Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1828705rwd; Thu, 15 Jun 2023 16:48:08 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6p8uw6lZSeJsTD+TIJoM3sLayHMDhp0swVLkTkKt/rl0OHCEx50fTylHlBUe2U9g71w6Kv X-Received: by 2002:a05:6a21:398c:b0:10f:f672:6e86 with SMTP id ad12-20020a056a21398c00b0010ff6726e86mr955177pzc.16.1686872888270; Thu, 15 Jun 2023 16:48:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686872888; cv=none; d=google.com; s=arc-20160816; b=vfFReHYcul4XMQX9I2x8kbBBu5k4HQuyGtoR7Z9HqxAxSqk2bSU6B7A+4f8ZHs/TID 3jeGCbAgB6s+5rvJxD8rtpnQOUY+z6Mnnws/0Q9+X43p7MHf9NoaM2dym44pWB55Drlz NI/qY6F0CKV+0ephIxapCkMfarr25hWrexFpKMYcnFQPa5OZfQd6z3mLoVzWAPDCvYM0 MdOplUDeD7tzccCP8cgZ8RQGn3/46v3Vel/ZdMwvRcSFrFcSEoty3AZqRZ0sBd+sxguo jO2i/SmTN8LVKf1jwuTjMfih6dTrmtKkGUDYxUncp+j9jLpvo3G23q5UqAD+bHePIuow QS/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=OYCrQY+vD5Zhy3XYtfstQ901gmXcf6Fa7FD0xvyG1mA=; b=RG14wwWPrE2IalJSotxKA1bIEdPF6PTQX4s5x92naC/F9Y1qvb2jaff4faz1I6jpfk s4uTs93M/6vS80ar/GuebSvTRc+WbsqosOAwj1vKZWWMh6LbV491SDsIGVDOdzPX6CjD CF7I5tPI0ZhiZa27JYy7U18Og/GJ1HJUdDQEGGUPwZ8OTzta0wRqRXriu7RMDnPUrTHe ZIdmL0n/ZxP6fvFnBgTeZ++/puir3gj165+Rlie7DAzbmXPIIRn/B8OeWtI0wxl2MSem TR/huUzZQ4DFSjJ13E+NL8p9OimvgfmmiupwaYQojyYWfWZwA9FF+s3rUhyh7nwT8idT plPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@philpotter-co-uk.20221208.gappssmtp.com header.s=20221208 header.b=WkXEayk0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l72-20020a63914b000000b00543ed2931d2si3991714pge.456.2023.06.15.16.47.56; Thu, 15 Jun 2023 16:48:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@philpotter-co-uk.20221208.gappssmtp.com header.s=20221208 header.b=WkXEayk0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234203AbjFOXb5 (ORCPT + 99 others); Thu, 15 Jun 2023 19:31:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232793AbjFOXb4 (ORCPT ); Thu, 15 Jun 2023 19:31:56 -0400 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B625F171F for ; Thu, 15 Jun 2023 16:31:54 -0700 (PDT) Received: by mail-lf1-x133.google.com with SMTP id 2adb3069b0e04-4f76a4c211dso3269011e87.3 for ; Thu, 15 Jun 2023 16:31:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=philpotter-co-uk.20221208.gappssmtp.com; s=20221208; t=1686871913; x=1689463913; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=OYCrQY+vD5Zhy3XYtfstQ901gmXcf6Fa7FD0xvyG1mA=; b=WkXEayk061Kdw3iPzXlRwePQmWd2w33QCzircznXEC0Xx0IC+D9GzBjbBVkK4jKq2q nfdE6tqVk/Gikz2CP+Thg4Q1DCawjcIr2SSaIclxQg+u0CPecJ/NTczT8BeRY3Dk/dET d+oQ293TtRZuAOMXp7I2K/t+PBKNmWMkHPNwSfQxviqsRH1vq9CtH5sao+riq5IN72c2 /hxRKvTivMHKM90GmVp55bdLn7HnYcurm+je0mswz7Q26LMaedh8OnB1pKXpvjiFzHFA VYCVsmKzS3cipmmpHO02zO/oLBb3sQX5JWLKG0tEN13r+/hXo5JhvCj1IVf2tFlbKxq7 POfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686871913; x=1689463913; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=OYCrQY+vD5Zhy3XYtfstQ901gmXcf6Fa7FD0xvyG1mA=; b=f7hvpEJUT35MrzMb4V2Om+CFDh3BL7zRHMxdDIBz2pv7bRNLwcAWCTdvYQxDQ+BzGd 3CDPrI0Zdl5s4XRxBWLXvF67eNXT26efaYip7qxaQPGt2oCU7fH7nOp3g0pTDvWa5j9K sC5g/NMhxyuFP1N8W2/t+qE2nXLev8FPq/+IcKj22G2Ga1AimB30x6pSVnVMtGWpvAiP YYzrtYCooNZq9UV1DiI/9G6M2nha4g9+IerXv1r8/yfXWkH0crPXNTRRtOS9QTxe69ZT WgObpVPJqduBS0vRzrbI5sWrWy2+cbO9EXi47+R/ItLE9S98EnV8q18fySkZyTGLT1B+ O81Q== X-Gm-Message-State: AC+VfDwZgLdxaZogPC9jSdoTmtjYCfm7Gtohmrshsk73hdjDva8BVilb ZyACH4uUWKE8Xnkj1b0vxfU2+A== X-Received: by 2002:a19:8c44:0:b0:4f6:2c03:36b0 with SMTP id i4-20020a198c44000000b004f62c0336b0mr104795lfj.26.1686871912504; Thu, 15 Jun 2023 16:31:52 -0700 (PDT) Received: from equinox (2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.1.e.e.d.f.d.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:dfde:e1a0::2]) by smtp.gmail.com with ESMTPSA id 12-20020a05600c028c00b003f736735424sm435340wmk.43.2023.06.15.16.31.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jun 2023 16:31:51 -0700 (PDT) Date: Fri, 16 Jun 2023 00:31:50 +0100 From: Phillip Potter To: pawan.kumar.gupta@linux.intel.com Cc: linux-kernel@vger.kernel.org, jordyzomer@google.com, linux-block@vger.kernel.org Subject: Re: [PATCH v2 1/1] cdrom: Fix spectre-v1 gadget Message-ID: References: <20230612110040.849318-1-jordyzomer@google.com> <20230612110040.849318-2-jordyzomer@google.com> <20230615163125.td3aodpfwth5n4mc@desk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230615163125.td3aodpfwth5n4mc@desk> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 15, 2023 at 09:31:25AM -0700, Pawan Gupta wrote: > On Mon, Jun 12, 2023 at 11:00:40AM +0000, Jordy Zomer wrote: > > This patch fixes a spectre-v1 gadget in cdrom. > > The gadget could be triggered by, > > speculatviely bypassing the cdi->capacity check. > > > > Signed-off-by: Jordy Zomer > > --- > > drivers/cdrom/cdrom.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c > > index 416f723a2dbb..ecf2b458c108 100644 > > --- a/drivers/cdrom/cdrom.c > > +++ b/drivers/cdrom/cdrom.c > > @@ -264,6 +264,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -2329,6 +2330,9 @@ static int cdrom_ioctl_media_changed(struct cdrom_device_info *cdi, > > if (arg >= cdi->capacity) > > return -EINVAL; > > > > + /* Prevent arg from speculatively bypassing the length check */ > > + barrier_nospec(); > > On a quick look it at the call chain ... > > sr_block_ioctl(..., arg) > cdrom_ioctl(..., arg) > cdrom_ioctl_media_changed(..., arg) > > .... it appears maximum value cdi->capacity can be only 1: > > sr_probe() > { > ... > cd->cdi.capacity = 1; > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/scsi/sr.c?h=v6.4-rc6#n665 > > If we know that max possible value than, instead of big hammer > barrier_nospec(), its possible to use lightweight array_index_nospec() > as below: > ... Hi Pawan and Jordy, I've now looked at this. It is possible for cdi->capacity to be > 1, as it is set via get_capabilities() -> cdrom_number_of_slots(), if the device is an individual or cartridge changer. Therefore, I think using CDI_MAX_CAPACITY of 1 is not the correct approach. Jordy's V2 patch is fine therefore, but perhaps using array_index_nospec() with cdi->capacity is still better than a do/while loop from a performance perspective, given it would be cached etc. at that point, so possibly quicker. Thoughts? (I'm no expert on spectre-v1 I'll admit). Regards, Phil