Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Jan 2018 16:15:12 -0800
From: Tony Luck <>
To: Linus Torvalds <>
Cc: Dan Williams <>, 
	Linux Kernel Mailing List <>, Mark Rutland <>,, Peter Zijlstra <>, 
	Alan Cox <>, Will Deacon <>, 
	Alexei Starovoitov <>, Solomon Peachy <>, "H. Peter Anvin" <>, 
	Christian Lamparter <>, Elena Reshetova <>, 
	"" <>, Andi Kleen <>, 
	"James E.J. Bottomley" <>, Linux SCSI List <>, 
	Jonathan Corbet <>, "the arch/x86 maintainers" <>, Russell King <>, 
	Ingo Molnar <>, Catalin Marinas <>, 
	Alexey Kuznetsov <>, 
	Linux Media Mailing List <>, Tom Lendacky <>, 
	Kees Cook <>, Jan Kara <>, Al Viro <>,, Thomas Gleixner <>, 
	Mauro Carvalho Chehab <>, Kalle Valo <>, 
	Alan Cox <>, "Martin K. Petersen" <>, 
	Hideaki YOSHIFUJI <>, Greg KH <>, 
	Linux Wireless List <>, 
	"Eric W. Biederman" <>, Network Development <>, 
	Andrew Morton <>, "David S. Miller" <>, 
	Laurent Pinchart <>
Subject: Re: [PATCH v2 00/19] prevent bounds-check bypass via speculative execution

On Thu, Jan 11, 2018 at 5:19 PM, Linus Torvalds
<> wrote:
> Should the array access in entry_SYSCALL_64_fastpath be made to use
> the masking approach?

That one has a bounds check for an inline constant.

     cmpq    $__NR_syscall_max, %rax

so should be safe.

The classic Spectre variant #1 code sequence is:

int array_size;

       if (x < array_size) {
               something with array[x]

which runs into problems because the array_size variable may not
be in cache, and while the CPU core is waiting for the value it
speculates inside the "if" body.

The syscall entry is more like:

#define ARRAY_SIZE 10

     if (x < ARRAY_SIZE) {
          something with array[x]

Here there isn't any reason for speculation. The core has the
value of 'x' in a register and the upper bound encoded into the
"cmp" instruction.  Both are right there, no waiting, no speculation.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ