018 06:49:33 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:52094 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750820AbeEDKtc (ORCPT ); Fri, 4 May 2018 06:49:32 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 196081529; Fri, 4 May 2018 03:49:32 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id DBDDA3F587; Fri, 4 May 2018 03:49:30 -0700 (PDT) Date: Fri, 4 May 2018 11:49:28 +0100 From: Mark Rutland To: Daniel Borkmann Cc: linux-kernel@vger.kernel.org, Alexei Starovoitov , Dan Carpenter , Peter Zijlstra , netdev@vger.kernel.org Subject: Re: [PATCH] bpf: fix possible spectre-v1 in find_and_alloc_map() Message-ID: <20180504104927.qp4rwx6fuomdihov@lakrids.cambridge.arm.com> References: <20180503160459.4111-1-mark.rutland@arm.com> <28363c0d-0b78-681c-d9ea-908671b0067e@iogearbox.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <28363c0d-0b78-681c-d9ea-908671b0067e@iogearbox.net> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 04, 2018 at 02:16:31AM +0200, Daniel Borkmann wrote: > On 05/03/2018 06:04 PM, Mark Rutland wrote: > > It's possible for userspace to control attr->map_type. Sanitize it when > > using it as an array index to prevent an out-of-bounds value being used > > under speculation. > > > > Found by smatch. > > > > Signed-off-by: Mark Rutland > > Cc: Alexei Starovoitov > > Cc: Dan Carpenter > > Cc: Daniel Borkmann > > Cc: Peter Zijlstra > > Cc: netdev@vger.kernel.org > > Applied to bpf tree, thanks Mark! Cheers! > I've also just submitted one for BPF progs > (http://patchwork.ozlabs.org/patch/908385/) which is same situation. That looks good to me. That case doesn't show up in my smatch results so far, but I might just need a few more build iterations. Thanks, Mark.