Date: Thu, 11 Jan 2018 21:38:18 -0800 From: Dan Williams <dan.j.williams@...el.com> To: James Bottomley <jejb@...ux.vnet.ibm.com> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, linux-arch@...r.kernel.org, "Martin K. Petersen" <martin.petersen@...cle.com>, linux-scsi <linux-scsi@...r.kernel.org>, kernel-hardening@...ts.openwall.com, qla2xxx-upstream@...gic.com, Thomas Gleixner <tglx@...utronix.de>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Elena Reshetova <elena.reshetova@...el.com>, Alan Cox <alan@...ux.intel.com> Subject: Re: [PATCH v2 17/19] qla2xxx: prevent bounds-check bypass via speculative execution On Thu, Jan 11, 2018 at 5:19 PM, James Bottomley <jejb@...ux.vnet.ibm.com> wrote: > On Thu, 2018-01-11 at 16:47 -0800, Dan Williams wrote: >> Static analysis reports that 'handle' may be a user controlled value >> that is used as a data dependency to read 'sp' from the >> 'req->outstanding_cmds' array. > > Greg already told you it comes from hardware, specifically the hardware > response queue. If you don't believe him, I can confirm it's quite > definitely all copied from the iomem where the mailbox response is, so > it can't be a user controlled value (well, unless the user has some > influence over the firmware of the qla2xxx controller, which probably > means you have other things to worry about than speculative information > leaks). I do believe him, and I still submitted this. I'm trying to probe at the meta question of where do we draw the line with these especially when it costs us relatively little to apply a few line patch? We fix theoretical lockdep races, why not theoretical data leak paths?
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ