Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Jan 2018 10:18:53 -0800
From: Linus Torvalds <>
To: Jann Horn <>
Cc: Dan Williams <>, kernel list <>, 
	linux-arch <>, 
	Kernel Hardening <>, 
	Catalin Marinas <>, "the arch/x86 maintainers" <>, 
	Will Deacon <>, Russell King <>, 
	Ingo Molnar <>, Greg Kroah-Hartman <>, 
	"H. Peter Anvin" <>, Thomas Gleixner <>, 
	Andrew Morton <>, Alan Cox <>
Subject: Re: [PATCH v4 02/10] asm/nospec, array_ptr:
 sanitize speculative array de-references

On Fri, Jan 19, 2018 at 2:20 AM, Jann Horn <> wrote:
>> +                                                                       \
>> +       __u._ptr = _arr + (_i & _mask);                                 \
>> +       __u._bit &= _mask;                                              \
> AFAICS, if `idx` is out of bounds, you first zero out the index
> (`_i & _mask`) and then immediately afterwards zero out
> the whole pointer (`_u._bit &= _mask`).
> Is there a reason for the `_i & _mask`, and if so, can you
> add a comment explaining that?

I think that's just leftovers from my original (untested) thing that
also did the access itself. So that __u._bit masking wasn't masking
the pointer, it was masking the value that was *read* from the
pointer, so that you could know that an invalid access returned
0/NULL, not just the first value in the array.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.