Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp5527593ybi; Tue, 30 Jul 2019 22:46:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqwDMwwBEUkjuRIlcVUzLk11DP8qNRytIpFTatQZbcePEIzvbzLimDQhXqr/IRrHVJZKmmTB X-Received: by 2002:a17:902:290b:: with SMTP id g11mr116600978plb.26.1564552017384; Tue, 30 Jul 2019 22:46:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564552017; cv=none; d=google.com; s=arc-20160816; b=HEJjlkooyOlNHdK3YZQ80mXrJ4ck+OftrPlBbO+MEvm28IdKWszotCD61HP5xHFha2 QtYo1SmjJElPGNZY4/NhtEreDS5Cj3mh4Di9PvZDDYb8lCutZVyWb4OijUSM69vQP3u6 o2+tDJ1F9Yijrpf9ebYCJ58ke/TA+1X7H+qYKc1Ia5JaQIzWFv22kq0vN6x6GmDFgqOU N14JSKcj8/6UAkxEpF9G7gQxsebAEXMM0SjR6HYRDkhFg5V5Ap0zimnLBqDQFctPz9Bu Cw7os4At6zT5d7t95VaswIzUQin+J8nk9uQhXqg+I1PW75MVbtjujiKmyPpo+O5D6Z5P G/7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Ztz7L2veYDJ0p/jIKh0dslIL5oc+upT2KppLD1ik/Hg=; b=aJ/LjlAjYPcAcOthdE/NpHDqxNpf1A4/ZIEl3/7bDp1MYk2ykDY21q4tK4eHrsa0E/ /81TZiSb6LKoe5ARUInKYlUVXG13FFdNRA4wtBLcdNP4JAxZhAZ0tifrezJvt97d3CFB nY2mIHg5qY6JD56dNDidgpd8+I1CMHtHNU9GEU4fM7yPnZ/x1KrLTPAyi1cvkdvRx7wS QWoD66DCAydX5Ct9K7ryf5+CwaZNBLJc1L10nLW8uUF+eBSy/Ud3SQ8iz9++y8/7hZ94 L68mEgMgZsHY3/oitHX3qO2gQq+0OuzTnONRA1IXTdVMY7ep9C+OABOMKWngqm/0PXbt VgcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k65si29917102pge.422.2019.07.30.22.46.41; Tue, 30 Jul 2019 22:46:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387495AbfGaE2D (ORCPT + 99 others); Wed, 31 Jul 2019 00:28:03 -0400 Received: from mga05.intel.com ([192.55.52.43]:6051 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387473AbfGaE2D (ORCPT ); Wed, 31 Jul 2019 00:28:03 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Jul 2019 21:28:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,328,1559545200"; d="scan'208";a="371952775" Received: from iweiny-desk2.sc.intel.com ([10.3.52.157]) by fmsmga006.fm.intel.com with ESMTP; 30 Jul 2019 21:28:02 -0700 Date: Tue, 30 Jul 2019 21:28:01 -0700 From: Ira Weiny To: "Gustavo A. R. Silva" Cc: Tony Luck , Doug Ledford , Jason Gunthorpe , Leon Romanovsky , Parav Pandit , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] IB/core: Add mitigation for Spectre V1 Message-ID: <20190731042801.GA2179@iweiny-DESK2.sc.intel.com> References: <20190730202407.31046-1-tony.luck@intel.com> <95f5cf70-1a1d-f48c-efac-f389360f585e@embeddedor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <95f5cf70-1a1d-f48c-efac-f389360f585e@embeddedor.com> User-Agent: Mutt/1.11.1 (2018-12-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 30, 2019 at 06:52:12PM -0500, Gustavo A. R. Silva wrote: > > > On 7/30/19 3:24 PM, Tony Luck wrote: > > Some processors may mispredict an array bounds check and > > speculatively access memory that they should not. With > > a user supplied array index we like to play things safe > > by masking the value with the array size before it is > > used as an index. > > > > Signed-off-by: Tony Luck > > --- > > > > [I don't have h/w, so just compile tested] > > > > drivers/infiniband/core/user_mad.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/infiniband/core/user_mad.c b/drivers/infiniband/core/user_mad.c > > index 9f8a48016b41..fdce254e4f65 100644 > > --- a/drivers/infiniband/core/user_mad.c > > +++ b/drivers/infiniband/core/user_mad.c > > @@ -49,6 +49,7 @@ > > #include > > #include > > #include > > +#include > > > > #include > > > > @@ -888,6 +889,7 @@ static int ib_umad_unreg_agent(struct ib_umad_file *file, u32 __user *arg) > > mutex_lock(&file->port->file_mutex); > > mutex_lock(&file->mutex); > > > > + id = array_index_nospec(id, IB_UMAD_MAX_AGENTS); > > This is wrong. This prevents the below condition id >= IB_UMAD_MAX_AGENTS > from ever being true. And I don't think this is what you want. Ah Yea... FWIW this would probably never be hit. Tony; split the check? if (id >= IB_UMAD_MAX_AGENTS) { ret = -EINVAL; goto out; } id = array_index_nospec(id, IB_UMAD_MAX_AGENTS); if (!__get_agent(file, id)) { ret = -EINVAL; goto out; } Ira > > > if (id >= IB_UMAD_MAX_AGENTS || !__get_agent(file, id)) { > > ret = -EINVAL; > > goto out; > > > > -- > Gustavo