Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6648664ybi; Wed, 29 May 2019 10:50:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqxzQdbe9mMrBuoxcWBF46r/HfuuL2tss5R/V/PwUrgIkinUdo0qTkrpsxVVtg8STx6o6mlK X-Received: by 2002:a62:198e:: with SMTP id 136mr130673026pfz.180.1559152257778; Wed, 29 May 2019 10:50:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559152257; cv=none; d=google.com; s=arc-20160816; b=b241BIQzRED+4O9+28iuPQREECHNg97xKeMSRwyN636tpZxexxeYe6fpa8aixXXtxr /5yepv4b0J1yQynHv9ddhFn883sA+fbB8psrX/zv9/WkNJXhY3j8jjFIKcCNKk8ZJNzH AaZul8i6hsBN4kK1quvmfiS07iqDsbgqzS0TlRwds6FjtoEOo5uVpBdjvxAP3jpyiNHt bL6TeVA+ptltWyRCbUk+0J5DvBlaJLpAo5LDEhxDS59SpOY1Ij7naD6ggd9uXJFPqvNg H2sblwmTPzlENdP8ViJKpxgN4EpSt0CE5m8TNQ7X9WsnrdVDaABDB42d10DepYzG39Yn NBmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=P7ysRMZt6AAuCtlwAp6M6h3nYp7ECC73QBcM+lIyMIY=; b=nFNya2d2crDxiIc6LqGCL5Yg7fHhWmhAzxQYOzm3o08EY6doxv+hD4QLpD1+Zz8wQs k9RdikWemKMT03pkpJmGl/krN06OXo7cihUnlJ6Nk8aUy17IKXRt2DBDrB20wzW6c8iO 3kZt/M6jT7rcasrPprdrl0rguxmgvagZh4iixmfTlzNRkMdqkMgIupQx5bHL9RzY7qs3 4na4gU0i0cbIishKwrtCZ6urfSYVu0nusOpzgik9aSJyuoApYGh/tgVyvonIdA6xD+Mn 5ZNzDWPpcxC6V91y1ixFy0fHU1+YTkM0drZsezTSnHnCvvXSp3lUGPMzalYtYUbYpGMk Z2jA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e8si275792plb.420.2019.05.29.10.50.41; Wed, 29 May 2019 10:50:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726250AbfE2Rtf (ORCPT + 99 others); Wed, 29 May 2019 13:49:35 -0400 Received: from mx2.suse.de ([195.135.220.15]:33186 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725956AbfE2Rtf (ORCPT ); Wed, 29 May 2019 13:49:35 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id C68D6ACD8; Wed, 29 May 2019 17:49:33 +0000 (UTC) Date: Wed, 29 May 2019 19:49:31 +0200 From: Michal Hocko To: Dianzhang Chen Cc: cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, linux-mm@kvack.org, LKML Subject: Re: [PATCH] mm/slab_common.c: fix possible spectre-v1 in kmalloc_slab() Message-ID: <20190529174931.GH18589@dhcp22.suse.cz> References: <1559133448-31779-1-git-send-email-dianzhangchen0@gmail.com> <20190529162532.GG18589@dhcp22.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu 30-05-19 00:39:53, Dianzhang Chen wrote: > It's come from `192+1`. > > > The more code fragment is: > > > if (size <= 192) { > > if (!size) > > return ZERO_SIZE_PTR; > > size = array_index_nospec(size, 193); > > index = size_index[size_index_elem(size)]; > > } OK I see, I could have looked into the code, my bad. But I am still not sure what is the potential exploit scenario and why this particular path a needs special treatment while other size branches are ok. Could you be more specific please? -- Michal Hocko SUSE Labs